 Make no mistake this world cyberspace is a world that we depend on every single day It's far bigger than just the little thing. We used to call the internet. There's so much more to worry about today. I Could steal money from a bank 10,000 miles away I don't actually have to go on a plane get a passport get a visa go rob a bank someplace. I have reached now It's all about the data it always comes down to the data They're there to steal your money, but they're also there to turn up interesting corporate secrets or government secrets We're also seeing bad guys start to go after These other non-traditional devices and so might be a tablet or a mobile phone or smart phone Get angry about the fact that crime is happening there get involved and say that's not acceptable and not be shy Cyber space is real if somebody wakes up in the morning So are the risks that come with it and they have the time the money the skill and the inclination to purchase It's the great irony of our information age. There's not a lot you can do to defend against that your odds of getting Caught or far less than 1% if you're committing a cyber crime Cloud actually has great potential to improve security and privacy in a way that wasn't possible before I see Cloud computing as an opportunity to really raise the bar overall make no mistake. This world Cyberspace is a world that we depend on every single day Hello, and welcome to protecting cyberspace. I'm Lily Wyatt with the governor's office of emergency services Nothing has changed the world as dramatically and quickly as the internet has a decade ago Only information technology experts would talk about information warfare It wasn't a topic that anyone knew it involved using computers in the internet as weapons much of it is still theory But we were told that before too long It might be possible for a hacker with a computer to disable critical infrastructure in a major city and disrupt the central services still millions of dollars from banks And sabotage the systems all over the world Today, that's not only possible. It's actually happening plus a lot a lot more. We don't even know about That's why President Obama has made cyber war defense a top national security We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy And that's why earlier today I signed a new executive order that will strengthen our cyber defenses by increasing Information-sharing and developing standards to protect our national security our jobs and our privacy This this Senate Commerce actually Committee unanimously approved the bill back in July all of our systems today from power to water government and other industries depend on computerized switches on networks and they're all at risk if an Arbitrary work to get in they could essentially destroy those components today We're going to talk about that very crucial issue in the world with three government officials who are part of the california cyber security task force if you have any concerns about this topics or if For if you're if for any of our guests rather Please email us at questions at Cali MA that ca that GOV or even yet join the conversation via Facebook and Twitter We have a lot of talent and knowledge in this subject in this room this morning first We're happy to welcome Michelle Robinson to start us off She's the state security officer with the California Department of Technology and assist us in assistant coordination of the California Cyber Security Task Force. Thanks for joining us today. Thank you for having me Lily So we're gonna start with what President Obama said most people aren't aware that there's a cyber security bill in Congress Are you aware of this bill and what's his intent? Sure? I believe the bill is referred to as a cyber security act of 2013. It was introduced by senators Rockefeller and Thune And it proposes to focus on four key areas of cyber security protection Well, the first being ongoing voluntary public private partnership in the development of Cyber security standards and best practices to reduce risk in the area of critical infrastructure Secondly it proposes to strengthen Cyber security research and development programs and strengthen programs such as cyber defense Competition programs that support cyber security workforce development. And then finally it's proposing to promote greater public awareness and Preparedness in the area of cyber security. That's awesome And now is the legislation and funding or is there legislation and funding that may improve cyber security efforts? Absolutely sure and the the Rockefeller Thune bill is an example of Such legislation if successful would help improve cyber security efforts So a funding and investment are a really important topic critical to improving cyber security efforts And not just at the federal level so Department of Homeland Security Preparedness Grant allocation for 2013 totaled more than 1.5 billion to assist state tribal and territorial governments as well as Non-profits and private sector so However, I think it's important that we be cognizant that these funds are not necessarily an ongoing Allocation we can't rely on them to be an ongoing thing. There are limitations to their use So they may allow us to conduct research and even secure products which help us mitigate risk But efforts initiated with those funds often will require some ongoing Investment in personnel to maintain and sustain those programs and products and solutions So what is your role with the California cyber security task force and what has been accomplished so far? So my role is to assist with the planning and overseeing the efforts of the task force and its subcommittees We've formed seven subcommittees that are working on specific objectives Which are aligned with the the objectives in the legislation To improve cyber security. Oh, that's wonderful. Now attacks are usually evolving. What are cyber criminals after? Can you explain? Sure Cyber criminals are after money or data that can be sold for money Interlectual property such as trade secrets state secrets and really in that area They're looking for information