Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Situational Awareness
• Cybersecurity threats show little sign of abating
• Oregon companies face critical shortages of trained cybersecurity talent
• Many organizations struggle with funding, expertise and resources to
address issues
• Strong coalition of support for improvements in
cybersecurity on Oregon
– Government, business and education
partnership
• Significant industry presence in Oregon
• Cyber Oregon efforts well underway
2 OREGON CYBERSECURITY ADVISORY COUNCIL
Oregon Data Breaches
187 companies reported breaches since Jan 1, 2016
As of 9/30/18
https://justice.oregon.gov/consumer/DataBreach
3 OREGON CYBERSECURITY ADVISORY COUNCIL
Oregon State Breach History
4 OREGON CYBERSECURITY ADVISORY COUNCIL
Oregon Cybersecurity Preparedness
5 OREGON CYBERSECURITY ADVISORY COUNCIL
http://cyberseek.org/heatmap.html Snapshot Sept 30, 2018
6 OREGON CYBERSECURITY ADVISORY COUNCIL
Oregon Senate Bill 90 – Sept 2017
State InfoSec Re-Org
The Director of the Oregon Department of Administrative Services…shall
identify each position and employee engaged in the performance of
agency information technology security functions to be transferred to the
office of the State Chief Information Officer.
8 OREGON CYBERSECURITY ADVISORY COUNCIL
CyberOregon: Oregon Cybersecurity Advisory Council
• The Oregon Cybersecurity Advisory Council is established within the office
of the State Chief Information Officer. The council consists of nine
voting members. A majority…must be representatives of cyber-related
industries in Oregon.
• The voting members of the council must include at least one representative
of post-secondary institutions of education and one representative of
public law enforcement agencies in Oregon.
9 OREGON CYBERSECURITY ADVISORY COUNCIL
CyberOregon: Oregon Cybersecurity Advisory Council
Serve as Statewide Advisory body to State CIO on Cybersecurity
Coordinate cybersecurity
information sharing and promote shared
and real-time awareness between public and private
sectors
Provide Statewide Forum for discussing
and resolving cybersecurity issues.
Encourage the development of the
cybersecurity workforce
Provide information and recommend best
practices to public and private entities
10 OREGON CYBERSECURITY ADVISORY COUNCIL
CyberOregon: Oregon Cybersecurity Advisory Council
11 OREGON CYBERSECURITY ADVISORY COUNCIL
Chair, Kerri Fry, IGNW
Vice-Chair, Charlie Kawasaki, PacStar
Michael Gutsche, Microfocus International
Andrew Plato, Anitian
Tom Quillin, McAfee
Prof. Rakesh Bobba, Oregon State University
Mike Wells, Oregon Department of Justice
Ken Kestner, Lake County Commissioner
Dennis Tomlin, Multnomah County
Megan McKenzie
McKenzie Worldwide PR
Council Secretary (Non-Voting)
Executive Sponsors
Terrance Woods
Oregon State Chief Information Officer, Interim
Stefan Richards
Oregon State Chief Information Security Officer
Skip Newberry, Technology Association of Oregon
CyberOregon: Cyber Center of Excellence
• SECTION 4. Oregon Cybersecurity Center of Excellence.
• The State Chief Information Officer shall develop a plan for the
establishment of an Oregon Cybersecurity Center of Excellence. The State
Chief Information Officer shall submit the plan to an appropriate committee
or interim committee of the Legislative Assembly no later than January 1,
2019.
12 OREGON CYBERSECURITY ADVISORY COUNCIL
CyberOregon: Cyber Center of Excellence
13 OREGON CYBERSECURITY ADVISORY COUNCIL
CyberOregon: Cyber Center of Excellence
14 OREGON CYBERSECURITY ADVISORY COUNCIL
Strategy and Response Plan
Draft and biennially update an Oregon Cybersecurity Strategy and a Cyber Disruption Response Plan to be submitted to the
Governor and an appropriate committee or interim committee of the Legislative Assembly.
