skip to Main Content

MERIT

NEWS
MMC 2022 Panel: Public Entities Can Help Each Other Stay Cyber-Safe through Partnerships

One thing that public entities have going for them when it comes to cybersecurity is the ability to collaborate.

That key message came from a panel discussion today at Merit Member Conference 2022, this year’s gathering of Merit Members. On hand as panelists were:

  • Sol Bermann, chief information security officer for the University of Michigan
  • Deborah Blyth, executive strategist for CrowdStrike and former chief information security officer for the state of Colorado
  • Art Thompson, chief information officer for the city of Detroit

“I’m hearing a lot about the need for partnership,” Blyth said, noting that many states are trying to figure out how to help under-resourced K-12 schools and local libraries be better prepared. “States are wanting to create whole-of-state approaches.”

Blyth knows well what can happen when an attack makes it through the defenses: She was on hand for a successful ransomware attack against Colorado’s Department of Transportation in 2018 that generated headlines.

Thompson said when external actors find one thing that works against one entity, they will go down a list of similar entities looking to find the same kind of hole.

“I hope I’m not No. 1 on that list,” he said. 

Public entities can “learn from the other person at the table,” Thompson said. “I want to find that partner because I don’t have infinite resources.”

In Detroit’s case, it has a coalition of other city CISOs it collaborates with and learns from. If one city experiences something, others can immediately prepare themselves by getting relevant software patches and tools to fight similar attacks on their own systems.

Similarly, the University of Michigan can tap into its relationships with other Big Ten schools. Bermann said they meet monthly to share data and collaborate on purchases, processes and documentation. “The partnership thing is absolutely huge.” 

States and the public sector are often better at this than the private sector because they’re more willing to share, he said, urging Merit Members to “triple down on partnerships, even if they’re hard to find or are not built-in like the Big Ten.”

Merit Members can take heart in knowing they already belong to a partnership of almost 400 entities that can share information and compare notes with each other.

A few other takeaways from the panel discussion:

  • “Dust off” your incident response plans, keep them current and practice them, panelists said.
  • “Never waste a good crisis,” Thompson said. When something happens, use it and learn from it.
  • Have a well-oiled backup process going. That along with a solid incident response plan is what saved Colorado’s Department of Transportation, Blyth said.
  • Never forget the basics. It still, despite the increasing sophistication of attackers, comes down to tried-and-true practices like keeping your software updated and patched, Bermann said.

MMC 2022, is underway in Dearborn today and tomorrow and is the first in-person version of the annual membership gathering since the pandemic began.

###

You need to login to contact with the Listing Owner. Click Here to log in.