Defend the Perimeter
New year, same threats – nation-state actors, ransomware gangs, zero-day exploits. Joining the mix are more novel threats, like AI-enabled attacks. Fortifying your organization’s network defenses to protect its IT infrastructure and the connections between its assets has never been more critical.
How Our Best-inClass IDS Helps U.S. SLTTs Monitor and Defend Against Malicious Traffic
New Research on How Cybercriminals Exploit Encrypted Channels to Launch Attacks
Helping Election Agencies Secure Their Non-Voting Systems for the 2024 Elections
Working Together to Give Service Providers a “Stamp of Approval“ to Audit and Assess Against the CIS Controls
Ad Placement Defend your endpoints from threats on and o the network.
CIS Endpoint Security Services, now with Spotlight and Mobile
Contents
New
protocols we commonly use when navigating the
to their advantage and strategies to help stop them.
Our
Cybersecurity Quarterly is published and distributed in March, June, September, and December. Founded MMXVII.
Published by Center for Internet Security, 31 Tech Valley Drive, East Greenbush, New York 12061
For questions or information concerning this publication, contact CIS at info@cisecurity. org or call 518.266.3460
© 2024 Center for Internet Security. All rights reserved.
Spring 2024 Volume 8 Issue 1
Editor-in-Chief
Michael Mineconzo
Supervising Editor
Laura MacGregor
Copy Editors
Jay Billington
David Bisson
Autum Pylant
Staff Contributors
Marci Andino
Stephanie Gass
Carlos Kizzee
Lee Myers
Charity Otwell
Aaron Perkins
Natalie Schlabig
Karen Sorady
QuarterlyUpdate with
John Gilligan“The ability to protect infrastructure segments as well as the connectivity between portions of an organization’s IT infrastructure continue to be essential parts of a robust cyber defense program.”
As I write this welcome note, the cherry blossoms are starting to bloom in Washington, D.C. — a sure sign that spring is here. While the weather is getting milder, our political processes are heating up. Primaries are in full swing leading to what will likely be a bruising general election in November. In recent congressional hearings, our senior government officials have indicated that nation-states including China, Russia, and Iran are likely to try to disrupt the upcoming election with cyber attacks and misinformation operations. Adding to the challenge is the rapid growth of AI-enabled attacks; we are already seeing a significant increase in deep-fakes. Ransomware, largely attributed to Russia by the U.S. intelligence community, also continues to grow rapidly. This clearly portends a challenging year for cyber defenders.
This issue of Cybersecurity Quarterly focuses on network and perimeter security. Consistent with an emphasis on zero trust architectures, the ability to protect infrastructure segments as well as the connectivity between portions of an organization’s IT infrastructure continue to be essential parts of a robust cyber defense program.
In this issue, Lee Myers, Director of our 24x7x365 CIS Security Operations Center (SOC), has provided a piece highlighting the recent successes of the Albert intrusion detection system (IDS), which is now deployed to almost 1,000 U.S. State, Local, Tribal, and Territorial (SLTT) organizations. Albert has been extraordinarily effective from an operational and cost perspective for almost a decade. An ongoing project with MIT Lincoln Laboratories is investigating potential upgrades to Albert to be more effective in analyzing encrypted traffic. On a related theme, our partner, Zscaler has provided an article discussing their recent threat report that discusses the increase of encrypted cyber threats and offering strategies to defend against them.
As we prepare for the 2024 elections, an article in this issue describes a new verification program for election equipment that support the election process, specifically systems such as those that support voter registration,
electronic polling place check-in (e-poll books), election management, and election night reporting. This new process, called Rapid Architecture-Based Election Technology Verification (RABET-V), has been developed to leverage modern software system design and testing methodologies. It has been piloted over the last two years and is now fully operational. RABET-V is intended to provide a standard process for ensuring the security and robustness of elections support systems.
Charity Otwell, Director of Critical Security Controls in CIS’s Security Best Practices (SBP) organization, has provided an article that discusses the CIS Controls Accreditation program, which is now supported by CREST, a global certification organization. This program permits consultants and vendors to become certified in implementing the CIS Controls. In another article, Karen Sorady, Vice President for MS-ISAC Strategy and Plans, reflects on the ISAC’s plans for the upcoming year, including capitalizing on the outcomes from the recent MS-ISAC Executive Committee meeting in Washington, D.C. with key federal partners, elected officials, and other like-minded organizations. Finally, Stephanie Gass, Director of Governance, Risk, and Compliance, has provided a piece on integrating network security into the development of compliance and governance policies.
I hope you enjoy this quarter’s issue and have a great spring!
Best Regards,
John M. Gilligan President & Chief Executive Officer Center for Internet SecurityNewsBits&Bytes
CIS Critical Security Controls v8 Mapping to NIST CSF 2.0 Released
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the NIST Cybersecurity Framework (CSF) 2.0. This is the first major update to the framework since its creation in 2014; CSF 2.0 expands the framework’s core guidance and is designed for all audiences. To help organizations implement the updates, the Security Best Practices team at the Center for Internet Security (CIS) has mapped CIS Critical Security Controls® (CIS Controls®) v8 and its corresponding Safeguards to NIST CSF 2.0. To download the mapping, please click here. Additionally, the new mapping has been integrated into the CIS Controls Navigator, which quickly illustrates how the CIS Controls map to dozens of other industry security standards.
CIS Launches CIS Endpoint Security Services Mobile
While most organizations focus cybersecurity efforts on fortifying their networks, the mobile devices connected to them often remain vulnerable. To help address this gap, the Center for Internet Security, Inc. (CIS®) introduced CIS Endpoint Security Services (ESS) Mobile, a tailored solution offered exclusively to U.S. State, Local, Tribal, and Territorial (SLTT) organizations. “ESS Mobile not only fortifies our members’ defenses against evolving threats but also allows them to maintain the highest standards of mobile cybersecurity, better enabling them to protect the integrity and confidentiality of sensitive information across their infrastructures,” said Lee Noriega, Executive Director of Cybersecurity Services Organization. To learn more about ESS Mobile, please click here.
MS-ISAC Cybersecurity Enhancement and Incident Response White Paper Release
The Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Cybersecurity Enhancement and Incident Response white paper is intended to aid members of U.S. State, Local, Tribal, and Territorial (SLTT) entities in effectively implementing an incident response plan, serving as a resource for enhancing their cybersecurity programs. In the world of handling security incidents, there is a range of threats to tackle. This involves considering the intent, opportunity, and capability of any would-be attacker. Staying prepared for a cyber attack is crucial for staying ahead of ever-changing threats. To learn more, please click here
Closing Soon
The Center for Internet Security, Inc. (CIS®) is currently accepting applications for the Alan Paller Laureate Program. Now in its second year, the program was established in honor of Alan Paller, a cybersecurity visionary and trailblazer renowned for his innovative leadership in the field who co-founded CIS as well as the SANS Institute and SANS Technology Institute.
