© 2021 WKSU
Public Radio News for Northeast Ohio
Play Live Radio
Next Up:
0:00
0:00
Available On Air Stations
Government & Politics

At Cleveland Emergency Management Conference, Cybersecurity Director Highlights Awareness Month

Natarajan.jpg
Cat Langel
/
CISA
Cybersecurity and Infrastructure Security Agency Deputy Director Nitin Natarajan (right) in conversation with Alabama Emergency Management Agency Director Brian Hastings during Thursday's session at Huntington Convention Center in Cleveland.

The non-profit National Emergency Management Association held its annual convention in Cleveland this month. The topics ranged from disaster recovery to COVID-19 to a growing safety concern: cybersecurity.

The keynote speaker at this year’s convention was Nitin Natarajan, Deputy Director of the federal Cybersecurity and Infrastructure Security Agency. He stressed the importance of securing the nation’s electoral systems, power grid, and even water supply against online attacks. And Natarajan says communities need to evaluate how vulnerable their water really is.

“Part of the challenge we're seeing with a lot of systems -- especially smaller rural systems -- is not even having the people with the right expertise to do that analysis. So how do we help provide the tools and the capabilities to help them understand what are the questions that they need to ask?”

Cybersecurity Awareness Month
October is Cybersecurity Awareness Month. Natarajan encourages people to check their own online security, and also hopes young people look into career opportunities in cybersecurity. He says their work covers a broad range of capabilities -- beyond coding and IT.

“It's not just about the zeroes-and-ones coders. In order to keep the cyber mission alive, it takes a broad range of people to help that mission: whether it's looking at financial operations, human capital training, professional development, facilities. All of these types of things that we need to enable our mission to be successful."

This month’s other awareness topics include how to avoid online scams, securing business data, and even how to safeguard mobile devices when travelling.

Stay skeptical
Natarajan adds that it’s important to build awareness of how online scams work, whether they involve the IRS or hospital data or supposed free money.

“The more that we can educate them on understanding these risks at a non-technical level, they're going to carry that to their workplace, to their places of worship, to their friends and family, and can be that catalyst for change that we need to see across the nation. Those entry points are no longer single, isolated places; they're dispersed throughout the nation.”

Front-end security

On the technical side of cybersecurity, the director feels multi-factor authentication will likely be the norm going forward for online users. But on the human side, it’s also increasingly important to ensure that people are aware of how to spot phishing attempts and ransomware," Natarajan said.

“I think one of the things we're trying to do on ransomware is really make sure that we make information easy for folks to access. We launched stopransomware.gov and what it really allows us to do is work across the federal partners – FBI, DHS, and others -- and put all of our information in a single place so people can get the facts on ransomware. It really allows us to communicate with folks in ways that are, hopefully, in non-tech speak but also having the capability to speak to technical folks as well."

Natarajan add that they are trying to cover that spectrum: of policy, strategy, technical knowledge but in a way that connects with the layperson they can take tbetter protect themselves.

Coming of age
But regardless of a user’s age, Natarajan says they’re trying to make information about things like ransomware easy to find.

“I'm really optimistic; we have strong potential to have this entire generation [be] more IT savvy. If we can get them the right kind of ‘paranoia’ with cybersecurity, I think with cybersecurity we can really help them change that landscape as we go ahead. They're not going to accept that level of risk. They're not going to accept mediocre products or things that are not built in secure ways -- I think in ways which our current generation is just not experienced to do.”

An online tool kit – in several languages – is available here.