Photos by Charlie Ban
(left) Nebraska Gov. Dave Heineman (R) addresses attendees at the inaugural NACo National Cyber Symposium in Douglas County, Neb. April 18. (right) “If someone tells you they can prevent a cyber attack, kick them out of your office,” said Will Pelgrin, president and CEO of the Center for Internet Security.
Though NACo’s policy positions are regularly determined by county officials with years, or decades of service, President Chris Rodgers’ presidential initiative addressing cybersecurity came from a four-year-old.
Three years ago, his son was playing with the family computer and inadvertently accessed what Rodgers thought was secure information. It revealed to him how vulnerable that information was in a rapidly connected age, one that has only become more complex since his cyber security awareness program’s inception.
“Once we went into Iran with cyber, I knew it was here to stay,” he said, referring to a joint U.S. operation with Israel to disable an Iranian nuclear site in 2012.
Rodgers’ effort culminated in the two-day-long NACo National Cyber Symposium at the Peter Kiewit Institute at the University of Nebraska, Omaha, in Douglas County, where he serves as a county commissioner.
“Sometimes you catch lightening in a bottle and you couldn’t have done it better than this week, with cyber legislation on the House floor,” he said. “There’s a whole lot that scares people but also a whole lot of opportunity.”
“This isn’t a one-year wonder,” he said.
Will Pelgrin, now the president and CEO of the Center for Internet Security, was serving as chief technology officer for the state of New York on Sept. 11, 2001.
“We all recognize this as a horrible physical attack, but what most don’t realize is what a cyber attack it was as well,” he said. “Our circuits went dark that day, mission-critical operations could not be performed. We thought we had redundancy; we thought we had owned some infrastructure, but we found out we didn’t own some of the paths we paid for.”
He said the physical and cyber infrastructure is deeply linked and counties should not stop thinking that way.
“We can never unwind again,” he said. “You need to understand both, because if you don’t you’re going to miss another piece of the pie.”
Also, he warned against vendors promising the world with the cybersecurity programs and said it was easier to crack a security system than defend it.
“If someone tells you they can prevent a cyber attack, kick them out of your office,” he said.
Cheri Caddy, the director of Cyber Policy Integration and Outreach for President Obama, demystified the threat of cyber crime, as it has been depicted in popular media, including a recent James Bond movie.
“It’s less flashy but still very troubling,” she said. “High-impact events, like you see in movies, represent extreme situations and are very unlikely.”
More probable results of cyber security lapses include persistent intrusions into information systems, violation of privacy, theft of services, and degradation and denials of service.
She said the responsibility for guarding against and responding to cyber attacks could not fall solely on any level of government, and added that the federal government’s role was best compared to disaster response. That could include convincing other countries to address cyber criminals within their borders, and at this point the federal government was more inclined to use policy to that end, rather than technical means.
Nebraska Gov. Dave Heineman (R) called lax cybersecurity the biggest threat to economic and national security. “Think a decade out,” he said. “You think we’re dependent (on technology) now? When I think about protecting the homeland and the challenges we may face, they won’t necessarily be what we expect from a military attack.”
He said every level of government is expected to protect citizens in the digital realm.
“Technology knows no boundaries,” he said. “Our military personnel can’t operate with their pinpoint accuracy we’ve come to expect without full use of technology, and our ability to operate if someone took down financial systems, energy grids, day-to-day operations of every company in this room, let alone government, is compromised.”
Jodi Chapin, AT&T’s director of state and local government marketing, said the most effective way to describe the entirety of the threat posed by cyber crime was to frame it in a narrative. Doing so helps the audience understand an issue’s evolution.
“Focus on storytelling,” she said. “We’re really moving out of the information age and into the conceptual age, it’s going to be an incredible skill set to start teaching.”