The laureate program supports U.S. nonprofit organizations, academic institutions, and individuals dedicated to enhancing cybersecurity by making controls more effective, simpler, and automated; developing and equipping highly skilled cyber experts; and enhancing the teaching of cyber defense at every level. The program awards up to $250,000 annually to eligible organizations or individuals whose pilot projects, proofs of concept, or existing programs are selected through a competitive application process. Learn more about the program and eligibility criteria on our website and submit an application here. Applications will be accepted until March 31, 2024, with award announcements expected in mid-May.
Albert — A Trusted Network Monitoring Tool for SLTTs
One of CIS’s longest running services for the state, local, tribal, and territorial (SLTT) community, our Albert intrusion detection system continues to be one of our members’ most invaluable resources for stopping cyber attacks.
By Lee MyersAs the Center for Internet Security, Inc. (CIS®) has continued to grow over the past two decades, it is imagination that has inspired us to break the barriers of what is possible when it comes to providing no-cost and cost-effective cybersecurity solutions to members of the U.S. State, Local, Tribal, and Territorial (SLTT) community.
What began as a vision over 20 years ago has blossomed into a globally recognized and respected standards-based organization built on the premise that obtaining higher levels of cybersecurity maturity should be not just possible but achievable — especially by those who need it most.
Perhaps then it comes as no surprise that the list of CIS Services available to SLTT organizations has also matured, both in capability and usefulness. That progress and maturity is evidenced no better than in a highly capable, custom-built intrusion detection system (IDS) that we call Albert Network Monitoring and Management.
What began as a vision over 20 years ago has blossomed into a globally recognized and respected standards-based organization built on the premise that obtaining higher levels of cybersecurity maturity should be not just possible, but achievable, especially by those who need it most.
And if you’re wondering, the answer is "yes." The inspiration for the name "Albert" was specifically chosen, in part, as an homage to the scientist himself, Albert Einstein.
Those forming the impetus of Albert were driven forward by the possibility — the dream — that an IDS for the SLTT community could reduce false positives, dramatically decrease response times from the 24x7x365 CIS Security Operations Center (SOC), and lead the way in providing a best-in-class solution for monitoring for malicious traffic on an SLTT organization’s network.
But what exactly is Albert?
• An Albert sensor is a custom-built IDS designed to detect cyber threats to SLTT networks.
• Albert assists state and local governments with identifying malicious cyber activity by providing security alerts for known cyber threats.
What Sets Albert Apart from Any Other IDS?
SLTT-Focused
Albert is the only network IDS built specifically for U.S. SLTTs. It is informed by the largest SLTT-specific threat database as well as the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), other ISACs, and 200+ threat intelligence sources.
Superior Response Times
The CIS SOC averages an industry-leading five (5) minutes time to notification — marked from when the CIS SOC receives an Albert alert to when the affected organization receives a notification.
In fact, a Gartner senior consultant who has focused on SOC operations for nearly 20 years described the CIS SOC as the only SOC he has ever encountered that measures its response time in minutes versus hours. He remarked that the next lowest time to notification he has seen is four hours and that most SOCs average between 12 and 24 hours.
False Positive Reduction
The CIS SOC monitors alerts originating from Albert sensors 24x7x365, eliminates an estimated 75% of false positive alerts common to cyber defense solutions like IDS, and escalates only the most credible threats, thus saving organizations precious time.
Real-World Impacts of Albert
Albert helped identify attempted foreign malign influence against the U.S. elections infrastructure and U.S. States
In 2016, after a state voter registration database was breached, a review of Albert data revealed Russian cyber threat actors (CTAs) had attempted to breach other state
In fact, a Gartner senior consultant who has focused on SOC operations for nearly 20 years described the CIS SOC as the only SOC he has ever encountered that measures its response time in minutes versus hours. He remarked that the next lowest time to notification he has seen is four hours and that most SOCs average between 12 and 24 hours.
election databases. Albert data from approximately 20 states enabled the Multi-State-Information Sharing and Analysis Center® (MS-ISAC®) to identify CTAs and share key indicators of these CTAs’ breach attempts. The data Albert had identified was subsequently used to protect other U.S. states from intrusion.
This event was the catalyst for the designation of elections as critical infrastructure and the creation of the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), a community of dedicated election officials and cybersecurity professionals working sideby-side to ensure the integrity of elections among SLTT governments.
In 2021, a Chinese CTA launched a campaign against multiple U.S. states, specifically targeting a suite of software used exclusively by the states. Not a single vendor had signatures in place to monitor or detect this activity.
Once the malicious activity was observed in the first state, CIS engineers successfully wrote custom detections for Albert and conducted retroactive analysis of Albert, subsequently identifying at least six other states with high-risk impact and an additional nine with
potential impact. Thanks to Albert and the expertise of CIS engineers, not only was this threat mitigated, but the cyber risk of this threat for all 50 states was significantly reduced.
But perhaps the best testament to Albert’s effectiveness is from those SLTT IT and cybersecurity professionals who have seen its positive impact firsthand. Here are just a few of them:
Albert identifies breach from China-based APT
An MS-ISAC member reported that they have seen great results from their Albert alerts. The ongoing monitoring recently helped identify a breach from a China-based advance persistent threat (APT), which the member viewed as a huge success.
Albert helps the cyber underserved mount an effective cyber defense
An IT professional at a tribal organization said, “My tribal organization pays for an Albert sensor because we truly see the value of that service offering…we are very much reassured to know that the MS-ISAC is providing another set of eyes and ears around the clock to help keep our network safe. Given the cybersecurity staffing and expertise challenges faced by many tribes, any solution that can be installed in a relatively simple manner and then left to CIS to manage at an affordable cost is very advantageous.”
Albert supports rapid mitigation of cyber threats
A county IT director reported that, due to a prompt Albert alert and swift action by the affected organization, only 10 minutes elapsed between when a machine was
compromised by an email attachment and when it was removed from the network.
Albert supports broad situational awareness
A state CISO reported that Albert was valuable as the 24x7x365 network monitoring portion of their security team, protecting the executive, judicial, and legislative branches in the state. “It provides a significant improvement in the situational awareness” because “with Albert sensors deployed to 54 states and territories across the country, there’s a huge amount of information and intel that is readily accessible.”
