CDSA

LOS ANGELES — At the Dec. 6 Content Protection Summit (CPS) Kiersten E. Todt, chief of staff of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), lamented that a vast majority of Americans are poor with their cybersecurity hygiene, and oblivious to the data threats they face.

She called on the media and entertainment industry to help change that. Through better Hollywood messaging, cybersecurity awareness for the public can be akin to seeing people put on their seat belts: it doesn’t need to be discussed, it’s just understood. Todt wants government agencies like CISA to work closer with Hollywood in order to “talk their language.”

“You don’t need to be a car mechanic to know you need air in the tires and oil in the engine,” Todt said during her opening keynote “Evolving Threats and Where We’re Headed – A National Perspective.” Whether it be multi-factor authentication, understanding how to avoid phishing attacks, using stronger passwords, there are simple but majorly effective ways for individuals — and the industry — to better protect themselves, Todt said.

“When we begin socializing basic cybersecurity concepts into our TV shows and movies it becomes [akin to] product placement,” she added. “We just need to come up with the right message.”

The message Todt brought to the CPS event was one of both praise and caution. Praise for an industry that’s vastly improved its security posture. And caution for the advanced nature of the threats it faces every single day.

“When we look at where the threats are we need to look at it from a nation-state perspective,” Todt said, listing Iran, North Korea, China and Russia as the top offenders when it came to threats against the U.S. And for media and entertainment it’s ransomware threats that should be keeping industry security specialists up at night with worry, with that being the top threat, with everyone from Radiohead to Lady Gaga falling victim, Todt said.

Todt especially singled out China and the threat it poses. “China’s in it for the long term, and for them it’s about the aggregation of information. It’s a tool for disrupting the economy.” And with unrest in the east due to war, all Americans and all industries need to be especially aware of related cyber threats, she added. Following Russia’s invasion of Ukraine, CISA debuted “Shields Up,” an initiative that brought a spotlight on potential cyber threats, with a compilation of free cybersecurity services and tools from government partners, along with technical guidance. Media and entertainment was among the industries that has made especially good use of the endeavor, Todt said.

“We saw industry really galvanize around it,” she said. “It’s another way government and industry can work together, to [show that] now is the time for changing passwords, now is the time to invest in training. The ROI on a security investment can be a difficult discussion when a breach hasn’t happened.

“Making an investment after a breach happens doesn’t help anything. You need to be proactive.”

All in all, Todt said the media and entertainment sector is on strong footing when it comes to their cybersecurity posture. Working in tandem with the government and the resources it provides will only improve that stance.

“This industry is critical to the digital economy and the more we can engage with media and entertainment to learn about its unique threats, the better we’re at mitigating [them],” she said.

Todt was interviewed on stage by Roger Cressey, NBC counter-terrorism analyst and former Presidential advisor.

Presented by Fortinet and produced by MESA, CDSA’s Content Protection Summit is sponsored by Convergent Risks, Richey May Technology Solutions, GeoComply, Signiant, Verimatrix, Shift Media, EIDR and EZDRM.