Target Audience: municipality, city, county, state, tribal CISOs, Chief Security Officers, CROs, CIO, CTOs, County Commissioners, those involved with exposure to cyber risk. GRC Governance, Risk and Compliance officers and those involved with Data Privacy. Possibly Chief Financial Officers that must manage risk.
The public sector – it’s more than the government. Our way of life is organized, delivered, and made possible by countless publicly controlled or publicly funded agencies, enterprises, and other entities delivering a wide range of products, services, and programs. And as citizens and taxpayers we expect quality, convenience, and cost-effectiveness from all of these. But the promise of technology and connectivity to deliver these benefits is being undermined by the cybersecurity perils that plague our entire economy and undermine our confidence.
In this track, we will focus on the cyber challenges faced by State, Local, Tribal, and Territorial governments and the ecosystem that operates around them. We’ll stand back and examine the cyber state-of-play for SLTTs as a whole, and also drill down to specific examples. We’ll look at what this community has in common both internally as well as with the economy at large. What are the challenges that all of us face, like budgets, policy, building a cyber workforce? How can we leverage and synchronize with Federal activities? We’ll also examine the role of the Multi-State Information Sharing and Analysis Center as both an information and a services hub for this entire community. And more importantly, what resources can we share, and what lessons can we learn from each other?
Rohit Tandon, CISO, Minnesota and Carlos Kizzee, MS-ISAC Stakeholder Engagement will introduce the Public Sector Summit; outlining key challenges, requirements, capabilities, and solutions being implemented to address and mitigate the cyber security concerns for this unique sector.
Co-Chairs: Rohit Tandon, Assistant Commissioner, State Chief Information Security Officer, State of Minnesota; Carlos Kizzee, Vice President, Stakeholder Engagement, MS-ISAC Engagement
Public Sector Cybersecurity: The State of the States, Local Governments, Tribes, and Territories
Eugene Kipniss, MS-ISAC Federal Engagement and SLTT Assessments will keynote the Public Sector Summit with critical observations from this year’s Nationwide Cybersecurity Review (NCSR); an anonymous cybersecurity maturity self-assessment completed by thousands of SLTT governments and presented to Congress bi-annually. His presentation will include a brief on the threats and trends currently observed by the MS-ISAC and impacting SLTT governments, providing a summary threat landscape of the community. He will explore what the NCSR data can tell us about our risk reduction priorities considering increasing threats to SLTT, and help the audience consider how we can best leverage the NCSR to communicate those priorities to our law makers.
Speaker: Eugene Kipniss, MS-ISAC Member Programs Manager, Center for Internet Security
Why Your Organization’s Endpoint Data Is Your Greatest Source of Risk
Government agencies and educational institutions are challenged to secure and manage a new kind of hybrid network. Not on-prem and cloud, but work in the office, work from home, work from anywhere. Your organization is more dispersed than ever — leaving you with an incomplete picture of your cyber and data risk.
Start by focusing on one of the greatest challenges you face: endpoint devices. Endpoints have expanded beyond your organization’s perimeter and are operating in the badlands of the outside world. This makes them and the data that is on them ideal targets for cyber attackers. Traditional risk scoring systems do not factor endpoint data and may create a false sense of security. Your organization needs visibility to help break down the data silos and close the accountability, control and resiliency gaps to improve your cyber risk.
Speaker: Gary Buonacorsi, Chief Technology Officer, Chief IT Architect, US State and Local Government and Education
Critical Success Factors in Cybersecurity
Irrespective of whether the organization is public or private sector, any information security management program relies on several requirements and expectations at the organizational level to be successful. The degree of success is dependent upon the extent that these success factors are supported by the organization. This presentation will discuss the nature of these success factors.
Speaker: Michael C Gregg, Interim CISO, North Dakota
How to collaborate Cyber Intelligence and Sharing Cyber Resources
How someone working at a city and county level can better collaborate across the State and Nation.
Speaker: Col. Teri Williams, DHS
Grant Funding to Protect Technology from Cyber Threats
Integrating cyber practices for both givers and receivers of funding. Funding is generally associated with services for residents of your community. Technology plays a critical role in delivering critical services and protecting that technology from cyber threats also requires investment. What are some of the approaches to seek out investment opportunities that defend the technology and protect recipients’ data around social services.