Conclusion
With cyber attacks on the rise, Albert Network Monitoring and Management stands apart as effective network protection tailormade for SLTT government organizations.
To learn more about Albert and other no-cost and cost-effective cybersecurity solutions for SLTTs, visit https:// www.cisecurity.org/services/albert-network-monitoring.
Lee Myers is the Director of the Security Operations Center (SOC) at the Center for Internet Security (CIS). Myers is responsible for leading the CIS 24x7x365 SOC, which provides real-time network monitoring, cybersecurity event analysis, and cyber threat warnings and advisories to state, local, tribal, and territorial (SLTT) government entities within the United States. Myers joined CIS as an analyst in the SOC in 2012, shortly after earning a Bachelor of Science in Information Security and Forensics from the Rochester Institute of Technology.
4 Ways Agencies Can Stop Encrypted Cyber Threats
While encrypting internet traffic has undoubtedly helped make organizations safer, today’s cybercriminals have found ways to use encrypted traffic to their advantage, as illustrated in Zscaler ThreatLabz’s latest research report.
By Will SeatonIn today’s digital world, we’ve come to trust HTTPS as the standard for encrypting and protecting data as it flows across the internet — the reassuring lock icon in a browser’s icon bar assures us our data is safe. Organizations worldwide have rightfully recognized this protocol as an imperative for data security and digital privacy, and overall, 95% of internet-bound traffic is secured with HTTPS.
But encryption is a double-edged sword. In the same way that encryption prevents cybercriminals from intercepting sensitive data, it also prevents enterprises from detecting cyber threats. As we revealed in our ThreatLabz 2023 State of Encrypted Attacks Report , more than 85% of cyber threats hide behind encrypted channels, including malware, data stealers, and phishing attacks. What’s more, many encrypted attacks use legitimate, trusted SaaS storage providers to host malicious payloads, making detection even more challenging. Encrypted channels are a major blind spot for any organization that is not performing SSL inspection today, enabling threat actors to launch hidden threats and exfiltrate sensitive data under cover of darkness.
As threats advance and the number of malicious actors grows, these types of attacks continue to increase. ThreatLabz analyzed more than 29 billion blocked threats over the Zscaler Zero Trust Exchange from September 2022 to October 2023, finding a 24.3% increase year over year, with a notable growth in phishing attacks and significant 297.1% and 290.5% growth for browser exploits and ad spyware sites, respectively. Education saw an astounding 276% growth in encrypted attacks while government attacks increased 185%.
So, what can state, local, education, and tribal enterprises do to thwart encrypted attacks? The answer is simple:
As we revealed in our ThreatLabz 2023 State of Encrypted Attacks Report , more than 85% of cyber threats hide behind
encrypted channels, including malware, data stealers, and phishing attacks.
inspect all encrypted traffic. However, the reality of this task remains a huge challenge for most organizations. To fix the problem, we must first explore and understand why this is the case.
A Major Enterprise Blind Spot: SSL/TLS Traffic
As part of the 2023 State of Encrypted Attacks Report , ThreatLabz commissioned a separate third-party, vendor-neutral survey of security, networking, and IT practitioners to better understand their challenges, goals, and experience with encrypted attacks. We found that 62% of organizations have experienced an uptick in encrypted threats — with the majority having experienced an attack and 82% of those having witnessed attacks over “trusted” channels. However, enterprises face numerous challenges that prevent them from scanning 100% of SSL/TLS traffic at scale — the antidote to encrypted threats.
The most popular tools for SSL/TLS scanning include a mix of network firewalls (62%) and application-layer firewalls (59%). These tools come with challenges at scale, the survey found; the top barriers preventing enterprises from scanning 100% of encrypted traffic today include performance issues and poor user experience (42%),
cost concerns (32%), and scalability issues with the current setup (31%). Notably, a further barrier for 20% of respondents is that traffic from trusted sites and applications is “assumed safe” — which, our research shows, is not the case.
These issues point to challenges that are in contrast with enterprise inspection plans. While 65% of enterprises plan to increase rates of SSL/TLS inspection in the next year, 65% are also concerned that their current SSL/ TLS inspection tools are not scalable or future-proofed to address advanced cyber threats. This finding echoes enterprises’ confidence in their security setups: just 30% of enterprises are “very” or “extremely” confident in their ability to stop advanced or sophisticated cyber threats.
These findings suggest that while enterprises are well aware of the risk of encrypted attacks, encrypted channels remain a prominent blind spot to many organizations — and many attacks can simply pass through without detection.
Shining a Light on Cyber Threats Lurking in Encrypted Traffic
Threat actors are exploiting encrypted channels across multiple stages of the attack chain — from gaining initial entry through tools like VPN to establishing footholds with phishing attacks, delivering malware and ransomware payloads, moving laterally through domain
controllers, and exfiltrating data, oftentimes using trusted SaaS storage providers and more.
Knowing this, enterprises should include mechanisms in their security plans to stop encrypted threats and prevent data loss at each stage of the attack chain. Here are four approaches that enterprises can adopt to prevent encrypted attacks and keep their data, constituents, and employees secured.
1. Inspect 100% of encrypted SSL/TLS traffic at scale with a zero trust, cloud-proxy architecture
The key to an enterprise strategy to stop encrypted attacks starts with an ability to scan 100% of encrypted traffic and content at scale, with zero performance degradation. That’s step one. A zero trust architecture is an outstanding candidate for this task for a number of key reasons. Based on the principle of least privilege, this architecture brokers connections directly between users and applications — never the underlying network — based on identity, context, and agency policies. Therefore, all encrypted traffic and content flows through this cloud-proxy architecture, with SSL/TLS inspection for every packet from every user on a per-user basis with infinite scale, regardless of how much bandwidth users consume. In addition to this, direct user-to-app and app-to-app connectivity make it substantially easier to segment application traffic to highly granular sets of users — eliminating lateral movement risk that is often
the norm in traditional, flat networks. Meanwhile, a single policy set vastly simplifies the administrative process for enterprises. This is in contrast to application and network firewalls — themselves frequent targets of cyber attacks — which in practice translate to greater performance degradation, complexity, and cost at scale, all while failing to achieve enterprise goals of 100% SSL/TLS inspection. In other words, stopping encrypted threats begins and ends with zero trust.
