Lessons Learned: Justice and Public Safety Cyber Security Summit
The IJIS Institute hosted the Justice and Public Safety Cyber Security Summit on March 21st, 2023, at the George Mason University Arlington Campus. This event included public sector representatives from the federal, state, and local agencies, private sector, academia, and national practice associations.
One of the highlights from this summit was the keynote address from Bridget Bean, Assistant Director, Integrated Operations Division, Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA). The Assistant Director talked about the changing threat landscape and what CISA is doing to provide resources to the Justice and Public Safety agencies for their utilization to mitigate many of the cybersecurity related risks. Some of the tools, resources, and services offered by CISA are free of charge and accessible to agencies to use or request in the assessment process and when they are developing their own risk mitigation plan. These resources can be accessed and requested from the CISA website https://www.cisa.gov/resources-tools/all-resources-tools.
At this summit, the perspective from both the practitioners and industry viewpoint was also presented to showcase what challenges agencies are facing on a daily basis to protect their Information Technology (IT) and Data assets. Primarily, this requires education of their agency staff on the implementation and practice of proper cyber hygiene. Based on the fact that 60% of Justice and Public Safety agencies are mid to small size agencies, combined with the cyber threats changing on daily basis, it’s safe to assume a huge challenge facing these agencies to afford expensive solutions to address the number of cyber threats occurring. The private sector validated some of these concerns and did discuss various things they are doing in partnership with their client to provide them with secure solutions and education on what to include for their risk mitigation strategies to properly address these threats when procuring cloud based solutions. The cloud provider panel discussed the value of agencies moving their IT assets to the cloud or procuring cloud-based solutions to address the cyber threats and achieving compliance right out of the gate in a cost-effective manner to protect their data.
As part of the IJIS Cybersecurity Summit, FBI CJIS presented proper guidelines for Criminal Justice agencies and their solution providers to ensure they are implementing data protection as part of the roadmap based on the new upcoming CJIS policy updates and how they will impact all the agencies. These updates are driven by the need to ensure alignment with the NIST Risk Management Framework (RMF) controls and drive this as a goal for all Criminal Justice agencies.
The summit attendees and speakers were very engaged as they addressed the growing needs of cyber threats impacting the Justice and Public Safety agencies. The key takeaways from the summit included creating a top 10 list of actions that agencies should take to address the cyber security threats, continuing the dialogue between public and private stakeholders as part of the work of the IJIS Cyber Security Working Group and review the guidance for agencies to consider as part of their procurement process. The plan is to host an additional Cybersecurity Summit in the Fall of 2023 with guidance from CISA.