Speakers: Rohit Tandon, CISO, MN; Stephen Ellis, Government Solutions Lead, Zoom
Cybersecurity: Finding Common Ground in the Political Landscape
Cyber Zeros and Ones should not be red or blue. Explaining to your legislatures how technology has a corner stone impact to all citizens. Consumers have a choice to interact with private sector and provide personal data, however in the public sector the data collected is not optional for residents. This should place a higher burden on public sector to protect the sensitive data. There are also public disclosure expectations. (In the event of a data breach – how does the state rebuild confidence). Purpose – describe the why and suggest how.
Speakers: Jacqui Irwin, Assemblymember, 44th District; Chair, Select Committee on Cybersecurity, California State Assembly, DFL; Jim Nash, Assistant Minority Leader, Minnesota House of Representatives, GOP
Networking Lunch in EXPO
Smart Cities / Safe Cities
Protecting citizens, service programs, infrastructure. How can we prepare for the smart cities that both public and private entities are responsible for defending? What are some strategies to ensure there is a good foundation to build on to protect privacy and defend the way of life.
Speaker: Jerry Dreisson, Deputy CIO, City of San Jose, CA
Find. Build. Keep. Opening a Cyber Shop in the Public Sector
How can the public sector find, attract, develop, and retain cyber talent in this competitive market? This session will cover how the Minnesota Judicial Branch and Montana have built their cyber security programs from the ground up, incorporating novel approaches to find talent and cost-effective ways to develop skills, while retaining employees by providing meaningful work in a diverse culture.
Speakers: Andy Hanks, CISO, State of Montana; Gretchen White, CISO, Minnesota Judicial Branch
Public Sector Cyber Insurance
Cyber Insurance for public sector is different from private. Models on how to self-insure, municipal risk pools. Vermont and Nevada are doing self-insurance. Presentation on cyber risk insurance in general and how public sector entities are approaching this issue. Attendees will learn the different approaches public entities can consider for insurance and how some select states and groups work together to share the cost and reduce the risk of cyber incidents.
Speaker: Ryan Spelman, VP Cyber Risk, Kroll
Avoid a Cyber Splash
In this session we will learn about real life examples of attacks to our utilities and SCADA systems. We hope to offer real steps on what the future holds for this important sector and what our public officials are doing to meet this real and rapidly evolving threat to our citizens.
Speaker: Darrell Kesti, Director, Ordr
Introduction to Programmatic Distributed Empowerment for Information Security (“PDEIS™)”
Information security isn’t about information or security as much as it is about people. ALL PEOPLE. Traditional approaches to information security leave the CISO playing a game he/she can’t win while those around them wander aimlessly around the field. Programmatic Distributed Empowerment for Information Security (or PDEIS™) is the method to change the game and put us all in a better position to win.
Speaker: Evan Francen, CEO, Security Studio
Recommendations and Best Practices for Whole of State Governance to Mitigate Cyber Risk
State government leaders must manage risk within a context where authority is distributed across sectors and levels and branches of government. Regardless of the structures and local culture that a governor and state legislature must operate within, they must establish cybersecurity governance that provides the mix of control and influence necessary and appropriate for their state, and that includes mechanisms for mitigating and responding to risk.
Speaker: John Gilligan, President and CEO, CIS: Best Practices in State Cyber Governance
IT Operations: Your Cybersecurity Foundation
Public sector and healthcare sector organizations have been repeatedly targeted by nation-state and ransomware threat actors. Good tools are important, but the best protection against these attacks isn’t extra security products, but a focus on excellence in IT hygiene and IT operations.
Speaker: Andrew Coyne, CISO, Mayo Clinic
Transforming Education and Cyber Operations
As a national leader in energy and agriculture with a significant military footprint, North Dakota’s cybersecurity strategy involves a whole-of-government approach – including training the next generation of cybersecurity professionals. The state’s “PK-20W” Initiative aims to make “every student, computer science and cybersecurity educated, Kindergarten through PHD.” Shawn will talk through a model that can be applied to any state to bring their students to 21st Century Skills while also protecting the economy of the state, data of citizens, and security of all residents.
Speaker: Shawn Riley, CIO, North Dakota
Networking in EXPO