that's going to give them some sort of a military political and or economic advantage So as an example For our state government entities or local government entities Procurement officials may exchange in dialogue via email regarding Upcoming procurements and opportunities for competitive bids and so Cyber criminals may be looking for that type of information as well. I see now. What is the cyber security environment right now? Excuse me Pretty concerning right now Challenging I'll say challenging if we consider the types of media unfortunate events that we're hearing about and learning about today It's really challenging. You know, you think about the types of active shooter type scenarios that we're seeing and hearing about in the in the media What most people don't know is that our networks are under the same type of attacks On a daily basis. And so our unsung heroes are those it professionals who are working day in and day out to protect the networks from Successful attacks. Now see you say that it's it's really concerning However, when we asked the general audience what their concern is they really don't think there is that much to worry about Can you explain? Sure. Um, you know, so one study Did show that 61 percent Of individuals who responded to the survey felt that National security was a concern of theirs. Whereas 27 percent felt Only felt, you know corporate security wasn't as much of a concern. So Age does make a difference though. My understanding in that survey is that those that are 18 to 20 year olds They were less concerned only 20 of those said they cared about national security So there's a big difference there And I think the need for awareness in how those younger individuals may be directly impacted by cyber security events And I have one last question What could compromise the systems as we improve really to To make the systems better as we digitize. Are we more prone to threats? Um I would say yes, absolutely. However, based on incident data Incidents reported to us at the state level, you know paper records with personal information Are just as problematic and just as risky as if if that data were digitized Um, you know, some might even say more so because you can't encrypt paper records, right? Um In any case, you know a failure to assess risk and consider Um Consider security and privacy concerns up front in the design of systems whether they're digitized or manual Is critically important to making sure we're protecting that adequate and how do you feel? What is your take and this whole cyber security? Do you feel like, you know, we need to start educating our kids from when they're They start because right now any kid can actually get a cell phone And who knows he might be sending emails. So how do we how do we teach our kids? I have a three-year-old granddaughter who is very Proficient on my um smartphone. Uh, so yeah early education about the implications and direct impact to them from cyber security events Um, is critically important Yeah Well, margillor ducci the director of the california governor's office of emergency services co-chairs the california Cyber security task force that michelle and i are talking about He explains why more cyber security emergency preparedness needs to be created and what callow. Yes is doing to help We need to do everything we can to not only train and and make people aware of the threat but also to harden our systems In the way in in two ways one is the way our culture and the way we approach every day We sit down at the front of our computer. How do we do that? What are we doing to ensure that we are not making it easier for the criminals? And secondly by making sure that we harden our systems and put security measures in place that make it much much more difficult for intrusions to take place so what callow. Yes is doing as the as the You know the state's homeland security agency is is One we established a task force, which is uh, uh very unimparalleled You know task force of public private academic sectors To come together and talk about the threat and and and really leverage what we have in california You know, we've got silicone valley here. We've got some of the best universities here So we're bringing all these players together To talk about the threat and what we can do is a state To mitigate against it and then ultimately that will roll it up into the governor issuing An executive order guidance to the state and to the private sector on what we should do To ensure that we are as safe as possible With this increase of computer attacks sabotaging our system one of the biggest challenges is finding cyber warriors Bonnie beinstein actually Did an interview about this programs that they have in maryland. Let's take a look Today's global economy depends on secure and reliable computer networks The countless files of sensitive information stored on servers all over the world Serve as a fertile ground for cyber terrorism And with the university of maryland within a relative stone's throw of our nation's capital It's no wonder the subject is garnering attention from students and faculty Cyber security is a huge part of national security moving forward We do banking we control the electrical grid We control nuclear power plants and dams and gas pipelines with stuff that is accessible via the internet Maryland's been expanding its reach in this area through its innovative cyber security center It features programs that provide research to workers in an emerging field as well as integral partnerships And several years ago students created their own cyber security club and started going head to head with other universities Competitions really give the students a way to participate that really isn't available in the classroom The umd cyber security club has already made its mark in several national level competitions These serve as incredible opportunities for our students to harness the theory and skills They've mastered in the classroom and use them to defend real-time cyber attacks simulated by professionals We won Maryland's cyber challenge this fall We went to