Focusing on strengthening our shared commitment to protecting the vast networks and systems fueling our nation’s utilities, finance, transportation, agriculture
and communications sectors
“With the 2018 midterm elections quickly approaching, cybersecurity is top-of-mind for many Americans,” said Russ Schrader, NCSA’s executive director. “NCSA, DHS and thousands of supporters are committed to reiterating the message that everyone shares a role in protecting cyberspace. If internet users nationwide do their part to follow basic cybersecurity practices, citizens and the country at large will be safer and more secure.”
As technology providers continue to advance approaches to protecting our nation’s systems, they are striving to develop solutions across the entire technology stack. With increased connectivity across all industries, it is important that government and industry work together to address needs of our critical infrastructure – both now and in the future. Technology companies are regularly partnering with government organizations to provide security guidance. For example, Intel is among a handful of companies that collaborated with NIST’s National Cybersecurity Center of Excellence to provide authentication solutions for government workers who use mobile devices. Along with many peers, Intel is focused on developing solutions that help mitigate security concerns for the government.
NCSAM’s Week 4 theme showcases the importance of safeguarding the country’s critical infrastructure. With that top of mind, the high demand for professionals to protect the internet and the country’s infrastructure has yielded an unmatched number of unfilled cybersecurity jobs. Cultivating the next generation of cybersecurity professionals – whether it’s students, veterans returning to civilian life or individuals re-entering the workforce – is essential. There is a tremendous gap in the quantity of qualified professionals to fill open cybersecurity jobs. Many of these positions are open in industries that keep water flowing from our faucets, lights on at our homes, money in the bank and food on the kitchen table.
Protecting the nation’s 16 sectors of our nation’s critical infrastructure is a shared responsibility between government and industry – both technology providers and critical infrastructure owners and operators. In addition, there are steps that individuals can take to protect themselves, their information, the larger community and our critical infrastructure during October, CISR Month 2018 and year-round:
- Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
- Keep a clean machine: Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware.
- When in doubt, throw it out: Cybercriminals often use links in email, social posts and texts to try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
- Safer for me, more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
- View, download and share the Week 4 infographic to learn more about the role critical infrastructure plays and how you can help keep its systems and networks more secure.To learn more about CISR Month and how you can get involved, visit the DHS website.
On Nov. 1 in Anchorage, AL, NCSA will host a CyberSecure My Business™ workshop in partnership with the National Rural Electric Cooperative Association (NRECA). NRECA is the national service organization dedicated to representing the national interests of the 895 cooperative electric utilities they serve that provide power to 42 million people in 47 states. NRECA’s Rural Cooperative Cybersecurity Capabilities (RC3) Program is sponsoring a Cybersecurity Summit in Anchorage in collaboration with the Alaska Power Association. The full-day RC3 Cybersecurity Summit – which includes the NCSA workshop ‒ will focus on the cybersecurity challenges facing small- and medium-sized electric utility companies and is a free event open to all electric utilities in Alaska. More than 90 percent of Alaskans receive electricity from either a cooperative or a municipal (publicly-owned) utility, and these utilities supply power to more than a half-million Alaskans from Barrow to Unalaska, through the Interior and Southcentral and down the Inside Passage. The RC3 Summit will provide a unique opportunity for all of Alaska’s electric utilities to come together and discuss cybersecurity challenges. It will share invaluable information on how these companies ‒ that are so vital to the state’s infrastructure ‒ can integrate cybersecurity controls into their overall risk management strategy. NRECA’s RC3 Program is funded through the U.S. Department of Energy, National Energy Technology Laboratory under Award Number DE-OE0000807. To learn more about the event, visit https://www.eventbrite.com/e/emerging-priorities-in-energy-research-day-rc3-summit-anchorage-ak-tickets-49663084623
Week 4 Resources
- Cofense™, the leading provider of human-driven phishing defense solutions world-wide, this month is helping global organizations stay cyber-aware by releasing their 2018 State of Phishing Defense Report, which analyzed approximately 135 million simulated phishing emails, 800,000 emails reported into the Cofense Phishing Defense Center and nearly 50,000 in-the-wild phishing campaigns analyzed by Cofense Intelligence™. According to a recent press release, “The findings highlighted that thus far in 2018, one in ten reported emails were verified as malicious and more than half of those were tied to credential phishing where a fraudulent email attempts to gather login and system information from users.” The report also contains the most current phishing susceptibility, resiliency and reporting rates across major industry verticals. The report is available free here: https://cofense.com/state-of-phishing-defense-2018/
- Cybersecurity Practice Guide SP 1800-12: This guideline developed by the National Cybersecurity Center of Excellence (NCCoE) and industry partners provides federal agencies using mobile devices standards-based, commercially available cybersecurity technologies to provide secure authentication. Intel® Authenticate is a key component in the guideline, leveraging hardware-based technology for robust multifactor authentication.
