Castagnera on Risk Management in Higher Education… and more: The latest on cyber-security from DHS

Department of Homeland Security (Photo credit: DonkeyHotey)

SEPTEMBER 2012 UPDATE

IN THIS ISSUE

ARE YOU CYBER READY? STOP.THINK.CONNECT.™ COMMEMORATES NATIONAL PREPAREDNESS MONTH
DHS SPOTLIGHT: FEDERAL EMERGENCY MANAGEMENT AGENCY—CYBERSECURITY IN EMERGENCY MANAGEMENT
STOP.THINK.CONNECT. ENCOURAGES YOU TO ACT FOR NATIONAL CYBER SECURITY AWARENESS MONTH THIS OCTOBER
STOP.THINK.CONNECT. PARTNERS WITH GIRLS SCOUTS OF THE USA
STOP.THINK.CONNECT. ATLANTA CYBER TOUR RECAP
INTEGRATED CYBERSECURITY EDUCATION COMMUNITIES: HELPING TEACHERS INTEGRATE CYBER INTO THEIR CLASSROOMS

ARE YOU CYBER READY? STOP.THINK.CONNECT. COMMEMORATES NATIONAL PREPAREDNESS MONTH

Think about this - what would you do if you received a suspicious email from a friend that only included a link? Would you click on it? What would your spouse, children, friends, or colleagues do? Phishing attacks are only one of the many complex cyber threats we face every time we go online regardless of whether we are at home, at work, or on the go. As technology advances, so do the techniques cybercriminals use to gain access to our computer networks.

To commemorate National Preparedness Month, Americans all over the country are preparing for the unexpected fire, hurricane, tornado or man-made disasters. While the devastating effects on individuals, families, and communities caused from a natural or man-made disaster are easy to see, it is much more difficult to understand the impact of a sluggish computer infected with malware or viruses.

Unlike physical threats that prompt immediate action – like stop, drop, and roll in the event of a fire – cyber threats are often difficult to identify and comprehend. However, they can be just as dangerous. Cyber preparedness can be as simple as setting up the proper controls such as the ones listed below to increase your chances of avoiding cyber risks:

Only connect to the Internet over secure, password- protected networks.
Do not respond to online requests for personal information; most organizations – banks, universities, companies, etc. – do not ask for your personal information over the Internet.
Limit who you are sharing information with by reviewing the privacy settings on your social media accounts.
Trust your gut; if you think an offer is too good to be true, then it probably is.
Do not use the same password twice; choose a password that means something to you and you only; change your passwords on a regular basis.

Click here for more tips and guidance from Ready.gov on how to prepare in the event of a cyber-attack. If you feel you’ve been a victim of a malware attack, phishing scheme, or another cybercrime, contact your local law enforcement or the Federal Trade Commission at www.ftc.gov/complaint.

DHS SPOTLIGHT: FEDERAL EMERGENCY MANAGEMENT AGENCY – CYBERSECURITY IN EMERGENCY MANAGEMENT

As technology revolutionizes and changes the way we live our lives, the benefits are numerous. However, as with everything else in life, there are pros and cons that we must be prepared for. During National Preparedness Month in September, FEMA encourages all agencies and commercial entities to ensure their cybersecurity program is part of their preparedness efforts.

With the rapid pace of technological improvements the need for a cybersecurity program to counteract against the exponential growth of hackers aimed at negatively impacting the confidentiality, integrity and availability of information systems or applications is critical to mission readiness. Present-day attacks on computer systems do not simply damage an isolated machine or disrupt a single enterprise system. Instead, modern attacks target infrastructure that is integral to the economy, national defense, and daily life. The overall goal to combat these attacks is to be able to clearly identify, mitigate, and reduce risk to a level that is manageable.

Cybersecurity continues to be an increasingly vital topic with regard to emergency management; however, many often overlook such security during a disaster or emergency situation in an effort to quickly meet the needs of our fellow citizens. As a result, critical safeguards for cyber infrastructure resources are often neglected until it is too late. In order to fully mitigate the risk, emergency management cyber situational awareness requires individuals and organizations to understand, and be aware of, how the availability of digital resources impact emergency management tasks both in the near term and future.

FEMA falls directly in the center of emergency activities – both preparedness and response. FEMA.gov provides the general public with access to critical and potentially life-saving information before, during, and after a disaster. At the same time, a high profile website such as FEMA.gov raises the eyebrows of hackers all over the globe – individuals who are set on defeating a system that serves such an immense purpose for the U.S. government.

