Webinar slides from a Cap Tech Talk webinar presented on March 17, 2022 by Dr. Nikki Robinson on "Critical Challenges and Differences Between the Private and Public Sectors." Dr. Robinson looks at the cybersecurity challenges faced by public and private infrastructure.
Separation of Lanthanides/ Lanthanides and Actinides
Webinar slides march 2022 nikki robinson
1. Presented by Dr. Nikki Robinson
Critical Challenges and
Differences Between
the Private and Public Sectors
2. Agenda
Bill Gibbs
Cap Tech Talks Host
1. About Capitol Technology University
2. Session pointers
3. About the presenter
4. Presentation: Dr. Nikki Robinson
5. Q & A
6. Upcoming webinars
7. Recording, Slides, Certificate
3. About
Established in 1927, We are
one of the only private
Universities in the state of
Maryland specifically
dedicated to engineering,
cybersecurity, computer
sciences and tech
management.
4. Nonprofit, Private &
Accredited
Capitol is a nonprofit, private accredited university
located in Laurel, Maryland, USA
Capitol Technology University is
accredited by the Commission on
Higher Education of the Middle
States Association of Colleges
and Schools
The University is authorized by
the State of Maryland to confer
Associate’s (A.A.S.), Bachelor’s
(B.S.), Master’s (M.S., M.B.A.,
T.M.B.A), and Doctoral
(D.B.A.,D.Sc., Ph.D.) degrees.
5. Session Pointers
• We will answer questions at the conclusion of the presentation. At any
time you can post a question in the text chat and we will answer as many
as we can.
• Microphones and webcams are not activated for participants.
• A link to the recording and to the slides will be sent to all registrants and
available on our webinar web page.
• A participation certificate is available by request for both Live Session and
On Demand viewers.
6. Presented by Dr. Nikki Robinson
Critical Challenges and
Differences Between
the Private and Public Sectors
7. Dr. Nikki Robinson
• Adjunct Professor/Doctoral Chair at Capitol
Technology University
• Two earned doctorates: Doctor of Science (D.Sc.) in
Cybersecurity, and Ph.D. in Human Factors
• Bachelor’s and Master’s in IT
• Security Architect for IBM
• Teaches graduate-level courses
• CISSP, CHE, CNDA, MCITP, and CCAA
8. INTRODUCTION
• Security Architect, Security Innovation &
Remediation Team, IBM
• Adjunct Professor and Doctoral Chair/Mentor,
Capitol Technology University
• ICIT Fellow (2022)
• President, Infragard Maryland Chapter
• Podcast Host, Resilient Cyber Podcast
• DSc, Cybersecurity, Capitol Technology University
• PhD, Human Factors, Capitol Technology University
9. AGENDA
Critical Infrastructure Sectors
Public Sector vs Private Sector
Examples of Past/Current Attacks
Differences in Attack Paths
Sector-Specific Threats
Current Challenges in Public Sector
Current Challenges in Private Sector
Organizations / Standardization
What Can We Do?
10. CRITICAL INFRASTRUCTURE SECTORS
Nuclear Reactors,
Materials, and Waste
Chemical
Commercial
Facilities
Communications
Critical
Manufacturing
Dams Sector
Defense
Industrial Base
(DIB)
IT Sector
Emergency
Services
Energy
Financial
Services
Food and
Agriculture
Government
Facilities
Healthcare
and Public
Health
CISA/FEMA
Transportation
Systems
Water and
Wastewater
Systems
11. PUBLIC SECTOR VS PRIVATE SECTOR
Private
• Waste and Water
• 3M
• Defense
• Consulting
• Energy
• BGE, Exelon, etc
• Transportation
• Buses,Transit,Trains
Public
• Department of Energy
• Department of Defense
• Department of Health and Human
Services
• Department of Transportation
13. DIFFERENCES
IN ATTACK
PATHS
Private Sector
• Business Email Compromise (BEC)
• Phishing/Spear Phishing
• Sophisticated attacks – go for big payout
(think Sony,Yahoo,Wells Fargo)
Public Sector
• Ransomware, Ransomware, OMG
RANSOMWARE
• Phishing
• Vulnerability Chaining
• Sophisticated attacks by APT groups (think
OPM)
14. SECTOR-SPECIFIC
THREATS/GOALS
• Waste and Water: Upset water treatment / Deface
utility’s websites
• Transportation: Stealing information on shipments /
PII employees and partners
• Energy: Targeting utilities, nation-state actors,
cybercriminals specifically understanding economy
• IT Sector: Everything (DDoS, ransomware, malware,
APT, phishing, spear-phishing, etc)
• Nuclear: Affect facilities and operations, and
compromise command/control systems
15. CURRENT CHALLENGES IN PUBLIC SECTOR
Limited funding supporting cybersecurity objectives
Limited funding to update IT infrastructure and applications
Outdated and legacy systems that are supporting CI
Production systems rely on applications built 20 or 30 years ago
Migrating to the cloud presents new challenges
Lack of security knowledge with Operations Technology
16. CURRENT
CHALLENGES
IN PRIVATE
SECTOR
Emerging technology moving incredibly
fast (quantum computing, ML/AI)
Security frameworks outdated and
difficult to adhere to
Constant audits, security assessments,
and controls that may not apply
Vulnerability management challenges
from small to large organizations
More budget for technology, but may still
be limited for cybersecurity
19. WHAT CAN
WE DO?
Encourage increased collaboration between
Private and Public sectors
Encourage
Consider complexity of cybersecurity
concerns – building maturity model
Consider
How do Human Factors play into this?
Integrate HF practices into CI cybersecurity
Action
Understand how attacks differ between
sectors, helps build a risk profile
Understand
Threat intelligence/modeling integrated into
all cybersecurity programs
Threat Intel
Include security in application design and
practice – not an after thought!
Include
23. Upcoming Webinars
Tech Career Skills
Identification &
Communication in
Writing a Resume
Connie Harrington
Apr. 14
Tips for Finding
Career Success in
Technology
Vennard Wright
May 19
Flight Test
Engineering: Trials
and Triumphs of a
Flight Test Engineer
Dr. Scott Raetzman
June 16