nationals for the collegiate cyber defense competition a couple years back We tend to do relatively well in most of the competitions that we go to I can tell that the team is learning a lot even in the competitions that we don't win It was kind of eye-opening learning just how easy it is to break into things And just how vulnerable so many things are According to wasser computer science courses tend not to emphasize cyber security And students are more consumed with creating the next great app than protecting their assets and information Even if the students aren't necessarily going into cyber security as a career It's still very important to know about because it's a very important thing to keep in mind as they're actually developing software Interest in cyber security is growing among umd students Particularly with the increased attention it's received at the national state and campus levels Well, that's in mariland, but you're if you're here in california There's actually the western conference Competition and uc in cal poly actually won first place this year So they're gonna go to the national conference that bonnie was referring to if you're here in california also many of the CSU uc and community colleges Offer cyber security courses and degree programs including the university of southern california and san josez state university We've got to mention that the us bureau of labor statistics says the number of information technology security roles in the us Will increase by some 22 in the next decade by 2020 creating more than 65 Five thousand new jobs. That's good news for the u.s economy Joining us now to share more on this fascinating subject are mitch madagavitch The cali oes deputy director of the district's management and michael cruce You're the acting information security officer here at calo es. Thanks for joining us this morning and for Educating me and the rest of us. Thanks lilly. So we're gonna start with Cyber security what it really means because there's a lot of people that that Think that is just cyber war and that that just makes it very You know just catastrophic and terrific cyber crimes cyber espionage. Can you explain a little bit more on the difference on all of those? subjects well You know, I think with cyber crime there's a big difference We're talking about the speed and anonymity of crimes that happen online and it's usually really hard to distinguish between the various different types And I think usually the easiest ways to define it is by looking at what is the threat with regards to Say public security versus national security And you look at your various actors that are involved with that and then you can also distinguish it by the funding they receive Whether that be a they're looking for trade secrets or state secrets as mentioned as michelle mentioned earlier and conceptualizing it I think really is Some of the key elements that really help you distinguish between the various types is really their motivation What are they looking for? What do they want? Obviously organized crime? They really have a focus on financials, you know getting money stealing money essentially um pilfering data for uh, essentially competing organizations or corporations I mean like mark had mentioned in the brief earlier, uh, you know, we have a lot of intellectual property in california other things is um hacktivists or activists As you mentioned really, you know, they want to influence public policy change public opinion And then of course, uh, a majority of the crimes are probably going to be perpetrated by lone wolves out there You know, uh, kitty scriptures things like that, but nowadays it's not very it's not very difficult for someone To perpetrate those types of cyber crimes and that's what really makes it difficult to distinguish that Say between all the other types of perpetrators out there And it doesn't take too long to make the people that are affected like when uh, google was hacked that you know The whole world was like what happened to google. So it doesn't have to be that big for it to cost um A sense of unease in the country now, mitch How can maybe a cyber attack cripple the u.s economy? well, I think cripples probably a strong word the nation's economy is very resilient and Certainly very robust What I would say though is that the economy is Can certainly be damaged through cyber and it poses a tremendous threat to the country Our nation is always prepared for armed aggression and armed threats And done so very well in that layered approach, whether it's through the department of defense then through the cia the fbi Customs and border patrol local sheriff pd and in that so on down to the individual user who's has an alarm on their house and has Maybe even self-protection But when you get into this we're almost cyber those same layers of defense are not necessarily as actively thought out Or as aggressively thought out particularly at the individual level And that's where we really need that that involvement from it. And so when We have losses from espionage when we have losses from banking when we have losses from intellectual property All of those contribute to the degradation of the economy. So You're not going to Unless you are actively involved you're not going to be able to to stop some of those actions from taking place and And ultimately that'll lead to Potentially somebody's loss of somebody's job Yeah, but see that's why it's so important to have the california cyber security task force that you guys have been a part of How is your task force helping strong information security practices? Well, I think first and foremost the task force is is raising awareness I think that's the most important thing particularly in california Is um, you know, one of the things that in fact just about two weeks ago three weeks ago. We actually held a naval postgraduate school executive Seminar that we held with all the various state agency Secretaries under secretaries directors and deputy directors which really elevated I think awareness of not only what the threat is but most importantly, how would we