2. Minimize the enterprise attack surface
All IP addresses, or internet-facing assets, are discoverable and vulnerable to threat actors — including enterprise applications and tools like VPNs and firewalls. Compromising these assets is the first step for cybercriminals to gain a foothold and move laterally across traditional networks to your valuable crown-jewel applications.
Using a zero trust architecture, enterprises can hide these applications from the internet, placing them behind a cloud proxy so that they are only accessible to authenticated users who are authorized by agency access policy. This simple fact empowers enterprises to immediately remove vast swaths of the external attack surface, prevent discovery by threat actors, and stop many encrypted attacks from ever happening in the first place.
3. Prevent initial compromise with inline threat prevention
Enterprises have numerous tools at their disposal to stop encrypted threats, and here, a layered defense is the best one. Critically, these defenses should be inline — in the data path — so that security tools detect malicious payloads before delivery, rather than pass-through, out-of-band approaches, as with many traditional technologies.
There are a number of core technologies that should make up a best-practice defense. These include an inline sandbox with ML capabilities; while many traditional sandboxes assume patient-zero risk, an ML-driven sandbox at cloud scale allows agencies to quarantine, block, and detonate suspicious files and zero-day threats immediately, in real time, without impacting business. Furthermore, technologies like cloud IPS, URL filtering, DNS filtering, and browser isolation — turning risky web content into a safe stream of pixels — combine to deliver enterprises what we would term advanced threat protection. While encrypted threats can pass by unnoticed by many enterprises, this type of layered, inline defense ensures that they won’t.
4. Stop data loss
Stopping encrypted attacks doesn’t end with threat prevention; enterprises must also secure their data in motion to prevent cybercriminals from exfiltrating it. As mentioned, threat actors frequently use legitimate, trusted SaaS storage providers — and therefore “trusted” encrypted channels — to host malicious payloads and exfiltrated data. Without scanning their outbound SSL/ TLS traffic and content inline, enterprises have little way to know this is happening. As with threat prevention, enterprises should also take a multi-layered approach to securing their data. As best practices, enterprises should look for functionality like inline DLP, which inspects SSL/ TLS content across all data channels, like SaaS apps, endpoints, email, private apps, and even cloud posture. As a note, in addition to exact data match (EDM), Zscaler has taken an AI-driven approach to automatically discover and classify data across the enterprise, and these categories are used to inform DLP policy. Finally, CASB provides another critical layer of security, protecting inline data in motion and out-of-band data at rest.
Diving Deeper Into Encrypted Attacks
Of course, these best practices are the tip of the iceberg when it comes to understanding and defending against the full range of encrypted attacks. For a deeper analysis of how state, local, education, and tribal enterprises can stop encrypted threats, get your copy of the ThreatLabz 2023 State of Encrypted Attacks Report today.
Will Seaton is a Senior Product Marketing Manager at Zscaler. Seaton has eight years of experience in cybersecurity, most recently helping large enterprises enforce security and compliance best practices like Zero Trust, MITRE ATT&CK, CIS Benchmarks, NIST SP 800-190, and fine-grained access controls in their cloud environments.
RABET-V: A New Approach to Testing Election Technology
With another election season upon us, ensuring the safety and integrity of our nation’s elections is of the utmost importance. To help, we’ve released our latest resource to help election agencies verify their non-voting election systems.
By Marci AndinoFor most, “election technology” means the equipment you see when you are casting a ballot in a polling place. Along these lines, election security is focused on voting machines and scanners that count ballots. But there’s much more we can do to build trust in the cybersecurity of election technology.
Non-voting election technology — ePollbooks, election night reporting systems, voter registration systems, and other software or products that support election administration but are not part of the vote-casting or tabulation processes — have fundamental differences from voting technologies like voting machines and tabulators. They aren’t part of the secret balloting process, they are typically internet connected, and they help set up and run the process rather than being part of casting and counting votes directly. Until recently, these systems didn’t have a
Non-voting election technology... have fundamental differences from voting technologies like voting machines and tabulators... Until recently, these systems didn’t have a standardized national process for verifying their security, reliability, and usability.
standardized national process for verifying their security, reliability, and usability.
The Center for Internet Security, Inc. (CIS®) sought to address this election security issue by developing the Rapid Architecture-Based Election Technology Verification (RABET-VTM) program, a rapid, reliable, and cost-effective approach to verifying non-voting election systems. As the first national program for testing non-voting election technology, RABET-V helps bring consistency to non-voting systems, thus increasing trust in the administration of elections. We’ll spend some time exploring how RABET-V overcomes the shortcomings of the traditional testing approach to bring a new, more holistic approach that’s aligned with secure software development practices.
Addressing the Verification Problem
There is no standard, national-level process for verifying that non-voting election technology is secure, reliable, accessible, and usable. This puts elections jurisdictions
at risk, burdens vendors with extra costs, and risks inconsistent and insecure outcomes.
RABET-V is a flexible, rapid, and cost-effective process for verifying vendor-provided and homegrown non-voting election technology. RABET-V assesses a product and the organization responsible for developing it by scoring its development process, architecture, and the product’s performance to form a more complete picture of non-voting election technology.
• Comprehensive view: Conducts a holistic assessment of the technology producer’s development processes, the product’s architectures, and the product’s performance.
• Actionable results: Provides reports on the assessments that support continual improvement and more clarity in procurements.
• Scalability potential: Uses the results from previous assessments and information about product changes to scale the level of testing for future versions.
Through these activities both technology providers and election officials alike get a more efficient verification process.
RABET-V’s Approach to Enhancing Election Security
RABET-V uses a novel approach to testing information technology. Where most approaches use a single assessment type, RABET-V pulls together three industry-leading assessments into a single, comprehensive view of a product and the organization that developed it.
• The Organizational Assessment examines the practices that the technology provider uses to develop a product.
• The Architecture Assessment analyzes components at the system and software levels to visualize the risks surrounding a product.
• The Product Verification tests for someone’s ability to misuse the product for the purpose of producing unintended actions or outcomes.
Together, these three assessments yield a far more holistic picture of critical election technology. The RABET-V process creates actionable results through reports that technology providers can use to continually improve their products and that election offices can use to make informed procurement decisions. It also creates
time and cost savings by letting technology providers use their results from previous assessments along with information about product changes to adjust the level of testing for future versions
How RABET-V Fixes the Limitations of Traditional Testing
The traditional testing approach for information technology takes a product at a specific point in time and tries to make it do the things it claims to do as well as
Traditional Testing
It doesn’t keep pace with technology changes. As such, evaluated products don’t remain relevant amid evolving threats and a changing election environment.
tries to break it. It’s usually slow and costly; many similar programs suffer from significant drawbacks. RABET-V’s approach supports technology providers and election offices more effectively than traditional testing.
