August 20, 2018
Technology

CT cybersecurity czar continues to sound the alarm

HBJ Photo | Matt Pilon
HBJ Photo | Matt Pilon
Arthur House, state cyber security risk officer, speaks at a recent event in East Hartford.
Matt Pilon

It can be unsettling to hear what Connecticut cybersecurity czar Arthur House has to say, and he probably wants it that way.

House, who is approaching the two-year mark as the state's first-ever cyber security risk officer, says that unless something changes quickly, many signs point to a major cyber attack on U.S. infrastructure in the not-so-distant future.

His message is that we're not safe and most government agencies and industries aren't taking the requisite, sometimes costly steps to decrease the odds of an attack.

"I have no idea how to shake loose those who are still complacent," House said during a recent panel discussion in East Hartford organized by the Connecticut Center for Advanced Technology (CCAT). "Some say it's not going to happen until there's a cyber '9/11.' "

The CIA, White House, municipalities and major companies have all been hacked. Just prior to CCAT's July 25 forum, the Wall Street Journal, citing the Department of Homeland Security, reported that hackers had breached the control rooms of U.S. utilities in 2016 and 2017 — gaining access through the utilities' vendors — and could have caused power blackouts if they desired.

Such an attack could be a major disaster, and House suspects that states may be left largely on their own to deal with the impact.

One way hackers gained access was through "spearfishing" emails, duping employees to click on email links that can install malware. Officials say that people remain one of the weaker links in cybersecurity defense.

Despite the warning signs, most government agencies and businesses have no cybersecurity strategy in place, House said. Connecticut, however, has been more proactive than many states on its utilities' cybersecurity.

House acknowledges the corporate world's "visceral opposition" to regulation, such as mandating cybersecurity audits, but he thinks that's coming, whether it's voluntary or not.

"Take your pick, it's going to happen," he said.

Vanessa Richards, Assistant U.S. Attorney for the District of Connecticut, who also spoke at the CCAT event, said there are many challenges on the law enforcement side.

Cybercriminals are often based in other countries, which makes them hard to catch. Companies can also be wary of reporting potential breaches to authorities, for fear of regulatory or customer backlash. She urged businesses to suppress that fear. Coming forward generally looks better to the public and authorities alike.

"If we don't know about it, we can't combat the threat," Richards said. "Don't be afraid of us."

A lot depends on the scale and nature of your business, but the panelists had this advice for a few steps you can take to boost your cybersecurity:

• Consult the professionals. Have an IT security firm assess your systems for weaknesses.

• Figure out in advance the immediate steps you'll take if breached.

• Know contact details for the local FBI or U.S. Attorney's Office.

• Seek out whether your industry has a so-called Information Sharing and Analysis Center (ISAC), which are sector-based nonprofits that enable companies to share information and benchmark themselves against their peers.

• Weigh the potential benefits of a cybersecurity insurance policy.

Comments
ADVERTISEMENTS
Most Popular on Facebook
Copyright 2017 New England Business Media