By Ashleigh Stayton
The USC Price School of Public Policy hosted a policy forum on Nov. 16 in Sacramento to address issues of cyber security and the safety of our state. As technology advances, it’s critical to understand how California’s government is adapting and responding to cyber security threats.
More than 70 attendees participated in the event including USC students, alumni and faculty, as well as professionals representing a variety of California state departments, ranging from Government Operations to the Office of Technology to the Department of State Hospitals.
Panelists included Mark Ghilarducci, Director, California Governor’s Office of Emergency Services; Amy Tong, Director and State Chief Information Officer, California Department of Technology; Peter Liebert, California Chief Information Security Officer and Director of the Office of Information Security; and Clifford Neuman, Director, USC’s Center for Computer Systems Security — all of whom are leading the charge in continuing to highlight cyber security as a top-tier issue area.
Both business and government organizations are finding it increasingly difficult to keep pace with the rapidly evolving cyber threat landscape. Threat actors, their tactics and techniques, and the low barrier to entry, combine to present ongoing challenges.
The panel discussion offered an overview of various levels of cyber threats and how each has a growing impact and frequency. Expanding on these relevant truths, panelists centered the conversation around the question “What do we do next?” and recommended streamlined approaches to implementation of higher security programing as well as need to create strong and resilient public policies.
Panelists noted that they are looking at a holistic approach to keep California’s information safe. Specific examples included a significant emphasis on training employees to understand the relevance of cyber security and the possible outcomes of irresponsible online activity. Because breaches typically occur from very small vulnerabilities, the process of educating employees offers an opportunity to decrease those vulnerabilities.
The discussion of data storage was also highlighted, and panelists agreed that it is important to identify what data can and should make public and what information needs to remain confidential to be secured with the highest protection. Also, there should be an effort to identify what data and information aren’t needed to operate and eliminating that information to once again place importance on protecting the data that matter most.
One panelist shared that, “it is not about how much money you spend or how secure your information is, it is about being able to respond in the case of a threat and having the education to eliminate threats and breaches by providing a good training program that builds the culture of preparedness and understanding within your organization.”