Tuesday, August 18, 2015

Cybersecurity & Civic Hacking # 11: What If There Is No NE Wisconsin Collaborative Cybersecurity Initiative?

This blog has numerous posts discussing cybersecurity and civic hacking. A collaborative regional cybersecurity initiative has been proposed for launch in 2015, or 2016 at the latest. The posts highlight bad digital security situations that will get much worse in our region if we don’t launch this initiative for NE Wisconsin. My words can be, and probably are, seen completely or mostly as ‘Boy Cries CyberWolf,’ or the rantings of a Cyberspace Chicken Little.

But I wholeheartedly agree with the July 2015 article in The Guardian that said, “Companies are nowhere near prepared for it. Neither are the Feds...“A slow-moving train wreck,” one executive said. Forget about coordinating with each other or the Feds: companies don’t even know how to deal with their own hacks, never mind worry about someone else’s…”

So what do I think will happen if we don’t launch the NE Wisconsin Cybersecurity initiative and intentionally build next-generation regional cybersecurity expertise here?

There are three type of impact to consider

  1. How will people in NE Wisconsin be impacted when the ‘slow-moving digital train wreck’ happens?
  2. How will companies in NE Wisconsin be impacted when the train wreck happens? 
  3. How will people throughout the US be impacted when the train wreck happens?

As of August 2015, the ‘1% of companies that can identify and afford to pay for effective cybersecurity teams and products, and the minority of internet users literate enough to jump through the hoops needed to be safe online’ are dispersed throughout the US and the world. Many regions of the US have a higher concentration of tech companies and much stronger tech communities than NE Wisconsin does (more of the 1% companies and individuals), which will translate  into decreased regional impact from cybersecurity issues. Consumers and businesses in NE Wisconsin will be much worse off than those regions with a higher cybersecurity IQ.

Below are specific ways people and organizations will be impacted.

NE Wisconsin Consumers
  1. People are unable to identify or afford adequate security for their computers, smartphones, cars and homes. They suffer losses or use fewer up-to-date connected devices because of inadequate cybersecurity in NE Wisconsin, which is measurably worse than in better prepared regions of the US.
  2. Credit and debit card fraud means increasingly frequent card reissue and accompanying hassles.
  3. Identity theft requires frequent straightening out of a myriad of documents and accounts.
  4. CryptoLocker and other ransomware cause increasing loss of files or continuing ‘ransom’ payments.
  5. Increasing cyberlosses due to skimmers in gas pumps and ATMs.
  6. Electronic access security flaws result in increasing theft of items from cars, garages and homes, as well as increased car thefts.
  7. Health care problems are caused by attacks on hospital and Electronic Health Records systems (billing, misdiagnoses, delays for treatment, health problems caused by taking wrong meds, hassles to figure out or straighten out records).
NE Wisconsin Economy
  1. Per capita income decreases.
  2. Unemployment increases.
  3. Tech people (college students, young workers, workers at tech companies, tech workers at non-tech companies) leave the region to live and work where they can learn about and have improved cybersecurity.
  4. Businesses close in our region at higher rate than in more secure areas of the country.
  5. Companies highly dependent on digital world and the Internet leave the region (insurance, banking, web development).
US Economy
  1. Cyberattacks and cyberlosses increase significantly.
  2. Frequent Internet outages.
  3. Groceries, gas, clothes and most consumer goods costs more.
  4. Shortages occur for consumer and industrial goods due to shipping system problems, manufacturing problems and general economy slowdown.
  5. Profits decrease for most companies due to digital security issues.
  6. More businesses shut down due to major digital losses.
  7. Cyberinsurance and more expensive cybersecurity systems become legal requirements for US companies.
  8. Job losses spike because of business shutdowns, digital attacks and cyberlosses.
  9. DHS and NSA are given more legal authority because of digital attacks. In an attempt to figure cybercrime and real-world crime, US government surveillance limitations and personal privacy become just a fond memory.

Some of the above impacts will gradually occur over the next five to ten years. Some of them, like large spikes in unemployment, frequent consumer goods shortages and widespread transportation problems will only occur if we have major digital attacks.

But we need to start on the NE Wisconsin Cybersecurity Initiative NOW because it will take several years to get the program under way. The longer we wait to launch the program, the less effective it will be.