- DHS Critical Infrastructure Cyber Community (C³) Voluntary Program: This no-cost program helps organizations of all sizes and in all industries combat the cyber threat. C³ supports industry in increasing cyber resilience by promoting awareness and the use of the National Institute for Standards and Technology Cybersecurity Framework.
- ESET’s Cybersecurity Awareness Training is a free on-demand, interactive video training that business can send to their employees to help them become more cyber aware. The interactive, gamified videos are a fun, effective way to teach and educate employees about cyber threats in the workplace and help keep your business safe. https://www.eset.com/us/cybertraining/
- Raytheon: The best ideas come from diverse teams of people from different backgrounds and perspectives. Raytheon Company partnered with the Center for Cyber Safety on a new scholarship program designed to encourage college women to pursue cybersecurity degrees. Administered by the Center for Cyber Safety and Education, the annual Raytheon CCDC Women’s Cybersecurity Scholarship will award scholarships to two females that participate in the Collegiate Cyber Defense Competition annually. Each scholarship will include an internship opportunity in Raytheon’s Intelligence, Information and Services’ Cybersecurity and Special Mission area. Raytheon is the title sponsor of the National Collegiate Cyber Defense Competition, a tournament to choose the U.S. collegiate team that can best protect computer networks against real-world cyber threats. For more information about the Raytheon CCDC Women’s Cybersecurity Scholarship, including eligibility requirements, visit https://iamcybersafe.org/scholarships/raytheon-womens-scholarships/ now through February 1.
- Wells Fargo: The Cybersecurity Talent Shortage: A Career Opportunity for All Generations As technology innovation increases the need for information security, the talent gap for cybersecurity professionals has never been greater. Wells Fargo Chief Information Security Officer Rich Baich addresses the skills needed and the opportunities available for both new and tenured job seekers.
- Generali Global Assistance: In an effort to support NCSAM’s mission of generating more awareness about cybersecurity threats and the steps everyone can take to better protect themselves and the customers they serve, Generali Global Assistance is offering ScamAssistTM to all consumers for free during the month of October 2018! ScamAssistTM is a consumer service that takes solicitations our customers receive, performs expert research of the solicitations and delivers case-by-case assessments on the likelihood of it being a scam, thereby reducing the chances of a customer inadvertently providing funds or sensitive information to a criminal.
Learn more here: https://us.generaliglobalassistance.com/blog/reducing-consumer-risk-scamassisttm/.
- National Institute of Standards and Technology (NIST) Cybersecurity Framework: The NIST Framework, which was created through collaboration between industry and government, consists of standards, guidelines and practices to promote the protection of critical infrastructure. The framework’s prioritized, flexible, repeatable and cost-effective approach helps owners and operators of critical infrastructure manage cybersecurity-related risk.
In-person and Virtual Events
- Symantec Webinar: Safeguarding the Nation’s Critical Infrastructure on Tuesday, Oct. 23, 1:00 p.m. EDT/10:00 a.m. PDT Week 4 will emphasize the importance of securing our critical infrastructure and highlight the roles the public can play in keeping it safe. Speaker: Curtis Barker, SymantecRegister Here: https://www.symantec.com/about/webcasts?commid=330288
- Symantec Webinar: Is The Cloud Safe? Ensuring Security on the Cloud, Thursday, Oct. 25, 2:00 p.m. EDT/11:00 a.m. PDT When switching to the cloud, many nonprofits wonder how cloud apps and services, such as Microsoft Office 365, G Suite, Box, and Amazon Web Services, will affect their organization’s security. Cloud apps and software offer a multitude of benefits to nonprofits when it comes to keeping their devices and data safe. In this 60-minute webinar hosted by Deena Thomchick, Symantec’s senior director of cloud security, we will cover the many security benefits of switching to the cloud. You will learn:
- Benefits of adopting cloud apps and services
- What you are responsible for and what your cloud provider is responsible for when it comes to security
- Risks to look out for when using cloud apps and services
- How to mitigate risks with security best practices for email, endpoints (including laptops and mobile devices), content and users
To learn more, visit https://page.techsoup.org/symantec-is-the-cloud-safe-webinar-10252018
- #ChatSTC Twitter Chat: Safeguarding the Nation’s Critical Infrastructure, Thursday, Oct. 25, 2018, 3:00 p.m. EDT/noon PDT Our day-to-day life depends on the country’s 16 sectors of critical infrastructure, which supply food, water, financial services, public health, communications and power along with other networks and systems. A disruption to this system, which is operated via the internet, can have significant and even catastrophic consequences for our nation. This #ChatSTC will emphasize the importance of securing our critical infrastructure and highlight the roles the public can play in keeping it safe.
