My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
Power point inglese - educazione civica di Nuria Iuzzolino
NCSAM = Cyber Security Awareness Month: Trends and Resources
1. National Cyber Security
Awareness Month 2014: Major
trends and resources
Stephen Cobb, CISSP
Security Researcher, ESET NA
2. National Cyber Security Awareness
Month
• Happens in October
• This is the 11th year
• A coordinated series of events
• A useful way to look at cyber security
• An official theme each year
• Other themes emerge
Follow
hashtag
#NCSAM
3. Question #1
Is your organization doing anything
special for National Cyber Security
Awareness Month?
Yes
No
I’m not sure
I don’t work for an organization
5. #NCSAM in 2014
• Official theme:
– Our shared responsibility
• Other themes emerge:
– The Internet of Things
– Security Standards
– STEM and the cyber workforce
– A wealth of resources
6. The Internet of Things
• Trade and Industry
• Health and Healthcare
• Infrastructure
• Homes and Cars
• IoT glossary and acronym soup:
– Sensors, GPS, RFID, WNS, LRCD, ICLR,
SDR, Wi-Fi, BlueTooth, Zigbee, Z-Wave
7. IoT: THE INTERNET OF THINGS
Trade and
Industry
Health and
Healthcare
Homes
and cars
Infrastructure
Track vehicles
and goods,
enable smart
factories,
improve supply
chain logistics
Monitor critical
systems, alert,
balance loads,
enable smart
grid efficiency
Diagnose remotely,
monitor patients,
deliver medication
What things?
smartphones,
smart watches,
wearables,
sensors, smart
appliances, smart
cars, medical
devices, drones,
network cameras
Protect, monitor,
control, entertain
What can IoT do? Monitor, warn, alarm, control, inform,
communicate, entertain, track, enable, treat, respond, enable
8. What’s the awareness aspect?
• The IoT is happening now
• Early indications are that security and
privacy are not top of mind with many
makers or users
• A chance to get
security baked
in rather than
added later
• And temper
expectations
9. Security Standards
• Looks like we have a winner:
– NIST Cybersecurity Framework
– www.nist.gov/cyberframework
• A voluntary framework for reducing cyber
risks to critical infrastructure
• And the rest of cyberspace as well
• May be a “reasonableness test”
• Default standard of due care
10. STEM and the cyber workforce
• Securing all this stuff is going to take a lot more
skilled people than we have on hand right now
• Steps are being taken to increase the supply of
cyber skilled people
• Areas of discussion:
– Professional certification vs. college
– Better human resource management
– Vets, women, minorities
– Immigration
11. Question #2
Does your organization have difficulty
finding the computer security expertise it
needs?
Yes
No
Not sure
I don’t work for an organization
12. A wealth of resources
• National Initiative for Cybersecurity
Education (NICE)
• Cybersecurity Lesson Plans
• Cybersecurity Internship Program
• National Initiative for Cybersecurity
Careers and Studies (NICCS)
– niccs.us-cert.gov
• And that’s just on workforce development
14. Official NCSAM Theme:
Our shared responsibility
Each and every one of us needs to do
our part to make sure that our online
lives are kept safe and secure. That's
what National Cyber Security Awareness
Month—observed in October —is all
about!
16. Individuals
• Check your cyber hygiene
– Password protection, backups, privacy
settings, mobiles, laptops, tablets, etc.
• Talk cyber with parents, kids, friends…
• stopthinkconnect.org/tips-and-advice
17. Companies
• A good time to have everyone read the
company security policies and
procedures
• Awareness and education days
• Use free materials, competitions,
volunteer
18. Government
• Local
– Mayor’s office
– City IT
• Regional & State
– MS-ISAC
– State Cyber Task Force
• National
– NIST, DHS, FBI
• International
– More resources please!
– Cooperation between nation states
19. Communities
• Businesses
• College Administrators
• Community-Based
Organizations
• Faith-Based Organizations
• Home Users
• K-12 Administrators
• Libraries
• Local governments
• Local law enforcement
• Teachers
20. Communities
• A community example of “Our
Shared Responsibility”
• Securing Our eCity
• Greater San Diego area
• Non-profit organization
• Volunteers and donations
• Public/private cooperation