respond collectively as a state To to a cyber threat Now in this task force that there's not only government agencies, but also Private the private sector and educational sector. How are is everyone contributing? in the infrastructure protection Well, we have there's kind of a two-fold piece that's taking place Or one is you have private industry that is assisting us every day with technological advances and that Assist us both with a hardware and software and that implementation in their own Awareness campaigns and their own discussions and prompting the the same awareness that we're looking for from the public The other piece to that Comes from the individual companies or that we work with on critical infrastructure protection that come together and voluntarily Let us assess Discuss their their weaknesses that exist there and help them to develop a plan for improvement That's awesome. Now, how can we as individuals create a safer culture around technology and to cyber security? I think one of the things that's important is is really just educating not only yourself But but also your family your friends be Be skeptical. That's that's one thing. I think I try and and invoke with my family my wife To let them know that not everything is what it seems on face value So definitely be skeptical Be cognizant of what's out there. It's definitely It's not safe in some places. So so even There's simple little practices that you can do for example Don't use the same password that you use for your banking that you would use at work to log into your workstation Simple little things like that is important. So if you treat it your Your cyber realm this this this area the same way you treated your physical property You wouldn't leave your door open at your house. You wouldn't advertise You wouldn't leave your valuables in the car in plain sight for folks You have to take the same precautions in the cyber realm And how we get there to get that message out so that everybody treats it the same way with the same level of Seriousness is really the challenge. Now we just we're wrapping up October which is national cyber security awareness month. What have been the successes you think of this National campaign and and why do you think it's so important to have a month dedicated to cyber security? Well, just like I mentioned earlier, I I think raising awareness is really critical About how to protect yourself. I know this campaign's I think in its tenth year now It's successful I I think we Michelle from her office definitely does a very good job of encouraging all the various state Departments and agencies to take part in in in the actual campaign Which is great and we you and we here at the agency do a lot with trying to raise awareness we have our internal security awareness training that we push out and We actually use utilize posters to bring up awareness and so forth and and what's great is when I'm walking the halls I'm always approached and asked really, you know questions that I really want folks to ask me And you actually bring up a good point the in many sectors Maybe employees are not even aware that if they get an email it would be a phishing email But if they get an email with congratulations, you just want ten thousand dollars, you know Click on this link to claim it and there are still people out there that could click on that link Again, it's all about being skeptical if it's too good to be true It probably is now since you're in this task force and this is what you guys do for a living What is your real concern? What do you think is going to happen in five years? What are your hopes in this topic? That's a that's a tough one. What what are our hopes and dreams for for the cyber security task force or just Cyber in general for the cyber in general, you know, I'd like to say that I hope that that it doesn't take a 9-11 type event in the cyber world for us to take this seriously and Our hope is that through continued collaboration and continued partnership With all the various sectors in the task force, whether it be academic, tribal, our private industry, government at all levels Coming together so that we can bring that awareness so that we can Educate so that we can inform and that we can develop the the protocols To deal with a cyber event and to help to mitigate this threat Absolutely, and now speaking of the task force. It's a young task force. It's what a year old or less than a year Probably less less than a year. What have been the successes that you've experienced so far that you can say We're doing great. We're doing something to change the cyber security in california and all over the world I think one of the one of the successes right now the national institute of standards and technologies is currently developing a national strategic framework on how to Strengthen our critical infrastructure protection and that task force is a body that's actually going to be providing input On how that strategy is developed and and that's currently ongoing. So I for me I think that's a critical component of one of the successes right now Wonderful and and we are definitely leading the nation in this in this charge It's our intent and our hope to to shape the national discussion And and put california where it should be which is prominently in the forefront and and leading this effort Well, great. Thank you. Thank you for joining us and what we might not think that there is as I mentioned before An immediate and direct threat Uh to we need to stop and think this is real and the california advisor for the department of homeland security Marcela Ducci who works here at calo. Yes He explained what really keeps him up at night Actually, it's twofold one is for the economy of the state, you know a cyber espionage is becoming a bigger threat Foreign states that want competitive edges with california california bean One of the states that is the driver of the economy for the world. We've got more industry more innovation going on here Um That can that innovation that those those trade secrets those things that help are the engine of of the