DETROIT — When it comes to cybersecurity, Gov. Rick
Snyder is not only a leader, he’s also a victim.
Snyder told reporters Monday at the North American
International Cyber Summit that his identity was stolen before
he became governor.
“I started getting dunning notices for a cell phone I never
bought,” Snyder said at the event at Cobo Center. “I learned I
had an apartment in Washington, D.C. that I never had.”
Snyder said he also once discovered malware in a computer
in his home he’d given to his children to use. “It turned out a
Korean version of DOS was running in the background, doing
processing work,” Snyder said. “I had to call in tech support
on that one.”
Of course, incidents like that are child’s play compared to some of the real threats out there. And that’s why nearly 1,000 people gathered at the fourth annual summit, sponsored by the governor’s office and managed by The Engineering Society of Detroit.
Speaker Ben Cotton, president and CEO of CyTech Services,
talked about how his company detected a hack of the
personal information of 22.1 million people through the
federal Office of Personnel Management.
Cotton said OPM was interested in upgrading its security
system, and he switched on his company’s product — and discovered three unknown executable programs masquerading as McAfee antivirus software.
“And that was a problem,” Cotton said. “I know what the McAfee executables are supposed to look like. They’re in my ‘good’ bucket. The second problem was that this agency wasn’t using McAfee, it was using Symantic. In about three hours, we had FBI teams crawling all over the premises … We were completely done with our part of it in nine days.”
That kind of fast response to cyber breaches, Cotton said, “should be a goal for everyone.”
Cotton said too many companies’ response to cyberthreats is like old maps that showed dragons in places that hadn’t yet been mapped — “here by dragons.”
Other speakers stressed the need for open communication about threats and breaches, and continuing education for users so they don’t become victims.
“Our greatest risk is still the human being” using the network, Snyder said.
Snyder also praised university cybersecurity programs, specifically mentioning Ferris State University, and noted Michigan’s moves in creating the Michigan Cyber Range to test the security of systems and the Michigan Civilian Cyber Corps to respond to threats against infrastructure.
In opening the conference, Detroit CIO Beth Niblock noted
that “Michigan is consistently held up as a leader of
cybersecurity” due to the “relentless focus” of state
government.
And it had better, she added. “Ransomware attacks were up
113 percent last year,” she said. “Identity theft is at an all time
high. Now, when you buy credentials on the dark web, they’re
guaranteed to work or you get your money back.”
Speaking as a panel moderator, Barbara McQuade, U.S. Attorney for the Eastern District of Michigan, said the private sector has legitimate concerns about the theft of intellectual property that must be addressed.
And U.S. National Guard Gen. Reynold N. Hoover said the Guard is establishing 10 Cyber Protection Teams across the country to boost infrastructure and government security.
Also speaking on a panel, Peter Romness, cybersecurity solutions lead for U.S. public sector accounts at Cisco Systems Inc., likened cybersecurity to driving. He said driving can also be a risky endeavor, but society has developed rules to regulate it and make it much more safe than it would be otherwise. Likewise, he said, everyone loves the convenience of online services, and “there is no putting that genie back in the bottle.” But we also have to develop rules and regulations for safety online.
