National Cyber Security Awareness Month (NCSAM) occurs every October, highlighting themes of shared responsibility and the importance of cybersecurity in various sectors, including health and the Internet of Things. Resources for improving cybersecurity skills and standards are provided, such as the NIST cybersecurity framework and various educational initiatives. The event encourages participation from individuals, organizations, and communities to enhance online safety and awareness.

1. National Cyber Security
Awareness Month 2014: Major
trends and resources
Stephen Cobb, CISSP
Security Researcher, ESET NA

2. National Cyber Security Awareness
Month
• Happens in October
• This is the 11th year
• A coordinated series of events
• A useful way to look at cyber security
• An official theme each year
• Other themes emerge
Follow
hashtag
#NCSAM

3. Question #1
Is your organization doing anything
special for National Cyber Security
Awareness Month?
 Yes
 No
 I’m not sure
 I don’t work for an organization

4. www.StaySafeOnline.org/ncsam

5. #NCSAM in 2014
• Official theme:
– Our shared responsibility
• Other themes emerge:
– The Internet of Things
– Security Standards
– STEM and the cyber workforce
– A wealth of resources

6. The Internet of Things
• Trade and Industry
• Health and Healthcare
• Infrastructure
• Homes and Cars
• IoT glossary and acronym soup:
– Sensors, GPS, RFID, WNS, LRCD, ICLR,
SDR, Wi-Fi, BlueTooth, Zigbee, Z-Wave

7. IoT: THE INTERNET OF THINGS
Trade and
Industry
Health and
Healthcare
Homes
and cars
Infrastructure
Track vehicles
and goods,
enable smart
factories,
improve supply
chain logistics
Monitor critical
systems, alert,
balance loads,
enable smart
grid efficiency
Diagnose remotely,
monitor patients,
deliver medication
What things?
smartphones,
smart watches,
wearables,
sensors, smart
appliances, smart
cars, medical
devices, drones,
network cameras
Protect, monitor,
control, entertain
What can IoT do? Monitor, warn, alarm, control, inform,
communicate, entertain, track, enable, treat, respond, enable

8. What’s the awareness aspect?
• The IoT is happening now
• Early indications are that security and
privacy are not top of mind with many
makers or users
• A chance to get
security baked
in rather than
added later
• And temper
expectations

9. Security Standards
• Looks like we have a winner:
– NIST Cybersecurity Framework
– www.nist.gov/cyberframework
• A voluntary framework for reducing cyber
risks to critical infrastructure
• And the rest of cyberspace as well
• May be a “reasonableness test”
• Default standard of due care

10. STEM and the cyber workforce
• Securing all this stuff is going to take a lot more
skilled people than we have on hand right now
• Steps are being taken to increase the supply of
cyber skilled people
• Areas of discussion:
– Professional certification vs. college
– Better human resource management
– Vets, women, minorities
– Immigration

11. Question #2
Does your organization have difficulty
finding the computer security expertise it
needs?
 Yes
 No
 Not sure
 I don’t work for an organization

12. A wealth of resources
• National Initiative for Cybersecurity
Education (NICE)
• Cybersecurity Lesson Plans
• Cybersecurity Internship Program
• National Initiative for Cybersecurity
Careers and Studies (NICCS)
– niccs.us-cert.gov
• And that’s just on workforce development

13. Free awareness materials
www.StopThinkConnect.org/resources
Email: stopthinkconnect@dhs.gov

14. Official NCSAM Theme:
Our shared responsibility
Each and every one of us needs to do
our part to make sure that our online
lives are kept safe and secure. That's
what National Cyber Security Awareness
Month—observed in October —is all
about!

15. Who is responsible?
• Individuals
• Companies
• Government
• Communities

16. Individuals
• Check your cyber hygiene
– Password protection, backups, privacy
settings, mobiles, laptops, tablets, etc.
• Talk cyber with parents, kids, friends…
• stopthinkconnect.org/tips-and-advice

17. Companies
• A good time to have everyone read the
company security policies and
procedures
• Awareness and education days
• Use free materials, competitions,
volunteer

18. Government
• Local
– Mayor’s office
– City IT
• Regional & State
– MS-ISAC
– State Cyber Task Force
• National
– NIST, DHS, FBI
• International
– More resources please!
– Cooperation between nation states

19. Communities
• Businesses
• College Administrators
• Community-Based
Organizations
• Faith-Based Organizations
• Home Users
• K-12 Administrators
• Libraries
• Local governments
• Local law enforcement
• Teachers

20. Communities
• A community example of “Our
Shared Responsibility”
• Securing Our eCity
• Greater San Diego area
• Non-profit organization
• Volunteers and donations
• Public/private cooperation

26. And it’s not over yet…

27. 5 Thursdays in October 2014!

28. Thank you!
• stephen.cobb@eset.com
• www.eset.com
• www.WeLiveSecurity.com
• Twitter @zcobb
• www.SecuringOureCity.org