Taken as a whole, the RABET-V approach changes the game. Technology Providers now have the incentive to continually improve and to test and deploy security updates, bug fixes, and new features more quickly. And election offices have more insight into technology
RABET-V’s Holistic Approach
Encourages incremental changes with a risk-based approach. RABET-V’s risk-based, iterative approach scores technology and technology providers on various aspects of their product and processes, helping providers focus on areas where they can make incremental improvements with the most impact.
Each assessment is performed in isolation. Like the above, tests without business or threat context can’t attest to how a piece of technology will perform in a production environment.
Full re-testing is prioritized. Traditional testing accepts limited de minimis changes. Because of the time and money required to go through a full test, election officials can’t get the updates they want unless they fit in a very narrow range.
It requires full testing costs on a regular basis. Every verification attempt costs the same as another, a reality for which technology providers must budget in perpetuity. And in different jurisdictions, this might mean repeating very similar tests over and over again.
Reverification doesn’t save time. A reverification attempt generally takes the same amount of time as verification, which costs technology providers time and money.
Product changes are disincentivized. Traditional testing bogs down technology providers in a lengthy reverification process for even incremental updates. As a result, changes become so infrequent they struggle to keep up with the evolving threat environment..
Redundant testing required for tailoring. This means technology providers must spend even more time and money to test against custom requirements.
Reviews the organization and environment in which the product underwent development. Election offices can take these factors into account to make a more informed procurement decision.
Scalability. Technology providers can use RABET-V to evaluate their products for different types of changes, and the level of testing scales to match the risk presented by the change.
The potential to lower costs. Scaling testing can reduce costs for any given test, and by creating a consistent, national approach, RABET-V reduces the cost of having each technology provider go through similar but non-standard testing procedures in each state or locality.
Reduces the time needed for reverification. Rather than reviewing the entire system with each technological change, re-verification of well-built systems from mature technology providers evaluates only those system aspects affected by the change.
Incentivizes continual, incremental improvement. The RABET-V process rewards better security and product development practices by taking prior assessment scores into account and scaling testing appropriately
Doesn’t penalize tailoring. RABET-V uses a delta-based approach to help technology providers meet unique requirements for specific jurisdictions, including for homegrown systems.
providers’ products, instilling more confidence about what they deploy in their environments.
The Value of RABET-V
The RABET-V program provides assurances of security, reliability, accessibility, and usability sufficient for technology providers and election officials to have confidence in their use in election administration. Registered technology providers (RTPs) and election officials benefit from the RABET-V program in a number of ways.
• Rigorous methodology: A thorough approach to testing non-voting equipment.
• Rapidly retest for risks: A risk-based way to rapidly retest products after changes.
• Practical assurance: A cost-effective solution for ensuring verified products, and the most up-to-date versions of those products, are deployed in election environments.
• No cost to election offices: Election offices can request reports directly from vendors as part of procurement and review processes.
• Efficient process: Lowers overall costs to vendors and election offices by removing redundancy across states and streamlining testing.
• Confidential scoring: Technology providers receive reports with scores and detailed recommendations for improvement, and can choose how and when to share this information.
The way RABET-V requires testing relevant to the change that’s made can bring testing of an update down to days or weeks rather than months – or years!
RABET-V has been Piloted Rigorously and is in Operation
RABET-V has undergone several pilot rounds to make sure it can benefit you and your election office. We piloted the RABET-V process with five technology providers and proved that we can consistently apply rigorous assessments of the organization and the product. The way RABET-V requires testing relevant to the change that’s made can bring testing of an update down to days or weeks rather than months — or years!
RABET-V is Now Live!
We’re pleased to announce that we’ve officially launched RABET-V to serve the election community. We expect that we can build on the progress we’ve already made to help better safeguard non-voting technology in years to come.
Visit https://www.cisecurity.org/elections/rabetv to learn more about and support RABET-V.
Marci Andino is the Senior Director of the Elections Infrastructure Sharing and Analysis Center® (EI-ISAC®) at the Center for Internet Security® (CIS®). In this role, Andino oversees engagement, account management, and education efforts for the elections community, as well as serves as the lead in managing relationships with the EIISAC Executive Committee and security executives among the states and territories. Prior to CIS, Andino served as the State of South Carolina’s Chief Election Official and Executive Director of the State Election Commission. In that role, she oversaw all elections operations in the state, implementing statewide modernized voter registration, an election management system, and online voter registration. She is also a former President of the National Association of State Election Directors (NASED).
CybersideChat
The Intersection of Governance, Risk and Compliance and Network Security
By Stephanie Gass, Director of Governance, Risk & Compliance, CISWhen governance, risk and compliance (GRC) aligns with network security, your organization benefits through improved visibility into IT risks and vulnerabilities. This allows for an increase in efficiencies and effectiveness of the risk management process. Many organizations are required to manage a multi-framework GRC program; by understanding network security, an organization can take a proactive and holistic approach to improving its security posture.
Network security is not a one-anddone approach but a continuous process of preventing vulnerabilities within the environment. It enables organizations to protect sensitive data while providing reliable access to the networks. GRC provides the ability to evaluate the risks associated with the various assets, processes, and systems that are managed on the network.
In many organizations, there is a division between governance and operational management. Those who work in governance tend to emphasize strategic planning, whereas management deals with the day-to-day operationalized approach to security. Sometimes, this results in different leadership perspectives. However, by bridging this gap and
creating a culture where strategy informs operation and operation informs strategy, they can create a more unified approach to defending against cyber threats.
These are some risks organizations should consider relating to network security:
• Operational Risks: Without proper protections, an organization’s network can be compromised resulting in the disruption of daily operations.
• Compromised Data: In the event of a breach, compromised personal identifiable information (PII) can not only carry monetary and legal costs but also a reputational impact.
• Intellectual Property: Theft of intellectual property puts an organization at risk of losing a competitive advantage through innovation and inventions.
• Regulatory Risks: There are many regulatory requirements that organizations are required to align with depending on the sector. Most align with data protection standards, such as
the General Data Protection Regulation (GDPR).
When the network security and GRC teams work together, there is minimization of risk, as both teams are aligned on the strategies and policies that ensure the organization’s safety while complying with regulations and security standards. It should be noted it is not just these two teams who need to align. All employees who have access to data, technology, and the network must come together. Even so, with clear channels of communication and strategic alignment, the network security and GRC teams can build a more holistic approach to the organization's cyber defense strategy.
