When May’s WannaCry ransomware attack hobbled businesses and institutions in more than 150 countries, industries across the globe were forced to take a cold, hard look at the lamentable state of critical-system security. Hospitals, transportation systems, financial firms and others were caught flat-footed because they had failed to apply basic patches to outdated Windows systems.
Organizations like the International Society of Automation (ISA) have been advancing secure systems design and maintenance, often working quietly in obscure quarters to shore up proliferating vulnerabilities. I am proud to have played a role in this cause recently as one of ISA’s few certified security instructors leading coursework for the National Guard’s Cyber Shield 17 Exercise.
Now an annual event, the National Guard contracted with ISA again this year to provide a combined course in cybersecurity design and implementation, and operations and maintenance. From April 23 to May 5, more than 800 service members and civilians convened at Camp Williams in Utah to train on network defense, forensic analysis, mitigation, incident response and more through interagency cooperation and collaboration. A guiding principle for Cyber Shield is teaming defense agency personnel with civilians to share and learn across the security landscape. The exercise was a model of collaboration on the part of Marines, sailors, reservists, academics and corporate specialists. This short video by ISA nicely sums up the 2017 program.
3eTI was one of several vendors supporting ISA at Cyber Shield, providing resources and equipment for the cybersecurity courses. Qualified instructors for this year’s program were, as in the past, selected from top and highly trusted organizations including AE Solutions, Kenexis, Red Trident — and now 3eTI.
Moreover, the National Guard must vet and approve recommended instructors. My selection for a second tour was a privilege and a source of pride.
I mention this to underscore the importance of interagency and standards-based initiatives like Cyber Shield if our critical systems are to stand a chance against cyber warfare and crime. Such collaborations are not quick and easy. They are time and resource intensive. They demand extensive planning and deep commitment. And they are worth it.
Cyber Shield, as Lt. Col. Henry Capello put it speaking of last year’s exercise, “Cyber Shield is a premiere exercise the National Guard Bureau hosts for all 50 states and four territories to bring in their cyber defense operation elements, which helps us protect both the Guard-Net and the state’s…critical infrastructure and networks.”[i]
Network operators in the private sector are now challenged, more than ever before, to model the example set by Cyber Shield in guarding our critical systems. Threats like WannaCry, and its inevitable variants, would stand no chance against defenses this thorough and well-coordinated.
[i] US Army, “Cyber Shield 2016 expands training opportunities,” Stephanie A. Hargett, April 25, 2016.
––
Article by Sunny DeMattio