Cyber Circuit – November 2022

Updates from the Resource Center for State Cybersecurity team, November 30, 2022


You’re Invited! Webinar: Zero Trust in Practice

Thursday, December 1, 2022 | 3:00 – 4:00 P.M. EST

Many cybersecurity professionals consider the Zero Trust framework the gold standard for implementing a strong information security practice. One of the reasons Zero Trust is held in such high regard is its multi-faceted approach that combines metrics from devices, networks, data, applications, and user identities to dictate access to business resources. Although Identity is one of the five pillars in NIST and CISA’s foundation for Zero Trust, Identity is the cornerstone that determines the success of any Zero Trust implementation. Please join the National Governors Association as we host Shane Dwyer, CISO for the State of Iowa; Adam Ford, CISO for the State of Illinois; and Mitch Spaulding, Senior Solutions Engineer at Okta, to discuss the importance of Identity in the Zero Trust model, the successes that the States of Iowa and Illinois have seen after solving for the Identity pillar of Zero Trust, and future use cases for Identity in their states.

Speakers:

  • Shane Dwyer, State Chief Information Security Officer, Iowa
  • Adam Ford, State Chief Information Security Officer, Illinois
  • Mitch Spaulding, Senior Solutions Engineer, Okta

For more information please contact Casey Dolen, Senior Cybersecurity Policy Analyst, at cdolen@nga.org.


Cybersecurity Resources


State Cyber Scan

South Dakota governor bans state employees from using TikTok on government devices | CNN November 29, 2022

In response to the growing national security threat posed by China, South Dakota Governor Kristi Noem signed an executive order banning state agencies, employees, and contractors from using TikTok on government devices. Noem is the latest lawmaker to urge for a crackdown on TikTok.


Governor DeWine announces formal selection of Ohio National Guard Unit for new Cyberspace mission | Crawford County Now November 28, 2022

Ohio Governor Mike DeWine announced this month that the Department of the Air Force has formally selected the 179th Airlift Wing in Mansfield, Ohio to become the Air National Guard’s first cyberspace wing. Ohio’s Adjutant General, Major General John C. Harris Jr., sees this new mission as critical to attracting Ohio’s best and brightest toward military service and continuing to improve the state’s leadership in cybersecurity and advanced technology.


Are We Building Cyber Vulnerability into EV Charging Infrastructure? | Route Fifty Law November 21, 2022

As electric vehicle infrastructure expansion is ramping up nationwide, there are concerns that cybersecurity isn’t getting the appropriate level of attention. A recent study by Sandia National Laboratories outlined potential issues, such as hackers accessing charging stations to overload the grid or shutting them down by tricking them into thinking they have drawn all the energy needed. There are also concerns that the cloud services used to manage charging stations could be vulnerable to attacks, or that criminals could also use credit card skimmers to steal drivers’ personal information, as they do now on standard gas pumps.


Biden Lays Path to Cyber Regulations for Critical Infrastructure | Bloomberg Law November 21, 2022

The Biden Administration is continuing to release updated cybersecurity guidance and requirements aimed at better protecting the critical infrastructure sectors. The chemical sector is the latest focus, with the administration advancing its “Chemical Action Plan” in an October statement. While most of the guidance released to date has been voluntary, it is predicted that the government will eventually shift toward a more enforceable approach.


MSU receives $4.47 million award for project improving cybersecurity | NBC Montana November 19, 2022

Montana State University was awarded a three-year, $4.47 million contract with the Department of Homeland Security to lead a new effort to reduce software vulnerabilities across a wide range of systems. The project will draw on advanced computing and data science techniques to develop innovative tools for identifying computer code that could be exploited by cybercriminals or foreign adversaries.


How One State’s Phishing Training Evolves With Threats | Route Fifty November 18, 2022

The Indiana Office of Technology (IOT) is providing state employees across over 100 agencies with phishing and cybersecurity awareness training every month. The state regularly tweaks the email templates it uses for its phishing trainings to ensure employees do not become too familiar with them and to leverage the latest news that may inspire scammers. IOT can then evaluate exercise outcomes to determine if any phishing techniques should be revisited. The trainings are also tailored to the different file types that individuals are exposed to in their day-to-day work and adapted to text messages and social media.


Texas signals potential changes to cybersecurity policies | StateScoop November 17, 2022

A biennial report recently published by the Texas Department of Information Resources lays out recommendations it plans to present to state lawmakers, including creating new cyber incident reporting requirements for local governments and school districts, requiring government entities to adopt the .gov domain, allowing information security officers to serve as joint officials presiding over several jurisdictions, and establishing a statewide chief privacy officer role.


US States Announce $16M Settlement With Experian, T-Mobile Over Data Breaches | SecurityWeek November 8, 2022

Attorneys general in 40 states have reached a settlement totaling more than $16 million with Experian and T-Mobile over data breaches suffered by the companies in 2012 and 2015. As part of the settlement announced this week, Experian is required to implement a comprehensive information security program and T-Mobile must strengthen third-party oversight to ensure its vendors protect their customers’ sensitive data.


CYBER.ORG Range Announced Alongside Governor John Bel Edwards of Louisiana and Jen Easterly, Director of Cybersecurity and Infrastructure Security Agency (CISA) to Strengthen the Future U.S. Cybersecurity Workforce | Business Wire November 7, 2022

On November 7th, CYBER.ORG, Louisiana Governor John Bel Edwards, and Cybersecurity and Infrastructure Security Agency Director (CISA) Jen Easterly announced the expansion of the CYBER.ORG Range – a no-cost, safe, virtual environment for K-12 students to learn cybersecurity skills – to students nationwide. CYBER.ORG is a workforce development organization funded by CISA’s Cybersecurity Education and Training Assistance Program grant and an initiative of the Cyber Innovation Center.


National Guard to offer midterm elections cybersecurity help | Politico November 4, 2022

In preparation for the 2022 midterm elections, National Guard cybersecurity experts were positioned to offer assistance to 14 states across the country: Arizona, Colorado, Connecticut, Delaware, Hawaii, Illinois, Iowa, Louisiana, New Mexico, New York, North Carolina, Pennsylvania, Washington, and West Virginia. Overall, there are 38 cyber units within the National Guard as a whole, which provide support to state and local officials on issues including network assessments and risk mitigation.