Joining Forces to Secure Organizations
Globally
To start on their cybersecurity journey, some organizations choose to lean on outside guidance. Through CIS Controls Accreditation, we’re making it easier for them to find the assistance they need to start on the path to better cybersecurity.
By Charity OtwellEstablishing, maintaining, and proving an organization’s security posture remains a high priority for business, government, and regulatory bodies, especially as cyber threats continue to escalate to unprecedented levels globally. To do so, many organizations look to adopt industry-recognized and widely used best practices that provide a prioritized path to improve their cybersecurity posture, such as the CIS Critical Security Controls® (CIS Controls®). To help guide their organization on its cybersecurity journey, many choose to bring on an outside consultant to advise on the implementation of and assessment against the CIS Controls. But when looking for a consultant, it can be difficult to know if a consulting organization’s guidance truly adheres to the best practices contained in the CIS Controls. It can also be challenging to demonstrate the work completed to adopt the CIS Controls when finished.
That’s why the Center for Internet Security, Inc. (CIS®) and CREST, an international not-for-profit accreditation
When looking for a consultant, it can be difficult to know if a consulting organization’s guidance truly adheres to the best practices contained in the CIS Controls. It can also be challenging to demonstrate the work completed to adopt the CIS Controls when finished.
and certification body, joined together to offer the CIS Controls Accreditation program. This accreditation program provides vendor and consulting organizations a way to demonstrate to their customers and partners that their implementation of the security best practices contained in the CIS Controls is guided and externally assessed in accordance with the training and validation defined by two renowned authorities in cybersecurity.
Working Together to Advance Security and Resilience
To launch this effort, CIS chose to partner with CREST, an international not-for-profit, membership body representing the global cyber security industry. Similar to CIS, CREST focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration and proving security posture with the goal to help create a secure digital world for all. Through a rigorous quality assurance process, CREST has accredited over 350 member companies, operates across dozens of
countries, and certifies thousands of professionals across governments, regulators, academic institutions, training partners, professional bodies and other stakeholders around the world.
CIS Controls Accreditation offers CIS SecureSuite® Members (Controls, Consulting and Services, and Product Vendor) the ability to provide CIS Controls implementation, auditing, and/or assessment with the assurance that they have met the consistent and rigorous standards of CREST certification. Every organization that achieves the Controls Accreditation is externally assessed in accordance with stringent criteria defined by CIS and CREST. This program offers service providers a “stamp of approval” at the organization level, assuring that their customers can feel confident that they are doing business with a reputable and reliable CIS Controls assessment organization.
For vendors and services providers, Controls Accreditation allows them to gain confidence with and trust of their customers by offering assurance that their organization has met the rigorous standards CIS set for organizations to conduct CIS Controls assessments. Additionally, it allows them to market and sell their services with independent, verifiable quality assurance that they meet CIS and CREST standards, which provides credibility, inspires customer confidence, and distinguishes them from other service providers.
For customers of CIS Controls accredited organizations, they can be confident that they are engaging with qualified service providers to assess and improve their organization’s cybersecurity posture. Following the engagement, the end-user organization can easily demonstrate that their cybersecurity posture meets the best practice recommendations of the CIS Controls by a verified service provider.
This is the first initiative pairing the CIS Controls with a program to deliver accredited consulting. Together, CIS and CREST hope that this program helps advance security and resilience to achieve better global cybersecurity.
CIS Controls Accreditation
This is the first initiative pairing the CIS Controls with a program to deliver accredited consulting. Together, CIS and CREST hope that this program helps advance security and resilience to achieve better global cybersecurity. Vendors and service provides who want to learn more about CIS Controls Accreditation eligibility and how to apply can visit https://www.cisecurity.org/cis-securesuite/pricing-and-categories/services-and-consulting/ cis-controls-accreditation. End-user organizations looking to find a Controls Accredited provider can find a list of currently accredited organization at https:// www.cisecurity.org/cis-securesuite/pricing-and-categories/services-and-consulting/cis-controls-accreditation/ controls-accreditation.
Charity Otwell is the Director of the CIS Critical Security Controls for CIS. She has nearly 20 years of experience in the financial services industry and has built and led various programs such as Business Continuity, Disaster Recovery, Technology Governance, and Enterprise Architecture in a highly regulated environment. Before coming to CIS, Otwell was a GRC champion and practitioner with a focus on risk assessment, process optimization, process engineering, and best practice adoption for a top-50 bank within the United States. She also helped manage the relationship with federal regulators and the management of federal regulatory exams. She completed undergraduate and graduate studies in Birmingham, Alabama and holds multiple industry certifications.
ISACUpdate
MS-ISAC Executive Committee Delivers Their Perspectives to Washington, D.C.
By Karen Sorady, Vice President of Strategies and Plans, MS-ISACIn the complex world of cybersecurity challenges faced by U.S. State, Local, Tribal, and Territorial (SLTT) governments, the idea of tackling these ever-increasing threats alone is an overwhelming thought. But there’s a strong community ready to help — the Multi-State Information Sharing and Analysis Center® (MS-ISAC®). As a cornerstone of digital defense, the MS-ISAC stands for the idea that we are stronger and more capable at defending against cyber threats together than we are alone.
Originally created by states for states, the MS-ISAC has grown to include nearly 17,000 members from all levels of SLTT governments. The MS-ISAC community believes that by sharing our collective experiences, insights, and strategies, we can build stronger cyber defenses against the common enemies we face.
At the core of the MS-ISAC’s approach is the principle of community as a critically important layer of cyber defense. This unique strategy places mutual support and shared
knowledge near the center of our collective cybersecurity efforts. By adopting this mindset, the MS-ISAC not only provides a platform for collaboration and knowledge exchange but also delivers on the promise that facing cyber threats alone can, and should, be a thing of the past.
MS-ISAC Executive Committee Champions the Cause
At the heart of the MS-ISAC’s efforts is the Executive Committee , a group of dedicated, experienced, and passionate leaders from across the country who are elected to be the voice of the members. The Executive Committee’s goal is clear: to support the cybersecurity needs of SLTT governments, ensuring MS-ISAC members are armed with the resources they need to effectively defend against today’s cyber threats.
MS-ISAC Represented Before Influential Groups
In a meeting held in Washington, D.C. in early March, the MS-ISAC Executive Committee discussed key issues with various national organizations, federal entities, and elected officials. Their goal was to align the feedback and data from the MS-ISAC community to inform a stronger
At the heart of the MS-ISAC’s efforts is the Executive Committee, a group of dedicated, experienced, and passionate leaders from across the country who are elected to be the voice of the members.
