creating a “culture” of cybersecurity robin “montana” williams director, national...
TRANSCRIPT
Creating a “Culture” of Cybersecurity
Robin “Montana” Williams
Director, National Cybersecurity Education Office
National Cyber Security DivisionJune 26, 2012
1
2
“My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will
instead have this death of a thousand cuts. Where we lose our competitiveness by
having all of our research and development stolen…”—Richard Clarke, former White House Cyber Czar
THE WORLD WE LIVE IN!!
3
• Cybercrime is a global epidemic—now exceed narco-drug trafficking
• 2/3 US businesses are Internet dependent
• 8 out of 10 think they are safe from cyber threats, yet 80% do not have formal security policies in place
• Average cost of a cyber attack on a small business is $188K
• 60% of small business close within 6 months of an attack
• 55% of the nation’s workforce is employed by small business
Sources: SBA, Symantec, National Cyber Security Alliance & Zogby Int”l
A “CULTURE” OF CYBERSECURITY…
4
1. Awareness
2. Cultural Analysis
3. Responsibility
4. Education & Training
Every man's ability may be strengthened or increased by culture—John Abbott—Prime Minister of Canada
AWARENESS IN CYBERSPACE
5
Know the Threat
Criminal
Competitor
Country
Know your SWAG (valuables)
Technology
Research
Resources
Know their Tactics
Phishing—Social Engineering
Exploiting vulnerabilities
ORGANIZATION CULTURAL ANALYSIS (CA)
6
1. Values—Espoused vs. Actual
2. CA—the difference between values
a. Integration
b. Differentiation
c. Fragmentation
"Company cultures are like country cultures. Never try to change one. Try, instead, to work with what you've got.“ —Peter Drucker—Management Consultant
RESPONSIBILITY IN CYBERSPACE
7
STOP—THINK—CONNECT Establish and ensure compliance with a company internet policy
Force employees to change passwords < 90days DO NOT allow personal software or hardware on organizational networks
Password protect computers, communications and critical data—use complex passphrases (F00tJan01ba!!#1)
DO NOT open emails or attachment from strangers
Encourage the Reporting of suspicious activity
EDUCATION & TRAINING
8
COMPONENT 1: NATIONAL
CYBERSECURITY AWARENESS
DHS
COMPONENT 2:
FORMAL CYBERSECURITY EDUCATION
NSFDOED
COMPONENT 3:
CYBERSECURITY
WORKFORCE STRUCTURE
DHS
COMPONENT 4: CYBERSECURITY
WORKFORCE TRAINING AND
PROFESSIONAL DEVELOPMENT
DHSODNIDOD
NICS Portal
NATIONAL CYBERSECURITY FRAMEWORK
9
The Framework, released in 2011, outlines 31 functional work specialties within the cybersecurity field and is the foundation of the effort.
The Framework was developed in collaboration with subject matter experts from government, non-profits, academia, and the private sector.
The Framework organizes cybersecurity into seven high-level categories, each comprised of several specialty areas.
The Framework has been broadly accepted as a best practice to define the cybersecurity field.
NATIONAL INSTITUTE FOR CYBERSECURITY STUDIES (NICS) PORTAL
10
Serve as the Nation’s online resource to learn about cybersecurity awareness, education, careers, and workforce development opportunities.
The portal’s vision is to elevate cybersecurity awareness and affect a change in the American public to adopt a culture of cyberspace security.
NICS will be an online community for cybersecurity professionals and others to gain knowledge related to their field.
The Portal will be steered by an Advisory Board to provide guidance on cybersecurity awareness, education, careers, and training.
Summary
11
1. The World We Live In
2. A Culture of Cybersecurity
a. Awareness
b. Responsibility
c. Education & Training
3. Resources
a. National Cybersecurity Workforce Framework
b. National Institute for Cybersecurity Studies Portal
DHS Cybersecurity EducationContact Information
12
For more information, please contact:
Robin “Montana” WilliamsDirectorNational Cybersecurity Education & Workforce DevelopmentNational Cyber Security Division703-235-3945 (Office)571-512-1095 (BlackBerry)[email protected]