One collaborative regional approach to an epic problem that needs action which is not forthcoming from the state or federal government is the approach taken by the Southeast Florida Regional Climate Change Compact. Maybe we could use the Southeast Florida approach for educating NE Wisconsin community leaders and influential people about how cybersecurity will impact our region and why the proposed digital security initiative will minimize that impact. The excerpt below is from the article “Pioneering Climate Resilience...Through Regional Action” published on August 19, 2015, on the Christian Science Monitor website.
“...the Southeast Florida Regional Climate Change Compact is considered a national model for the kind of shoulder-to-shoulder effort needed to address the problem. They came up with an agreed estimate of sea level rise and identified the most
vulnerable areas of the region, and now are plowing through more than 100 recommendations for action. 
“There are no new funding sources coming down from the state or the Feds,” says Susanne Torriente, assistant city manager for Fort Lauderdale, one of the participants of the compact. “Would it be good to have state and federal dollars? Yes. Are we going to wait until they act? No.” 
Their cooperation was born, essentially, on the back of a napkin. Kristin Jacobs, now a state representative who was a Broward County commissioner in 2008, was lamenting at the time that the 27 disparate municipal water authorities in the region could not agree on joint action. So she and others came up with the idea of getting local officials together in a classroom. 
“We said, ‘Let’s have an academy,’ ” she recalls, and the Broward Leaders Water Academy began offering elected officials in South Florida six-month courses in water hydraulics and policy...”
Climate change is a topic somewhat like cybersecurity -- a difficult-to-prove issue that some people believe is real and others believe is nonsense. Below is a fictional re-write of the above article, addressing cybersecurity in our region rather than anthropogenic climate change in SE Florida.
Northeast Wisconsin Regional Cybersecurity Compact 
The Northeast Wisconsin Regional Cybersecurity Compact is considered a national model for the kind of shoulder-to-shoulder effort needed to address the problem. They came up with an agreed plan to tremendously improve the cybersecurity of consumers and organizations in the region, and now are plowing through more than 100 recommendations for action. 
“There are no new funding sources coming down from the state or the Feds,” says John Johnson, assistant city manager for the City of Middle Chute, Wisconsin, one of the participants of the compact. “Would it be good to have state and federal dollars? Yes. Are we going to wait until they act? No.” 
Their cooperation was born, essentially, on the back of a napkin. Bob Waldron, a TIME community advocate (Tech, Innovators, Makers, Entrepreneurs), was lamenting at the time that the 49 disparate community and college leaders in the region could not agree on joint action. So he and others came up with the idea of getting local officials together in a classroom. 
“We said, ‘Let’s have an academy,’ ” he recalls, and the NE Wisconsin Leaders Cybersecurity Academy began offering community and college leaders three-month courses in personal, organizational, and regional cybersecurity…”
What should YOU do regardless of whether this cybersecurity initiative is launched and regardless of whether a digital train wreck occurs? In the early days of personal computers, users were warned to back up files because hard drives could crash or virus could corrupt or delete files. Most people didn’t backup like they should have in those days. Most people today still have lousy cybersecurity. But much more of our lives are digital now compared to the early days of PCs, so not following basic digital security good practices can hurt you much more in 2015. Here are my top four recommendations to make sure your personal cybersecurity is as good as the top 1%.

  1. Begin with a backup of all digital personal files this weekend and update that backup monthly. This includes contact list info (phone numbers, addresses, etc), photos, financial documents, and all other digital information you don’t want to recreate from scratch.
  2. The next step is to do a personal digital audit. Part of that audit is making a hardcopy of all your personal financial information.
  3. Find a reliable and highly knowledgeable company that provides personal cybersecurity services and work with them to ensure that all your digital devices have the best security you can afford.
  4. Develop a written plan for how you’ll cope if your are forced to live your life for several months without digital devices and without access to your digital information.

I won’t even try to make a list of what businesses should do to prepare for cybersecurity problems. That’s way beyond my pay grade...

WE CAN change the situation. Let’s take personal responsibility to improve things in our cities and our region.

If you feel the NE Wisconsin Cybersecurity proposal should become reality and you want to see it happen, please share a link to this post with everyone you know and encourage them to support the proposal. We need the Right Influential Person to hear about this cybersecurity proposal.

If you’re a community leader or an influential person in NE Wisconsin who can in some way help this cybersecurity program get launched, please contact me, and we can start defining Next Steps to make it happen.

-----------------------------------

DHMN Civic Hacks posts about 'Cybersecurity & Civic Hacking':
C&CH # 01: "Cybersecurity: A New Horizon For Civic Hacking?"
C&CH # 02: “Cybersecurity & Civic Hacking # 2: Public Wi-Fi
C&CH # 03: "Cybersecurity & CH # 3: The Right Person / Topics Of Interest"
C&CH # 04: "Cybersecurity & CH # 4: Malware"
C&CH # 05: “Cybersecurity & CH # 5: Even Cybersecurity Companies Get Hacked!
C&CH # 06: "Cybersecurity & CH # 6: How Cybersecure Is Your Car?"
C&CH # 07: "Cybersecurity & CH # 7: Data Breaches"
C&CH # 08: "Cybersecurity & Civic Hacking # 8: Hype or Reality?"
C&CH # 09: “Cybersecurity & Civic Hacking # 9: Digital Attacks On Hardware
C&CH # 10: "Cybersecurity & Civic Hacking # 10: NE Wisconsin Cybersecurity Proposal"
C&CH # 11: This post, published August 18, 2015

-----------------------------------

Writing this post was challenging, depressing, frustrating, and fun. My mind kept bouncing between “this is a waste of time because a digital train wreck will never happen” and “this is depressing because the train wreck is happening and nobody in NE Wisconsin can see it.” At times it felt like I was writing the outline for a cyberthriller novel, while the next moment it felt like I was project manager of the NE Wisconsin Cybersecurity Initiative writing the project proposal section titled “Consequences Of Not Approving Project”. During my research for this post, I even read an article that began with the sentence, “Have you ever had a “must do” project fail to get funding even though you knew it was a winner?” At the end of my vacillations, I found myself back where I started when I wrote the first cybersecurity post:

This is a serious problem we can and should work to address, but the history and culture of NE Wisconsin tells me there will be no action taken to create a regional cybersecurity program.

This is my last post about cybersecurity and civic hacking. I could be totally wrong about the train wreck and NE Wisconsin being worse off than other parts of the US. It will be interesting to see the state of cybersecurity in ten years.



*****

1 comment:

  1. Many of my acquaintances are worry about their business data security and make virtual data rooms comparison to find out which one is better. Having read this post I understand that there is no way to get 100% protection.

    ReplyDelete