The MS-ISAC Executive Committee meeting in Washington, D.C. was just the start. It marks the beginning of increased collaboration and understanding to inform the focus and alignment of federal, SLTT, and nongovernmental efforts in strengthening SLTT cybersecurity postures.
national path forward for cybersecurity advancements and collaboration in the SLTT community.
The discussion on requirements to develop this strategy included
meetings with the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the National Cyber Director at the White House, legislative staff, the U.S. Department of Education, and many other important organizations. These discussions are crucial for building the future of cybersecurity and creating a safer, more resilient digital environment for SLTT governments.
Only the Beginning
The MS-ISAC Executive Committee meeting in Washington, D.C. was just the start. It marks the beginning of increased collaboration and understanding to inform the focus and alignment of federal, SLTT, and non-governmental efforts in strengthening SLTT cybersecurity postures. The relationships and partnerships formed here are expected to grow stronger as we strive to replicate and expand this meeting in the years to come.
The Executive Committee’s work, both at the meeting in Washington, D.C., and their tireless efforts throughout the year, light a way forward where dialogue, partnership, and a shared mission
come together to strengthen the digital defenses of our nation’s SLTT governments.
The MS-ISAC Executive Committee continues to ensure that the MS-ISAC remains a member-centric and requirements-driven organization for the SLTT community. Through the important work done at this meeting and beyond, they stand as a beacon of strength and resilience, exemplifying an unwavering commitment to making the connected world a safer place.
UpcomingEvents
April
April 3
GovTech will host the Nevada Public Sector Cybersecurity Summit at the Atlantis Casino Resort and Spa in Reno, Nevada. The event will provide an opportunity for government technology professionals from across the state to learn about the latest efforts to defend, respond, and recover from cyber criminals who wish to do harm. MS-ISAC Regional Engagement Manager Elijah Cedeno will participate in a panel discussion on collaboration and partnerships for strengthening cybersecurity. Learn more at https:// events.govtech.com/Nevada-PublicSector-Cybersecurity-Summit.html
April 4
The Inaugural Baltimore Cybersecurity Summit will take place at the BWI Airport Marriott in Linthicum Heights, Maryland. It will bring together leaders and cybersecurity professionals to learn about the latest cyber threats. Tim Harrison, Senior Cybersecurity Engineer at CIS, will lead a panel discussion on cloud security. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https:// cybersecuritysummit.com/summit/ baltimore24/.
April 5
The 5th Annual Nashville Cybersecurity Summit will take place at the Renaissance Nashville Hotel in Nashville, Tennessee. It will bring together leaders and cybersecurity professionals to learn about the latest cyber threats. Eric Pinnell, Senior Cybersecurity Engineer at CIS, will lead a panel discussion on emerging threats. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/ summit/nashville24/.
April 8 – 10
The Consortium of School Networking (CoSN) will host the CoSN 2024 Annual Conference at InterContinental Miami Hotel in Miami, Florida. The event will bring together education technology leaders and professionals from across the country to learn and discuss leading education innovation for the future of learning in a time of unprecedented change. Learn more at https://www. cosn.org/cosn2024/.
April 11
GovTech will host the South Dakota Digital Government Summit at Ramkota Hotel and Conference Center in Pierre, South Dakota. The event will bring technology-focused public sector professionals across the state and leading industry partners together to connect on innovative approaches, get inspired, and discover new technologies. MS-ISAC Regional Engagement Manager Michelle Nolan will be a featured panelist at the event. Learn more at https://events. govtech.com/South-Dakota-DigitalGovernment-Summit.html.
April 12
The 10th Edition of the Dallas Cybersecurity Summit will take place at the Sheraton Dallas Hotel in Dallas, Texas. It will bring together leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/ summit/dallas24/.
April 18
The 2024 Annual New Jersey GMIS Technology Education Conference will take place at the Palace at Somerset Park in Somerset, New Jersey. The event will gather thought leaders, innovators, policymakers, and industry experts from New Jersey to discover opportunities for collaboration between government and technology as well as explore the transformative power of technology in the public sector. MS-ISAC Regional Engagement Manager Elijah Cedeno will participate in a panel discussion on cybersecurity challenges facing state and local governments. Learn more at https://www.njgmis.org/ tec2024-202221.html.
April 19
The Inaugural Waltham Cybersecurity Summit will take place at the The Westin Waltham Boston in Waltham, Massachusetts. It will bring together business leaders and cybersecurity professionals to learn about the latest cyber threats. Michael Wicks, Cybersecurity Engineer at CIS, will lead a panel discussion on cloud security. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/ summit/waltham24/.
April 23
2024 Arizona Cyber Partners Summit will take place at Scottsdale Community College in Scottsdale, Arizona. The event will bring together the state's cybersecurity stakeholders to collaborate on improving cybersecurity for the its citizens. MS-ISAC Regional Engagement Manager Elijah Cedeno will share information about no-cost cybersecurity resources for the state’s government agencies at the event.
April 26
The Finance & Risk Cybersecurity Summit will take place virtually. It will bring together business leaders and cybersecurity professionals to learn about the latest cyber threats affecting the financial landscape. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/ summit/finance24/.
April 28 – May 1
The National Association of State Chief Information Officers (NASCIO) will host the NASCIO 2024 Midyear Conference at the MGM National Harbor in National Harbor, Maryland. The conference will bring together state IT leaders and professionals from across the country to network, learn about the latest industry updates, and discover new technology solutions. Learn more at https://www.nascio.org/conferencesevents/2024midyear/.
May
May 1
Inland Northwest K-Gray Secure by Design will take place at the Talbott Event Center in Spokane, Washington. The event will bring government agencies and technology companies together to collaborate on improving cybersecurity for the nation's citizens. MS-ISAC Regional Engagement Manager Michelle Nolan will share information about no-cost cybersecurity resources for the state’s government agencies at the event.
May 2
The Inaugural Milwaukee Cybersecurity Summit will take place at the Hyatt Regency Milwaukee in Milwaukee, Wisconsin. It will bring together business leaders and cybersecurity professionals to learn about the latest cyber threats. Justin Brown, Cybersecurity Engineer at CIS, will lead a panel discussion on cloud security. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/ summit/milwaukee24/.
