CybersecurityIdaho bolsters the state’s cyber defenses

Published 29 January 2015

Idaho’s director of the Bureau of Homeland Security says that cyber threats remain the most important yet least understood risk to government and the private sector. He has announced plans to tackle that vulnerability in the state. The director of the Bureau says that cybersecurity will never be perfect, which makes it imperative for organizations like the Idaho Bureau of Homeland Security to focus on planning that incorporates not just defense, but also detection and the mitigation of damage that has already occurred.

Idaho’s director of the Bureau of Homeland Security says that cyber threats remain the most important yet least understood risk to government and the private sector. He has announced plans to tackle that vulnerability in the state.

As Government Technology reports, director Brig. Gen. Brad Richy told the Senate Affairs Committee that the potential threats ranged from the defacement and disruption of Web sites to data theft and damage to public services and infrastructure.

Events such as the recent attack on Sony Pictures have revealed the impact that cyberattacks have on every aspect of American life, prompting leaders to question the effectiveness of existing policy.

“The vulnerabilities are extreme,” Richy said. “A breakdown in IT [information technology] services could take it from that sector into our industrial sector, to our water supply or electrical supply.”

In line with that, J. R. Tietsort, the head of Micron Technologies global security, commented that cyberattacks are “a trend that’s been going in the wrong direction for some time.”

Tietsort divides hackers into three groups, each with different interests and agendas.

The first, according to him, are “hack-tivists,” such as those who work under the Anonymous umbrella, and who are primarily interested in vigilante justice or causing embarrassment to an ideological target.

“They’re more of a nuisance than a threat,” Tietsort said, “They’re motivated by a social agenda.”

The second group includes “cyber-criminals.” These groups are primarily interested in the usual criminal activities, such as the selling of goods on a black market, with profit being the primary motive.

Lastly, come nation-states that are interested in serving their own interests through cybercrime.

“[These] are the ones I spend the most time thinking about…They’re typically very well funded and have advanced skill sets. Their motives tend to be military or technological advantages,” Tietsort said. “Hackers are going to look for the weakest link, and attacker with sufficient skill and resources will find gaps through network defenses. As an industry, we’re come to realize that perfect security is an elusive goal.”

The lesson that security will never be perfect is what makes it imperative for organizations like the Idaho Bureau of Homeland Security to focus on planning that incorporates not just defense, but also detection and the mitigation of damage that has already occurred.

“The Bureau is in the process of updating Idaho’s emergency operating plan, providing policies and procedures for state agencies to follow in the event of a major cyberattack,” Richy said.

The state expects their procedural updates to be in place by spring.