CDSA

CPS 2019: Time to Protect Your Networks … and the Government Can Help

UNIVERSAL CITY, Calif. — Media and entertainment companies need to step up their cybersecurity initiatives and all too many organizations still don’t even have incident management plans, according to industry experts from the Department of Homeland Security (DHS), the city of Los Angeles’s LA Cyber Lab, the Media & Entertainment-Information Sharing and Analysis Center (ME-ISAC) and the National Technology Security Coalition (NTSC).

After all, cybercrimes are on the rise and, each year, the number of companies that fall victim to ransomware, business email compromise, data breaches and other cyber-attacks increases sharply. These attacks cost companies billions of dollars in losses every year. Luckily, there are many things organizations can do to protect their networks and data.

And there’s really no excuse for companies to not make efforts to boost their cybersecurity initiatives anymore — especially now that the government is offering help, often for free, the industry experts said Dec. 4 during the panel presentation “Government Resources to Protect Your Networks” at the Content Protection Summit.

The panel of experts provided attendees with resources that are available from their respective agencies that will help companies improve their security and better defend against common threats from the Internet. These resources will help companies identify problems that need to be solved, better understand the threats, and provide guidance on how to defend themselves from those threats, they explained.

DHS has had a long history in helping to strengthen cybersecurity initiatives and is “focused on enabling organizations to raise their resilience [and] raise their cybersecurity posture through various services that we provide,” according to Deron McElroy, chief of operations for the Cybersecurity Advisor Program at DHS and Cybersecurity and Infrastructure Security Agency (CISA).

DHS is not just focused on the government, but the private sector also, he noted. What it offers includes assessments to help companies measure their resilience, how well they can respond to cybersecurity incidents “on a very bad day,” and how comprehensive their cybersecurity programs are, he said.

DHS also offers information sharing programs and “vulnerability scanning services” that are available at no cost aside from the fact that it’s “already baked into your taxpayer dollars,” he noted.

DHS has cybersecurity advisors stationed around the U.S. and “we’re still growing that capability,” he told attendees.

LA Cyber Lab, meanwhile, is a nonprofit agency set up by the Los Angeles city government that does a lot of what DHS does, but on a regional level, according to Chris Covino, cybersecurity policy director for the city of Los Angeles. It has a threat intelligence sharing platform that DHS gave it money to build, he noted.

LA Cyber Lab also offers workshops. For example, it’s providing a full-day, free cyber response clinic training program, he noted. It also does daily threat reports and “we’re trying to build other intelligence products,” he said.

“Long term, we want the city of L.A. to almost become like a regional cyber integration center,” Covino said, adding: “We’re making DHS’s job easier.”

In the meantime, “we want feedback from businesses” about the services from the city that they would like to see, Covino said.

This all comes amid a backdrop of increased consumer cybersecurity protection laws around the globe.

But NTSC tries to educate Congressional leaders on cybersecurity issues and “what’s really going on at the street level,” Patrick Gaul, its executive director, told attendees.

California, Maine and Nevada have all already passed such laws, but the California Consumer Privacy Act (CCPA) is the “most onerous” one of the three, according to Gaul. Citing a recent study, he said the average small business is expected to spend $50,000 to become CCPA compliant. But there’s still “a lot of ambiguity in CCPA” and it may be delayed a bit to get straightened out, he said.

Several other U.S. states have legislation pending, he said, noting New York proposed a similar law that didn’t pass this year but is not dead.

At the federal level, meanwhile, “there is an appetite for federal privacy legislation … it’s just going to take a lot of work to get the two parties together,” Gaul said.
The panel session was moderated by Christopher Taylor, director of ME-ISAC.

The Content Protection Summit was produced by MESA and CDSA, and was presented by SHIFT, with sponsorship by IBM Security, NAGRA, Convergent Risks, LiveTiles, Richey May Technology Solutions, EIDR, the Trusted Partner Network (TPN) and Darktrace.