economy move forward Can be vulnerable to cyber espionage and so i'm very concerned about Foreign governments hacking in or even individuals even even national Here domestically uh criminals that that want to be able to get data banking information Trade secrets, etc taking that information and the second thing is Something much more broad and that is has to do with The concerns for for state actors or foreign governments wanting to commit some level of Cyber terrorism and and that is something where Through the the computer systems. There is a denial of service attack to Critical infrastructure systems like a skater system or something that controls our dams or our fuel system or You know something our communications telecommunications Impacting that those systems can have a devastating effect and and quite frankly a catastrophic effect If we cannot thwart them off so Those are the two areas from the standpoint of the security of our state Certainly after we have disasters in california Whether it be fires or earthquake the state is vulnerable and and that's also a period of time when we can be attacked so working with our counterparts at the private sector and with other law enforcement agencies throughout the state and of course with the fbi and the department of homeland security at the federal level We are working very diligently to build And harden our systems to ensure that that these foreign actors don't impact california that much brought up a good point that maybe those cyber criminals out there are Just waiting for that particular moment when our state or our nation is in a weak spot To target us. Can you elaborate on that? Yeah, I think um, you know those opportunities particularly for state sponsored criminals or or rogue states things like that It it does pose a threat and what makes it even more challenging is that here in california? Yes, we have mutual aid. We're very we're very responsive to earthquakes fires mudslides and things like that What's really challenging is how do you respond to a cyber event? It's not necessarily something that just happens on zero day. It can be something that occurs over weeks or months One thing that's really unique about california with regards to our response efforts is is the development of emergency functions As part of our state emergency plan and one of those functions Which is unique is efa team, which is strictly focused on cyber security, which michelle robinson is is the lead on that So the that's work that continues to evolve as we start figuring out our best methods on how would we How the state would respond to an incident where if it was a combined say attacked Masqueraded over say a natural disaster. So it's definitely something I think that the director had mentioned that keeps people up at night. It's It's definitely problematic Very similar cyber is a very unique challenge It's a very unique threat from anything else there. You're not going to see that that flame burning necessarily out there If we do in a fire or the flood waters rising or that hurricane approaching A cyber attack it can be masked can take weeks months and be ongoing And and put you in a vulnerable situation And then of course the the skater threat that the director mentioned is one that would we would see much more rapidly if it affected one of our critical areas of critical infrastructure But many of the other industries It would be masked and you would have disruption of those services taking place over a Over a period of time. So the response To those those threats Is much more technical in in nature and requires bringing folks in and getting that response team together a good analysis and identification and then a mitigation effort right away to Reduce the damage and the effects of that attack. Okay. Well, thank you so much both Michael and Mitch for joining us today to talk about cyber security And this is a topic that we should not forget just because October is over in this half hour We have learned so much from both Mitch Michael and michelle And we want to remind you that there are still things that you can do and you can follow Right now that you can practice brats brad alexander explained Here are the 12 steps in protecting your computer from the threat of e crime We begin with passwords Use strong keywords and change them regularly and be creative Next your email you're on it every day. You should always be attentive to viruses and email attachments links and automatic downloads You should have antivirus software installed on your system and download updates frequently to ensure that your software has the latest fixes for new viruses worms trojans and bots It's important to always use a two-way firewall So you can block those bugs if there's software on your computer that you're not using you should toss them out click and uninstall it You keep sensitive paper documents under lock and key, right? Be sure to establish physical access controls for all computer equipment. Remember to back up your information Use an external drive to back up important files pictures folders and even software Check regularly to make sure you have all the latest critical software updates and security patches Online attacks are only becoming more sophisticated So be sure to do your part in investing in proper updated security software for your computer implement network security and control access to your network Keep your data private limit access to sensitive and confidential data Establish and follow a security risk management plan with your family to make sure Everyone is doing their part to keep information safe. Remember if you need help call your software it support After all they are just a phone call an email or a chat away Stay safe and think before you click If you have any questions for our experts or for us, please email us at questions at kali ma.ca.gov And remember to share this video with your family and friends visit us at kaloasmuseumrather.wordpress.com Have a great day and remember to visit staysafeonline.org for more useful tips and to stop and think before you connect Have a great day