Cybersecurity in Oregon Overview info@cyberoregon · Cybersecurity in Oregon Overview [email protected] October 2018 . ... Cybersecurity in Oregon is not getting the visibility

Cybersecurity in Oregon

Overview

[email protected]

October 2018

Situational Awareness

• Cybersecurity threats show little sign of abating

• Oregon companies face critical shortages of trained cybersecurity talent

• Many organizations struggle with funding, expertise and resources to

address issues

• Strong coalition of support for improvements in

cybersecurity on Oregon

– Government, business and education

partnership

• Significant industry presence in Oregon

• Cyber Oregon efforts well underway

2 OREGON CYBERSECURITY ADVISORY COUNCIL

Oregon Data Breaches

187 companies reported breaches since Jan 1, 2016

As of 9/30/18

https://justice.oregon.gov/consumer/DataBreach




Oregon State Breach History


Oregon Cybersecurity Preparedness


http://cyberseek.org/heatmap.html Snapshot Sept 30, 2018


http://cyberseek.org/heatmap.html

Oregon Senate Bill 90 – Sept 2017

State InfoSec Re-Org

The Director of the Oregon Department of Administrative Services…shall

identify each position and employee engaged in the performance of

agency information technology security functions to be transferred to the

office of the State Chief Information Officer.


CyberOregon: Oregon Cybersecurity Advisory Council

• The Oregon Cybersecurity Advisory Council is established within the office

of the State Chief Information Officer. The council consists of nine

voting members. A majority…must be representatives of cyber-related

industries in Oregon.

• The voting members of the council must include at least one representative

of post-secondary institutions of education and one representative of

public law enforcement agencies in Oregon.



Serve as Statewide Advisory body to State CIO on Cybersecurity

Coordinate cybersecurity

information sharing and promote shared

and real-time awareness between public and private

sectors

Provide Statewide Forum for discussing

and resolving cybersecurity issues.

Encourage the development of the

cybersecurity workforce

Provide information and recommend best

practices to public and private entities




Chair, Kerri Fry, IGNW

Vice-Chair, Charlie Kawasaki, PacStar

Michael Gutsche, Microfocus International

Andrew Plato, Anitian

Tom Quillin, McAfee

Prof. Rakesh Bobba, Oregon State University

Mike Wells, Oregon Department of Justice

Ken Kestner, Lake County Commissioner

Dennis Tomlin, Multnomah County

Megan McKenzie

McKenzie Worldwide PR

Council Secretary (Non-Voting)

Executive Sponsors

Terrance Woods

Oregon State Chief Information Officer, Interim

Stefan Richards

Oregon State Chief Information Security Officer

Skip Newberry, Technology Association of Oregon

CyberOregon: Cyber Center of Excellence

• SECTION 4. Oregon Cybersecurity Center of Excellence.

• The State Chief Information Officer shall develop a plan for the

establishment of an Oregon Cybersecurity Center of Excellence. The State

Chief Information Officer shall submit the plan to an appropriate committee

or interim committee of the Legislative Assembly no later than January 1,

2019.






Strategy and Response Plan

Draft and biennially update an Oregon Cybersecurity Strategy and a Cyber Disruption Response Plan to be submitted to the

Governor and an appropriate committee or interim committee of the Legislative Assembly.

• Detail the steps that the state should take to increase the resiliency of its operations in preparation for, and

during the response to, a cyber disruption event;

• Address high-risk cybersecurity for the state’s critical infrastructure, including a review of information security

technologies currently in place… to prevent the compromise or unauthorized disclosure of critical or sensitive

government information inside and outside the firewall of state agencies

• Establish a process to regularly conduct risk-based assessments of the cybersecurity risk profile, including

infrastructure and activities within this state;

• Provide recommendations related to securing networks, systems and data, including interoperability,

standardized plans and procedures, evolving threats and best practices

• Include the recommended content and timelines for conducting cybersecurity awareness training for state agencies

and the dissemination of educational materials to the public and private sectors in this state through the

center;

• Identify opportunities to educate the public

• Include strategies for collaboration with the private sector and educational institutions

• Establish data breach reporting and notification requirements


PSU Research Findings

Online Survey of Oregon Organizations

• The online survey of 205 respondents resulted in answers to 33 questions

regarding the cybersecurity policies, practices, staffing, and concerns of

Oregon organizations.


Survey: Growing Needs

“…approximately 90% of

respondents indicating that both

their organizations and

industries were likely or very

likely to experience increased

cybersecurity needs.”


Survey: Difficulty in Staffing

“Respondents do not find

cybersecurity staffing to be an

easy task, with approximately

59% reporting that staffing these

positions has either been difficult

(53 of 177, or 30%) or very

difficult (51 of 177, or 29%) over

the past five years”


Survey: High Interest in CCoE Services

• By far, the most popular service choice was a state-wide cyber event warning system, with 135 respondents (or 78%) indicating that their organization would use this service; a majority of almost every characteristic group chose this option.

• Other choices that received support from a majority of respondents include

– fully online continuing education and certification programs (65%)

– cybersecurity information sharing events (63%)

– low-cost reviews of cybersecurity systems (63%)

– cybersecurity training for non-technical employees (59%)

– An information and threat sharing center for all Oregon organizations (59%).


Oregon Cybersecurity Awareness Program

Goals and objectives

• Build awareness across the state and beyond about Oregon’s cybersecurity

business and educational programs, talent and companies

– Promote workforce development and create awareness of career

opportunities

• Raise visibility of CCoE and support legislative initiatives

• Provide critical information and tools to help Oregon businesses and

organizations improve cybersecurity


Cybersecurity in Oregon is not getting the visibility it needs. This program is designed to change that.

www.CyberOregon.com

• One website/portal for all things Oregon cybersecurity

• Serves as a cybersecurity information clearinghouse

• Cross linked to sponsors and stakeholders

• Curated global cyber news

• Education achievements

• Contributed blogs

• Oregon cyber news

• Resource lists

• Research reports

• Success stories

• Webinars, events


Oregon Cyber Summits

• 2018 Apr 23rd - University of Oregon Cybersecurity Day, Eugene

– http://securityday.cs.uoregon.edu/

• 2018 June 20-22 – Global Cities Tech Jam, Portland

– http://www.techoregon.org/events/global-city-teams-challenge-tech-jam

• 2018 July 19 - NW Cyber Camp with Cyber Summit – Mentor Graphics in Wilsonville.

– www.nwcyber.camp

2018 November 2 - Cybersecurity Summit, Bend. OSU Cascades

http://www.techoregon.org/events/cyber-security-summit


http://securityday.cs.uoregon.edu/

http://www.techoregon.org/events/global-city-teams-challenge-tech-jam











http://www.nwcyber.camp/


Oregon Cybersecurity Companies

• Cylance • Tripwire • Galois • PacStar • Tozny • Iovation • IBM • McAfee • Formaltech • Amazon Web Services • SureID • Typhone • ID Mentor • Cloudentity

• Anitian • MicroFocus • Aruba • Redhawk • Hueya • Mentor Graphics • RADAR • ID Experts • SheerID • PKI Solutions • Navex Global • Cozera • UpTime Sciences • Carbon Black


Documents

Cybersecurity in Oregon Overview info@cyberoregon · Cybersecurity in Oregon Overview [email protected] October 2018 . ... Cybersecurity in Oregon is not getting the visibility