Do You Know This About Cybersecurity?

Cybersecurity

Cybersecurity is in the news almost weekly. Unfortunately, the number of threats is increasing. The sophistication of the attacks is growing. Individuals, businesses (large and small), and governments are under attack. Here are some basics.

For example, Colonial Pipeline, which carries gasoline, diesel and jet fuel from Texas to New York, was recently hacked in a high-profile ransomware incident. Another case involves SolarWinds. An NPR investigation into that attack revealed "a hack unlike any other, launched by a sophisticated adversary intent on exploiting the soft underbelly of our digital lives: the routine software update."

WHY should you care? The problem is huge, changing quickly, complex, and expanding. It impacts everyone and every organization. In a 2019 CEO Imperative Study by Ernst & Young, CEOs of the largest 200 global companies rated national and corporate cybersecurity as the number one threat to business growth and the international economy in the next 5 to 10 years.

 

According to McAfee, the global computer security software company, "Annual losses from cybercrime range from $500B to $1T and are projected to rise to $5T by 2024."

 

According to the Federal Bureau of Investigation, "There are 4,000 ransomware attacks every day."

 

According to The Center for Strategic and International Studies, a Washington think tank, and McAfee, "Sixty-four percent of Americans have lost personal data or had fraudulent charges due to cybercrime."

WHAT to do about it? The National Association of Corporate Directors in Cyber-Risk Oversight 2020 recommends five core principles that companies and their directors need to address:

 

Risk. Recognize cybersecurity as a strategic enterprise risk, not just an IT risk.

 

Legal. Understand that cyber risks have legal implications.

 

Expertise. Ensure there is adequate access to cybersecurity expertise and discuss risk management regularly.

 

Framework. Set expectations that management will establish an enterprise-wide, cyber-risk management framework with staffing and budget.

 

Financial Exposure. Identify and quantify the financial exposure for cyber risks and which risks to accept, mitigate, or transfer through insurance coverage and /or specific plans.

TAKE ACTION now as an Individual

 

Use complex passwords. The longer and more complex the better.

 

Update your devices so they have the latest security features and patches.

 

Don't open unsolicited emails and don't click on phishing links or buttons, no matter how realistic they may appear.

 

Back-up devices and systems regularly. When was the last time you did a back-up of your data? How much data can you afford to lose?

 

Protect your devices and Internet connections. Do you have anti-virus and anti-malware protection on your devices? Are you using two-factor authentication? Do you use a Virtual Private Network (VPN)?

TAKE ACTION now as a Business (from Cyber-Risk Oversight 2020)

 

Do you have an Incident Response Plan? Establish one now.

 

How is personally identifiable information (PII) safeguarded domestically and internationally? What other standards (e.g., HIPAA) must you comply with in your industry and how are you addressing them?

 

Which third parties have access to your systems and what controls are placed on them?

 

How do you manage and control your core security infrastructure? What defenses do your Internet gateways have? Do you use two-factor authentication? Do you allow anything in your network to talk directly to the Internet? How are you protecting and backing up your data?

 

Do you have an insider threat program? Do you employ a data-leak prevention product?

SUMMARY

Cybercrime is a big and growing risk. To protect yourself and your business, consider people, processes, and technology. Address the core principles of risk, legal, expertise, framework, and exposure. Make sure you have the right expertise to provide oversight. Take action now to protect, defend, and deflect.

Theresa M. Szczurek, Ph.D.
C-Level Global Executive, Corporate Director, and Colorado CIO of the Year

Copyright 2021 Theresa Szczurek.  All rights reserved.  


Good Leadership and Science Matter in a Pandemic

In the challenging times of this pandemic, Coloradans have received the best from two leading medical doctors, both of whom happen to be female. That's why the Business and Professional Women (BPW) of Colorado just named them 2021 Women of the Year. Congratulations and thank you to:

Dr. Rachel Herlihy, MD, MPH, State Epidemiologist and Communicable Disease Branch Chief, Colorado Department of Public Health and Environment. Dr. Herlihy is currently leading COVID-19 surveillance, case investigation, and outbreak response activities for the State of Colorado.
 
