National Cyber Security Awareness Month 2014: Major trends and resources

Stephen Cobb, CISSPSecurity Researcher, ESET NA

National Cyber Security Awareness Month

• Happens in October• This is the 11th year • A coordinated series of events • A useful way to look at cyber

security• An official theme each year• Other themes emerge Follow

hashtag #NCSAM

Question #1Is your organization doing anything special for National Cyber Security Awareness Month?

Yes No I’m not sure I don’t work for an

organization

www.StaySafeOnline.org/ncsam

#NCSAM in 2014

• Official theme:– Our shared responsibility

• Other themes emerge:– The Internet of Things– Security Standards– STEM and the cyber workforce– A wealth of resources

The Internet of Things

• Trade and Industry• Health and Healthcare• Infrastructure• Homes and Cars• IoT glossary and acronym soup:– Sensors, GPS, RFID, WNS, LRCD, ICLR,

SDR, Wi-Fi, BlueTooth, Zigbee, Z-Wave

Trade and Industry

Homes and cars

Health andHealthcare

Infrastructure

Track vehicles and goods, enable smart factories, improve supply chain logistics

Monitor critical systems, alert, balance loads, enable smart grid efficiency

Diagnose remotely, monitor patients, deliver medication

Protect, monitor, control, entertain

What can IoT do? Monitor, warn, alarm, control, inform, communicate, entertain, track, enable, treat, respond, enable

What things?smartphones, smart watches, wearables, sensors, smart appliances, smart cars, medical devices, drones, network cameras

IoT: THE INTERNET OF THINGS

What’s the awareness aspect?

• The IoT is happening now• Early indications are that security

and privacy are not top of mind with many makers or users

• A chance to get security baked in rather than added later

• And temperexpectations

Security Standards

• Looks like we have a winner:– NIST Cybersecurity Framework– www.nist.gov/cyberframework

• A voluntary framework for reducing cyber risks to critical infrastructure

• And the rest of cyberspace as well• May be a “reasonableness test”• Default standard of due care

STEM and the cyber workforce

• Securing all this stuff is going to take a lot more skilled people than we have on hand right now

• Steps are being taken to increase the supply of cyber skilled people

• Areas of discussion:– Professional certification vs. college– Better human resource management– Vets, women, minorities– Immigration

Question #2Does your organization have difficulty finding the computer security expertise it needs?

Yes No Not sure I don’t work for an organization

A wealth of resources

• National Initiative for Cybersecurity Education (NICE)

• Cybersecurity Lesson Plans• Cybersecurity Internship Program• National Initiative for Cybersecurity

Careers and Studies (NICCS)– niccs.us-cert.gov

• And that’s just on workforce development

Free awareness materials

www.StopThinkConnect.org/resourcesEmail: stopthinkconnect@dhs.gov

Official NCSAM Theme:Our shared responsibility

Each and every one of us needs to do our part to make sure that our online lives are kept safe and secure. That's what National Cyber Security Awareness Month—observed in October —is all about!

Who is responsible?

• Individuals• Companies• Government• Communities

Individuals

• Check your cyber hygiene– Password protection, backups, privacy

settings, mobiles, laptops, tablets, etc.

• Talk cyber with parents, kids, friends…

• stopthinkconnect.org/tips-and-advice

Companies

• A good time to have everyone read the company security policies and procedures

• Awareness and education days• Use free materials, competitions,

volunteer

Government

• Local– Mayor’s office– City IT

• Regional & State– MS-ISAC– State Cyber Task Force

• National – NIST, DHS, FBI

• International– More resources please!– Cooperation between nation states

Communities

• Businesses• College Administrators• Community-Based

Organizations• Faith-Based Organizations• Home Users• K-12 Administrators• Libraries• Local governments• Local law enforcement• Teachers

Communities

• A community example of “Our Shared Responsibility”

• Securing Our eCity• Greater San Diego area• Non-profit organization• Volunteers and donations• Public/private cooperation

And it’s not over yet…

5 Thursdays in October 2014!

Thank you!

• stephen.cobb@eset.com• www.eset.com• www.WeLiveSecurity.com• Twitter @zcobb• www.SecuringOureCity.org