Editor’s note: The following commentary appeared on TheDailyRecord.com on November 20, 2015.
By Donald C. Fry
It seems a month doesn’t go by that yet another news story doesn’t surface about a cybersecurity attack on a company or government agency with sensitive private information accessed or stolen.
It’s a significant privacy and security issue which experts say is only likely to grow as criminal minds and foreign agents continue to develop or leverage fast-changing software and other technologies to mine their way into the databases of businesses and government agencies alike.
At the moment at least, there seem to be few safe harbors from this growing threat as we become fully entrenched in what some call the “Internet of Everything Era.”
President Obama has stated that cybersecurity is one of the most serious economic and national security challenges that the U.S. faces, but one we are not adequately prepared to protect against or respond to.
To read the headlines and listen to statements like the president’s, it is easy to think that this problem only sits on the shoulders of American industry and the federal government.
But cybersecurity is a vexing issue facing state governments as well.
There are all kinds of databases on Maryland government networks with sensitive personal information.
Add to this worry the potential for a cyberattack to disrupt key state or local infrastructure elements, such as water, emergency services, or transportation, and one can begin to understand the stakes, notes Amjad Ali, DSc., Associate Vice President and Cybersecurity Adviser to the President’s Office at the University of Maryland, University College.
A major disruption in any of these in Maryland would not only set off public alarm, but could have a serious effect on state or local economies, he says.
That’s the harsh reality for state government as well as our state’s business and industries.
Luckily for Maryland, a new state advisory panel that I agreed to serve on – the Maryland CyberSecurity Council – has been formed and begun meeting to take a hard look at the protections Maryland has in place and may need to avoid a cyberattack that seeks to access private information or disrupt key infrastructure sectors.
Chaired by Maryland Attorney General Brian Frosh, the council will, among other tasks, identify gaps in the state’s readiness to thwart cyber attacks and recommend plans to respond to one that may cause infrastructure disruptions.
In other words, the panel must answer the question: What is the state of cybersecurity readiness in Maryland?
The panel is made up of an impressive array of high-caliber minds and experience from the public and private sectors, including some of the leading legal and cybersecurity firms based in the state.
The business sector’s voice on the council should prove invaluable with insights and ideas as many companies now find themselves on the forefront of protecting themselves and customers from cyber threats on a daily basis.
In addition, this smart group will be working with the National Institute for Standards and Technology (NIST), which has been taking a leading role nationally in helping to address the cybersecurity issue.
All in all, the new cyber council appears well positioned to take on some very complicated tasks. The first of these will be, as mentioned earlier, indentifying which infrastructure sectors in the state are at the greatest risk of cyberattacks and thus need addressing. This risk assessment phase will help answer the readiness question, and may prove eye opening to all.
Several independent outside organizations have already taken a look at states nationwide when it comes to cyber security readiness and found, regrettably, that most are lacking.
Maryland, however, is ahead of the pack, some studies have found.
A study by the Pell Center for International Public Relations and Public Policy at Salve Regina University in Rhode Island notes that Maryland is “among U.S. states leading the cyber pack.”
The Pell State of the States on Cyber Security study found that while Maryland had some areas to address, including the need for a complete strategic cybersecurity plan, it had a number of strengths to build on, including the fact that the Maryland Department of Information Technology has taken a proactive approach to the issue.
“Maryland has become a valued contributor to national cybersecurity and a trendsetter among the states leading the cyber pack,” the Pell Center report notes.
All of this is not to say that the advisory council doesn’t have some difficult work ahead of it as there is a strong need to put Maryland on an even stronger footing as the cyber threat grows.
Among cyber professionals Maryland is often considered the “epicenter of cybersecurity,” due to the fact that a number of leading federal agencies and departments are based in the state, such as the National Security Agency, U.S. Cyber Command, and a critical mass of private cybersecurity firms, notes Ali of UMUC. He also provides administrative support and expertise to the Maryland CyberSecurity Council.
The council’s work is therefore doubly important, Ali notes. Maryland needs to protect and enhance this “epicenter” reputation. Doing so will help drive more cyber jobs, firms, and business transactions in the state, Ali says.
The deep bench of expertise and experience on the council will no doubt keep that front and center as it seeks to not only keep Maryland running ahead in the cyber pack, but also setting the standard for other states to follow when it comes to the state of their own cybersecurity readiness.
Donald C. Fry is President and CEO of the Greater Baltimore Committee and a regular contributor to The Daily Record.