- Securing Election Systems Against Cyber Attacks: Risks and Solutions for 2018, 2020 and Beyond, Tuesday, Oct. 30, Washington, D.C., 9:00 a.m. – 10:30 a.m. at CSIS Headquarters
Following the 2016 election, in which election systems in at least 21 states were targeted by malicious cyber actors, several studies have put forth proposals to secure election systems against cyber threats and restore public trust in the election process, but implementing consistent baseline security practices remains challenging. The danger is not that an attack is likely to alter voting results across the nation, but that hackers will be able to infect relatively few computers and still seed doubt about the legitimacy of the elections. U.S. elections are managed through a hodgepodge of systems that vary from state to state, including paper ballots, electronic screens and even some Internet voting. Join Raytheon and the Center for Strategic and International Studies (CSIS) for a discussion about progress that has been made since the 2016 election and assess ongoing efforts at the state and national level to secure election systems. Panelists from U.S. Election Assistance Commission, DHS and the Center for Internet Security will also discuss what gaps and vulnerabilities still remain, and what steps can be taken in preparation for the upcoming elections. Register here.
- Identity and Authentication: The Road Ahead presented by the FIDO Alliance, the National Cyber Security Alliance, and the Better Identity Coalition, Friday, Nov. 2, Washington D.C., 9:30 a.m. – 3:00 p.m. at Venable LLP Last year, 16.7 million Americans were victims of identity fraud and there was a 389% increase in the number of records containing identity information stolen in breaches. Participants in this forum will examine the importance of better identity and authentication in cybersecurity and discuss the roles government and industry should play to improve the state of identity security in 2019. Featuring government speakers from the FTC, OMB, NIST, Office of the Comptroller of the Currency (OCC) and Office of the National Coordinator for Health IT. Registration website: https://connect.venable.com/26/1387/compose-email/invitation-(2).asp
Resources to Help You Stay Safer Online Year-Round
- DHS Stop. Think. Connect. Resources: DHS’ Stop. Think. Connect. page shares cyber tips and resources, ways to get involved with the global online safety awareness campaign, toolkits for all segments of the community, videos, promotional materials and more.
- BBB Cybersecurity: The Council of Better Business Bureaus (BBB) has created a business education resource to provide small and medium-sized businesses with valuable tools, tips and content to help them manage cyber risks and learn about cybersecurity best practices in the modern business environment.
- #CyberAware Newsletter: #CyberAware is a monthly newsletter created for parents by NCSA. Each month, the newsletter shares family online safety news and resources and the latest from the Stay Safe Online blog.
- Lockdownyourlogin.com: Usernames and passwords are no longer enough to keep your accounts secure. Anyone with your username and password can access your account. Visit LockDownYourLogin.com to easily learn how to move beyond the password and better secure your online accounts.
- OnGuardOnline: The U.S. Federal Trade Commission’s OnGuardOnline portal provides news, tips, resources, videos and more to help you, your family and the larger community stay safer and more secure online.
About National Cybersecurity Awareness Month
National Cybersecurity Awareness was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. Now in its 15th year, NCSAM is co-led by the Department of Homeland Security and the National Cyber Security Alliance, the nation’s leading nonprofit public-private partnership promoting the safe and secure use of the internet and digital privacy. Recognized annually in October, NCSAM involves the participation of a multitude of industry leaders ‒ mobilizing individuals, small and medium-sized businesses, nonprofits, academia, multinational corporations and governments. Encouraging digital citizens around the globe to STOP. THINK. CONNECT.™ NCSAM is harnessing the collective impact of its programs and resources to increase awareness about today’s ever-evolving cybersecurity landscape. Visit the NCSAM media room: staysafeonline.org/about-us/news/media-room/.
About the National Cyber Security Alliance
NCSA is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society. NCSA’s primary partners are DHS and NCSA’s Board of Directors, which includes representatives from ADP; AT&T Services Inc.; Bank of America; CDK Global, LLC; CertNexus; Cisco;