Dr. Michelle Barron, MD, Senior Medical Director, Infection Prevention and Control at UCHealth. Dr. Barron has led the charge against infectious diseases including the H1N1 flu pandemic in 2009 and Ebola in 2015. Since January 2020 and the beginning of the COVID-19 pandemic, she has worked around the clock with fellow leaders to protect patients, staff and providers across UCHealth.

During a virtual celebration on April 28, 2021, these two medical doctors shared some important lessons learned and words of wisdom.

Dr. Herlihy shared:

DATA DRIVES POLICY. It's a process: ask questions, go to the data, answer questions, and use this information to drive policy. We lacked a data infrastructure. We have a patchwork of systems. With funds coming in, we can build a robust informatics / data infrastructure.
PEOPLE MATTER. This pandemic requires all hands on deck. My organization grew from 50 to 450 people in a few months. We can be very proud and trust the team. We meet every day, two times per day for 30 minutes in morning and afternoon.
TEAMS WORK HARD. We found new leaders. We built a team, which never met face-to-face. We worked remotely and found ways to come together, communicate, and share. Together we tried to reduce the stress. Good leadership is an example.
COLLEAGUES GAVE SUPPORT. Collaboration came from local public health leaders, Colorado School of Public Health, the Governor's Office and others in the state, and so many more.
VACCINES ARE TO BE TRUSTED. The vaccine trials typically have three phases. To bring the COVID-19 vaccine to market faster they overlapped the phases. They did not cut corners. This approach will be used going forward.

Dr. Barron shared:

GOOD SCIENCE MATTERS. Media wants a headline and wants you to just watch, which led to distrust of good science. Be careful of what you watch.
HAVE CONFIDENCE. Remember FDR's quote, "There is nothing to fear, but fear itself." Imagine how the world will be if we are not afraid.
WE KNOW ENOUGH TO HELP PEOPLE. We are more prepared than most knew. We did a lot right. Past pandemics, such as H1N1 and Ebola, taught us where to improve so we don't struggle with pandemics.
MENTAL HEALTH IS SO IMPORTANT. We all need access to help sometimes. Debriefing on a daily basis can release what happened. When you get home, listen to your breath.
VACCINES ARE BUILT ON DECADES OF RESEARCH. Known to colleagues as Kati, Katalin Kariko, Ph.D. has emerged as one of the heroes of COVID-19 vaccine. Her work, with her close collaborator, Dr. Drew Weissman of the University of Pennsylvania, laid the foundation for the stunningly successful vaccines made by Pfizer-BioNTech and Moderna. "Science builds on science," Kariko says. "We always built on the people who came before us, and people will use our data. Of course, everything was important that those people did. I would hug them if I could."

Conclusion

Good leadership and good science both matter during troubled times. It is a pursuit of passionate purpose. More pandemics are forecast. People and teams are important collaborators. We are preparing the data infrastructure. Lessons learned:  We know what to do, data drives policy, mental health is important, vaccines are safe and build on decades of research, and be confident,  

by Theresa M. Szczurek, Ph.D.  @2021 copyright.  All rights reserved. 


A Proposal to Deliver "Technology in Government" Excellence

Excellence
We'll explore how the federal government can strengthen its own internal operations by leveraging innovation and technology lessons.

The Innovation Vision

The Biden vision is to make America the global innovation leader through steps such as:

Lead the world again in innovation by investing $300B in R&D.
Increase federal support for municipal broadband.
Fund clean energy R&D and prioritize carbon capture, utilization, and storage technology.
Insure proper technology for national cybersecurity and Health IT.
Direct entrepreneurial and commerce competitiveness.

We've already seen important actions in Biden's first days to honor science and appoint credible leaders for important technology roles.

Furthermore, discussions are underway to address ways to improve U.S. overall competitiveness. These include: valuing and funding high-speed Internet access for all; supporting Made in America 5G communications and critical infrastructure technologies; allowing international STEM students to more easily study and get work visas in the U.S.; encouraging, expanding, innovating, and enforcing Buy American; protecting our intellectual property from international pirates; and many more.

However, federal government must strengthen its own internal operations by leveraging innovation and technology. Here is a proposal which builds on some good work already underway.