To help mitigate this risk, FEMA has taken great efforts to address cybersecurity concerns with the newly redesigned FEMA.gov, which was launched in July 2012. FEMA.gov is the first web application to be hosted on a new DHS public “cloud” hosting environment – meaning that FEMA.gov doesn’t live on just one server at a single location, but is spread across a vast network of computers. As a result, there is no single point of failure (or attack) for the website.

The responsibility of ensuring this public-facing web application meets government and federal regulations is enormous, and even more so with the inception of cloud technology. FEMA has worked closely with DHS on applying both FISMA (the Federal Information Security Management Act of 2002) and FedRAMP (the Federal Risk and Authorization Management Program) cybersecurity. In times of disaster, this level of preparation allows FEMA to focus on its core mission rather than being distracted by cyber attacks.

While FEMA has taken great strides in preventing attacks on its cyber infrastructure, it’s also important for individuals and communities to protect their online identities. Cyber preparedness is something we should all practice. You can do this in your home and business by ensuring your network connections are password protected and secure; never provide your personal information (name, address, social security number, account numbers, etc.) to anyone you do not know or trust – and even then, do not provide it over the Internet. Always be sure to keep your anti-virus software updated and contact your IT department if you suspect anything suspicious has occurred in your workplace. Look for more tips on protecting your cyber infrastructure at http://www.ready.gov/cyber-attack.

As members of the whole community, we must fully understand the importance of cybersecurity, situational awareness, training, and preparedness. FEMA coordinates with its stakeholders and partners to effectively execute a well-defined approach to preserving its emergency management information systems, applications, and data. By maintaining vigilance in our cyber security efforts and ensuring that FEMA.gov is available and able to meet the needs of our country, we hope to maintain the highest level of mission readiness.

STOP.THINK.CONNECT. ENCOURAGES YOU TO ACT FOR NATIONAL CYBER SECURITY AWARENESS MONTH THIS OCTOBER

Every day, we are more and more interconnected. We rely on the Internet for all of our day-to-day needs as it allows us to stay connected, informed, and involved. However, this increased connectivity brings increased risk of theft, fraud, and abuse - making cybersecurity one of our country’s most important national security priorities.

In recognition of the importance of cybersecurity awareness, President Obama designated October 2012 as National Cyber Security Awareness Month (NCSAM) as a reminder that being safer and more secure online is a shared responsibility. In other words, we should always ensure that our information and critical infrastructures remain secure and reliable for everyone.

Throughout NCSAM and beyond, you’re invited to join the DHS Stop.Think.Connect. Campaign to take part and ACT - Achieve Cybersecurity Together - to ensure everyone understands their role in safeguarding and securing cyberspace, recognizes how to protect themselves and their online interests, and knows who to contact if compromised online.

Here are a few simple things businesses, schools, and home users can do to practice cybersecurity during National Cyber Security Awareness Month and throughout the year:

Find or register a local National Cyber Security Awareness Month event.
Show your organization's commitment to cybersecurity by signing the online endorsement form and becoming a National Cyber Security Awareness Month Champion.
Download tip sheets on how to stay safer in a variety of online settings: on social networking sites, on gaming sites, on your mobile device, and distribute them within your community.
Participate in the NCSA's Cyber Security Awareness Volunteer Education (C-SAVE) Program and help educate elementary, middle, and high school students about Internet safety and security.
Add a signature block to your e-mail: "October is National Cyber Security Awareness Month. Stay Safe Online! Visit www.staysafeonline.org for the latest cybersecurity tips."

For more information on NCSAM, click here. The Stop.Think.Connect.Campaign will be issuing a special newsletter mid-September with more details on all NCSAM events that will be occurring throughout the month with additional tips of how you can be involved.

STOP.THINK.CONNECT. PARTNERS WITH THE GIRLS SCOUTS OF THE USA

The U.S. Department of Homeland Security announced on August 22, 2012 during the Atlanta Cyber Tour that the Girl Scouts of the USA organization has joined the Stop.Think.Connect. Campaign’s National Network, forming a new partnership which will promote cybersecurity awareness to over 3.2 million youth across the country.

The Campaign will provide the Girl Scouts with tools and resources to help raise awareness among kids, teens, and young adults about emerging online threats and the importance of cybersecurity. This partnership builds on the Campaign’s efforts to highlight curriculum resources available to communities, as well as to promote cyber awareness and educate America’s youth about safer online practices.