May 6 - 9
RSA Conference 2024 will take place at the Moscone Center in San Francisco. The event is where the cybersecurity world comes together to gain invaluable insights, engage in deep conversations, and discover transformative solutions that can make an impact on your organization. Attendees will be able to participate in the industry’s most comprehensive agenda, featuring hundreds of sessions covering the latest cybersecurity challenges and best practices. CIS Senior VP and Chief Evangelist Tony Sager and VP of Security Best Practice Content Development Phyllis Lee will co-lead a session at the event, From Attacks to Action: An Open Community Model to Drive Defensive Choices . Information Security Operations Manager Mathew Everman will also lead a general session, Shades of Purple: Getting Started and Making Purple Teaming Possible , as well as a Birds of a Feather session, Purple Teaming Possibilities: Practical Insights to Getting Started. Additionally, the CIS team will share our cybersecurity resources with attendees at Booth 4319 in the North Expo Hall. Learn more at https://www. rsaconference.com/
May 17
The 2nd Annual Austin Cybersecurity Summit will take place at the JW Marriott Austin in Austin, Texas. It will bring together business leaders and cybersecurity professionals to learn about the latest cyber threats. Tim Harrison, Senior Cybersecurity Engineer at CIS, will lead a panel discussion on cloud security. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/ summit/austin24/.
May 21
The 8th Annual Denver Cybersecurity Summit will take place at the Hilton Denver City Center in Denver, Colorado. It will bring together business leaders and cybersecurity professionals to learn about the latest cyber threats. Tim Harrison, Senior Cybersecurity Engineer at CIS, will lead a panel discussion on cloud security. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/ summit/denver24/
May 22
The Maine Municipal Association (MMA) will host the MMA Municipal Technology and Innovation Conference in Augusta, Maine. The event will provide a wealth of new educational offerings to municipal IT leaders and professionals from across the state, including workshops looking at various technology topics such as broadband access, cybersecurity, new energy, and digital literacy and inclusion. MS-ISAC Regional Engagement Manager Elijah Cedeno will lead a session on no-cost cybersecurity resources for local governments. Learn more at https:// www.memun.org/Training/ConferencesConventions/Technology-Innovation
June
June 4
GovTech will host the New Hampshire Digital Government Summit at the DoubleTree by Hilton Manchester Downtown in Manchester, New Hampshire. The event will bring together technology focused public-sector professionals from across the state with leading industry partners to connect on innovative approaches, get inspired, and discover new technologies. MS-ISAC Regional Engagement Manager Elijah Cedeno will be a featured panelist at the event. Learn more at https://events. govtech.com/New-Hampshire-DigitalGovernment-Summit.html.
June 5
Secure Our Alaska will take place at the Egan Convention Center in Anchorage, Alaska. The conference is the state’s foremost cybersecurity event designed for government agencies, critical infrastructure providers, and technology companies. MS-ISAC Regional Engagement Manager Michelle Nolan will share information about no-cost cybersecurity resources for the state’s government agencies at the event. Learn more at https:// alaskacybersummit.com/.
June 6
Idaho Association of Counties (IAC) will host its IT Leaders Summer Meeting at the Bonneville County Elections Facility in Idaho Falls, Idaho. The event will bring together county IT leaders from across the state for education, trending topics, and networking opportunities. MS-ISAC Regional Engagement Manager Michelle Nolan will lead a session at the event on no-cost cybersecurity resources for local government. Learn more at https:// idcounties.org/events/2024-it-leaderssummer-meeting/.
June 6
The 2nd Annual Salt Lake City Cybersecurity Summit will take place at the Sheraton Salt Lake City Hotel in Salt Lake City, Utah. It will bring together business leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https:// cybersecuritysummit.com/summit/ saltlakecity24/.
June 10 - 12
AWS re:Inforce will take place at Pennsylvania Convention Center in Philadelphia, Pennsylvania. This unique event is focused exclusively on AWS security solutions, cloud security, compliance, and identity. Attendees will spend two and a half days focused on the in-depth learning with AWS security experts and technically validated partners as well as gain actionable solutions to improve their organization’s security posture. Learn more at https:// reinforce.awsevents.com/.
June 13
The Healthcare & Pharma Cybersecurity Summit will take place virtually. It will bring together business leaders and cybersecurity professionals to learn about the latest cyber threats affecting the healthcare landscape. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/ summit/healthcare24/.
June 14
The Inaugural Oklahoma City Cybersecurity Summit will take place at the Sheraton Oklahoma City Downtown Hotel in Oklahoma City, Oklahoma. It will bring together business leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https:// cybersecuritysummit.com/summit/ oklahomacity24/.
June 18
The 3rd Annual Hudson Valley Cybersecurity Summit will take place at Marist College in Poughkeepsie, New York. The event is geared to help municipal leaders, school districts and higher education administration, fire and police agencies, and IT professionals be better prepared against cyber threats. MS-ISAC Regional Engagement Manager Elijah Cedeno will participate in a panel discussion on cybersecurity resources and strategies for public agencies.
June 23 - 26
The 17th ISAC Annual Meeting will take place in Orlando, Florida. The event will provide opportunities for attendees to network with peers from other U.S. State, Local, Tribal, and Territorial (SLTT) government organizations, glean key insights from cybersecurity experts, and stay ahead by exploring the latest methods and tools for defending against cyber attacks today and in the future. Learn more at https://www. cisecurity.org/event-calendar/annualisac-meeting.
June 25
The 2nd Annual Hartford Cybersecurity Summit will take place at the Hartford Marriott Downtown in Hartford, Connecticut. It will bring together business leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https:// cybersecuritysummit.com/summit/ hartford24/.
June 26 - 27
The AWS Summit Washington DC will take place at the Walter E. Washington Convention Center in Washington, D.C. This no-cost event is tailored for the public sector community. Attendees will engage in interactive learning, network among public sector industry leaders and AWS experts, engage with partners driving innovation, and so much more. Learn more at https://aws.amazon.com/ events/summits/washington-dc/
June 27
The 2nd Annual Pittsburgh Cybersecurity Summit will take place at the Wyndham Grand Pittsburgh Downtown in Pittsburgh, Pennsylvania. It will bring together business leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, U.S. State, Local, Tribal, and Territorial (SLTT) government entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https:// cybersecuritysummit.com/summit/ pittsburgh24/
July
July 9 - 12
The National Association of Secretaries of State (NASS) will host the NASS 2024 Summer Conference in San Juan, Puerto Rico. The event will bring together the nation’s Secretaries of State and their staff together to network, learn about trending topics in the industry, and discover new solutions and strategies for serving their constituents. Learn more at https://www.nass.org/ events/nass-2024-summer-conference.