On July 29, 2021, Governor Hogan hosted the Annapolis Cybersecurity Summit, a convening to discuss key trends and topics surrounding cyber threats to federal, state, and local governments, and private sector critical infrastructure threats. Throughout the three panels, four common threads stood out:
Private-public partnerships are critical: While important to success globally, this is particularly true in Maryland. We have a rich ecosystem of cybersecurity companies, academic institutions, and federal agencies, and collaboration across the ecosystem is needed to protect federal, state and local systems. An example provided was the NSA’s Cybersecurity Collaboration Center, created specifically to connect intelligence leaders with commercial data and industry insight. On July 29, CAMI and leaders in cybersecurity and telecommunications met with Senator Katie Fry Hester to discuss the Maryland Cyber Commission’s efforts to improve the security posture of our state government. This meeting highlighted the Commission’s recognition that industry partnership starts during policy development rather than implementation.
Standardization and coordination are pivotal steps: The summit echoed bipartisan efforts at the federal to encourage data sharing and consistent guidelines. There was less consensus on nuanced issues, including guidance for ransomware payments and prosecuting cyber crime, but there was clear support for standardization. The great news is that there are some gold standards for a holistic approach, like the NIST Cybersecurity Framework; while aimed at industry, CSF could be a great framework for state and local governments to coordinate and adopt standard cyber hygiene.
You’ve got to secure the supply chain: High-profile supply chain incidents have consistently made headlines. Kevin Perkins, Senior VP and Chief Security Officer at Exelon, took the opportunity at the Summit to share our exciting partnership. Together, we are connecting Exelon’s vendors to a network of business coaches and advisors who can help vendors build their security programs and successfully complete the required assessments. Additionally, the need to create secure software -- bolstering security before it goes to market-- was identified as a key step to securing the supply chain. Trade organizations, like ACT| The App Association, are providing great resources for their members to secure their code.
The cybersecurity workforce shortage is a matter of national security: This is a big one; nearly every speaker discussed how the lack of a skilled workforce is a challenge to a strong security posture. Maryland is home to 17 National Centers of Academic Excellence in Cybersecurity, and it’s wise to invest in their growth. One initiative that was announced yesterday was the Maryland Institute for Innovative Computing at UMBC, an initiative to connect students and faculty with state and local government leaders to address pressing challenges in cybersecurity, artificial intelligence, and more. But we must look beyond traditional academic programs to build the cybersecurity workforce pipeline. As cited at the Summit, workforce training programs can train the technical skills needed for many entry level positions (Security Operations Center analyst, penetration tester, etc.). When resources are invested to scale programs that successfully connect cybersecurity training programs with industry needs, everyone wins; individuals achieve financial stability through meaningful careers, and our essential services and critical infrastructure are more secure.
The comprehensive list of initiatives launched at the Annapolis Cybersecurity Summit on July 29, 2021 can be found here.