• Detail the steps that the state should take to increase the resiliency of its operations in preparation for, and
during the response to, a cyber disruption event;
• Address high-risk cybersecurity for the state’s critical infrastructure, including a review of information security
technologies currently in place… to prevent the compromise or unauthorized disclosure of critical or sensitive
government information inside and outside the firewall of state agencies
• Establish a process to regularly conduct risk-based assessments of the cybersecurity risk profile, including
infrastructure and activities within this state;
• Provide recommendations related to securing networks, systems and data, including interoperability,
standardized plans and procedures, evolving threats and best practices
• Include the recommended content and timelines for conducting cybersecurity awareness training for state agencies
and the dissemination of educational materials to the public and private sectors in this state through the
center;
• Identify opportunities to educate the public
• Include strategies for collaboration with the private sector and educational institutions
• Establish data breach reporting and notification requirements
15 OREGON CYBERSECURITY ADVISORY COUNCIL
PSU Research Findings
Online Survey of Oregon Organizations
• The online survey of 205 respondents resulted in answers to 33 questions
regarding the cybersecurity policies, practices, staffing, and concerns of
Oregon organizations.
17 OREGON CYBERSECURITY ADVISORY COUNCIL
Survey: Growing Needs
“…approximately 90% of
respondents indicating that both
their organizations and
industries were likely or very
likely to experience increased
cybersecurity needs.”
18 OREGON CYBERSECURITY ADVISORY COUNCIL
Survey: Difficulty in Staffing
“Respondents do not find
cybersecurity staffing to be an
easy task, with approximately
59% reporting that staffing these
positions has either been difficult
(53 of 177, or 30%) or very
difficult (51 of 177, or 29%) over
the past five years”
19 OREGON CYBERSECURITY ADVISORY COUNCIL
Survey: High Interest in CCoE Services
• By far, the most popular service choice was a state-wide cyber event warning system, with 135 respondents (or 78%) indicating that their organization would use this service; a majority of almost every characteristic group chose this option.
• Other choices that received support from a majority of respondents include
– fully online continuing education and certification programs (65%)
– cybersecurity information sharing events (63%)
– low-cost reviews of cybersecurity systems (63%)
– cybersecurity training for non-technical employees (59%)
– An information and threat sharing center for all Oregon organizations (59%).
20 OREGON CYBERSECURITY ADVISORY COUNCIL
Oregon Cybersecurity Awareness Program
Goals and objectives
• Build awareness across the state and beyond about Oregon’s cybersecurity
business and educational programs, talent and companies
– Promote workforce development and create awareness of career
opportunities
• Raise visibility of CCoE and support legislative initiatives
• Provide critical information and tools to help Oregon businesses and
organizations improve cybersecurity
22 OREGON CYBERSECURITY ADVISORY COUNCIL
Cybersecurity in Oregon is not getting the visibility it needs. This program is designed to change that.
www.CyberOregon.com
• One website/portal for all things Oregon cybersecurity
• Serves as a cybersecurity information clearinghouse
• Cross linked to sponsors and stakeholders
• Curated global cyber news
• Education achievements
• Contributed blogs
• Oregon cyber news
• Resource lists
• Research reports
• Success stories
• Webinars, events
23 OREGON CYBERSECURITY ADVISORY COUNCIL
Oregon Cyber Summits
• 2018 Apr 23rd - University of Oregon Cybersecurity Day, Eugene
– http://securityday.cs.uoregon.edu/
• 2018 June 20-22 – Global Cities Tech Jam, Portland
– http://www.techoregon.org/events/global-city-teams-challenge-tech-jam
• 2018 July 19 - NW Cyber Camp with Cyber Summit – Mentor Graphics in Wilsonville.
– www.nwcyber.camp
2018 November 2 - Cybersecurity Summit, Bend. OSU Cascades
http://www.techoregon.org/events/cyber-security-summit
24 OREGON CYBERSECURITY ADVISORY COUNCIL
25 OREGON CYBERSECURITY ADVISORY COUNCIL
Oregon Cybersecurity Companies
• Cylance • Tripwire • Galois • PacStar • Tozny • Iovation • IBM • McAfee • Formaltech • Amazon Web Services • SureID • Typhone • ID Mentor • Cloudentity
• Anitian • MicroFocus • Aruba • Redhawk • Hueya • Mentor Graphics • RADAR • ID Experts • SheerID • PKI Solutions • Navex Global • Cozera • UpTime Sciences • Carbon Black
26 OREGON CYBERSECURITY ADVISORY COUNCIL