“Cyber education is crucial for preparing future generations for the ever-changing cyber world,” said Secretary Napolitano. “With the help of Girl Scouts of the USA, the Campaign has an opportunity to broaden cybersecurity awareness to millions of American youth engaged with the Girl Scouts program.”

"This collaboration between Girl Scouts and The U.S. Department of Homeland Security will empower girls to become leaders and advocates for the safe and responsible use of technology," explains Anna Maria Chávez, Chief Executive Officer of the Girl Scouts of the USA. "We know that girls are online. As adults, it is our responsibility to create an environment that encourages girls to establish healthy online habits."

Girl Scouts of the USA was founded in 1912 with the goal of bringing girls out of isolated home environments and into community service. Through enriching experiences, such as field trips, sports skill-building clinics, community service projects, cultural exchanges, and environmental stewardships, Girl Scouts seeks to grow courageous and strong young women.

For additional information on Girl Scouts of the USA please click here.

Girl Scouts and Department of Homeland Security Representatives at Partnership Launch

STOP.THINK.CONNECT. ATLANTA CYBER TOUR RECAP

The Atlanta Cyber Tour launched on August 20, 2012 and ran concurrently with the Government Forum of Incident Response and Security Teams (GFIRST) Conference. With involvement from Georgia Tech, InfraGard, the Multi-State Information Sharing and Analysis Center (MS-ISAC), Boys & Girls Clubs of America (BGCA), YWCA – and more, the Cyber Tour provided a collective, hands-on approach to online safety through interactive presentations, forums, and roundtable discussions.

The Atlanta Cyber Tour marks the Campaign’s fourth Cyber Tour location, preceded by Boston, MA, Miami, FL, and the Twin Cities, MN. The next Cyber Tour will be held in Omaha, NE in October to kick off National Cybersecurity Awareness Month (NCSAM) 2012.

The Stop.Think.Connect. Campaign is beginning to plan the 2013 Cyber Tours. For more information on how you can be involved, please email stopthinkconnect@dhs.gov.

INTEGRATED CYBERSECURITY EDUCATION COMMUNITIES: HELPING TEACHERS INTEGRATE CYBER INTO THEIR CLASSROOMS

The security of the Nation’s cyber infrastructure depends on well-trained Information Technology (IT) professionals to support the systems and networks necessary for essential computer operations. The cybersecurity career field is growing at an exponential rate and is still being defined. How do we ensure that young people are aware of the importance of cybersecurity today and the opportunities of tomorrow?

In an attempt to answer this question, DHS’s National Protection and Programs Directorate (NPPD) Cyber Education Office (CEO) launched the Integrated Cybersecurity Education Communities (ICEC) program, to enhance formal cybersecurity education with the ultimate goal of promoting the growth of the cybersecurity workforce.

ICEC aims to provide teachers with the training and tools needed to integrate cybersecurity skills in the classroom. The project is also designed to encourage interest in the cybersecurity field and increase awareness of cybersecurity careers and academic pathways among high school students.

By sponsoring cybersecurity education summer camps, ICEC helps encourage interest in the cybersecurity field through project-based cyber learning experiences for high school students and provides their teachers with access to cybersecurity learning tools.

Students and teachers participate in cyber challenges and hands-on-labs such as the Cyber Treasure Hunt, which requires students to use cryptographic skills, historical context, physical mapping, wireless communication, and general problem solving as they navigate their way through the maze of clues across the entire campus. The use of a Boe-Bot® introduces basic programming concepts and notions of logic, controls, and problem solving. After participating in the camp, teachers gain online access to multidisciplinary curricula that supports the integration of cybersecurity into their science, mathematics, and humanities lesson plans. Through their experience at the camp, and online access to cybersecurity curricula, high school teachers are better equipped to bring cybersecurity principles to their classrooms.

Cybersecurity education summer camps began in Shreveport, Louisiana, and – for the first time in 2012 – expanded to the Baltimore, MD area through the use of the camp’s structural model, called the Cyber Discovery Model. All 10 high schools in Louisiana and five Maryland high schools participated in this year’s camps. ICEC aims to replicate the model in more communities across the U.S. and reach an estimated 1.7 million U.S. high school students over the next 10 years.

Through these camps and teacher professional development, ICEC hopes to create an environment in multiple U.S. communities in which science, technology, engineering and mathematics (STEM) capable students can learn more about cybersecurity, hone their knowledge and skills, and become excited about a future in cybersecurity.

For more information about ICEC, please contact Daniel Stein at Daniel.Stein@HQ.DHS.gov.