Five-Pronged Proposal for 'Technology in Government' Excellence

1. DRIVE A CULTURE OF INNOVATIVE GOVERNMENT

Innovation must be nurtured and implemented. Innovation will positively impact public, as well as private, sector organizations and help build a stronger and more competitive nation. Innovation delivers extraordinary results! The 'Pursuit of Passionate Purpose' approach has proven to deliver innovative IT transformation for the State of Colorado and many other organizations. Here's how.
Find passion. The intersection of values and talents describes Passion. Discern innovation as a core value. Include innovation in our envisioned future, as Biden has done. Bring along on our journey the proper people who can support innovation.
Establish a passionate purpose of customer delight by striving to meet and exceed customers' expectations. Define who the customer is. Build customer satisfaction. Then work to improve the user experience (UX) or customer experience (CX).
Pursue the purpose with all your heart and soul persistently until you make progress. Establish a plan. The mantra must be "Focus, Finish, and Fly." Less is more.
Assess progress. Define the right measure of success. Is it the number of innovations brought to market that deliver a positive Return on Investment. Is it the speed of delivering these innovations coupled with quality? Define and track it. Reward progress, regroup, and continue the pursuit by reaffirming passion in the first step.

2. COLLABORATE AMONG AGENCIES FOR CYBERSECURITY AND INFORMATION TECHNOLOGY TRANSFORMATION

Get the many agencies working together to set common goals, prioritize initiatives, establish policies, and enforce universal standards. Move from a federated model, where each agency operates independently, to more of a hybrid operating model, incorporating shared governance and economies of scale from appropriate centralized IT transformation.
Reignite the Federal CIO Council. Expand the CIO collaboration to include CIOs of smaller agencies and departments.
Collaborate between federal CIOs, state CIOs, and local CIOs. Involve NASCIO and other key organizations.

3. BUILD BACK TALENT

Focus on replenishing talent. During the prior administration, many technology experts left and were not replaced. People are the most important asset.
Build back the Office of Science of Technology Policy, the Office of the Federal CIO, as well as more expertise in the agencies.
Hire, fund, and empower Customer Experience Officers.
Stress diversity with more women and people of color.

4. FOCUS ON PROMISING TECHNOLOGIES THAT ARE EMERGING NOW

GE's Global Innovation Barometer and Insights find that 95 percent of respondents say innovation is the primary way to make a nation's economy more competitive. The findings show that most leaders realize that unless they disrupt, they will be disrupted.
Explore new technologies that can provide breakthroughs in attaining government objectives and improving security. Study trends of emerging technologies that have great potential to transform. Surveys of top CIOs prioritized cybersecurity and risk management platforms; digital government frameworks with mobility, artificial intelligence (AI), and accessibility; cloud strategy; customer relationship management; data management and analytics, and more. Launch pilot programs and experiment. Succeed fast or fail fast.
Allocate budget for novel solutions and emerging technologies. Use an agile budgeting and development approach, yet include 'divide and conquer' project methodologies that can deliver valuable outcomes.
Modernize legacy platforms and applications to enhance capabilities, reduce costs, simplify support, and improve user experience and performance.
Stimulate digital transformation within all parts of the federal government and in private sectors. Use new approaches to make it easier and more efficient for people to interface with government. Learn lessons from the pandemic about turning up new systems and serving users on a fast schedule.

5. BE THE ENTREPRENEUR

An entrepreneur organizes, manages, and assumes the risks of a business or enterprise. Entrepreneurs, in the purest sense, are those who identify a need — any need — and fill it. Phil Weiser, State of Colorado Attorney General, says "a core failing of today's administrative state... is the lack of imagination as to how agencies should operate. In reality, however, effective administration depends on entrepreneurial leadership that spearheads policy experimentation and trial-and-error problem-solving, including the development of regulatory programs that use non-traditional tools." We need to:
Build into the federal IT culture the permission to imagine, experiment, and incubate.
Support and fund government technology incubators.
Hire proven entrepreneurs and train internal leaders to take on their winning traits.
Pursue strategic partnerships with entrepreneurial ventures, including public / private partnerships like the one that delivered the U.S. Digital Service.

Conclusion

There is a need to focus in order to achieve the vision of American as the global innovation leader. Five focus areas to build back better technology in government include: drive a culture of Innovative Government, collaborate at the federal, state, and local areas on cybersecurity and IT Transformation, replenish talent, focus on technologies of the future now, and be the entrepreneur. Let's play and have fun with technology. Let our creativity and imagination flow. As Einstein said, "Imagination is more important than knowledge."