Stop.Think.Connect. Campaign Update July 2014

In this Issue

Cyber Smarts for Young Professionals
National Cyber Security Awareness Month 2014 Themes Announced
Partner Spotlight: CyberWatch West
Federal Spotlight: Department of Homeland Security Cyber Exercises

Cyber Smarts for Young Professionals

Searching for and starting your first internship or job can be an exciting and nerve wracking experience. Writing a good resume, networking, and honing your skills and qualifications are important activities for young professionals, but staying safe and responsible online can also play a big role in landing and keeping a job. Young professionals should be careful about how they portray themselves online – or how they manage their “personal brand.” Employers are increasingly using social media as a method to help screen potential candidates, and your online activities both at home and at work can help determine if you move up the career ladder or find yourself job searching again.

To help safeguard your online brand and protect your personal information, follow these tips from the Stop.Think.Connect.™ Campaign:

Think before you post. Young professionals today have grown up with the Internet and see it as a normal part of everyday life. Posting where you are, what you are doing, who you are with – this may feel natural to young adults. But this amount of information sharing can be detrimental, with current and potential employers using what you post to form their opinions. This level of information can also benefit cyber criminals, who can use this information to access your online accounts and steal your identity.

Protect your online brand. Periodically conduct an online search to see what others find when searching for you. Regularly review what others are posting about you or on your profiles or accounts and remove questionable content.

Manage your privacy settings. Ensure your privacy settings allow only people you know to access your profiles or posts. When possible, manage settings so that you can approve what others post about you on social networks. Keep your personal and professional lives separate on social networks by managing settings so that you only friend or follow the appropriate people for each.

Use work devices appropriately. Do not visit inappropriate websites or conduct a lot of personal activity on company-owned devices. Check with the company information technology (IT) department before downloading any software to your work devices. Follow the company’s online and social media guidance and regulations.

Think before you act. Be wary of emails and links from unknown sources. Many cyber criminals target employees in phishing scams to access company networks. Check with supervisors or the IT department before providing personal information to people – via phone or email – who are acting on behalf of the company or a vendor.

For more information on how young professionals can stay cyber safe at work and home, access Stop.Think.Connect. resources for young professionals.

National Cyber Security Awareness Month 2014 Themes Announced

October 2014 marks the 11th annual National Cyber Security Awareness Month, a time to focus on cybersecurity as a shared responsibility, with everyone playing a role. Each week in October will highlight a specific theme, giving government, industry, and individuals an opportunity to participate in cybersecurity activities most relevant to them. The weekly themes are as follows:

Week One: October 1-3, 2014

Promote Online Safety with the Stop.Think.Connect. Campaign

Cybersecurity is a shared responsibility, and everyone can take a few simple steps to make the Internet more secure.

Week Two: October 6-10, 2014

Secure Development of IT Products

Building security into information technology products, including the phones, tablets, and computers we use every day, is key to enhanced cybersecurity.

Week Three: October 13-17, 2014

Critical Infrastructure and the Internet of Things

The importance of protecting critical infrastructure and properly securing all devices, including household items that are connected to the Internet.

Week Four: October 20-24, 2015

Cybersecurity for Small and Medium-Sized Businesses and Entrepreneurs

Showcasing what emerging and established businesses can do to protect their organization, customers, and employees.

Week Five: October 27-31, 2014

Cyber Crime and Law Enforcement

Working with law enforcement to combat cyber crime and educate the public on how to protect themselves from online crime.

For the latest information on National Cyber Security Awareness Month 2014, visithttp://www.dhs.gov/national-cyber-security-awareness-month-2014.

Partner Spotlight: CyberWatch West

CyberWatch West is a new member of the Stop.Think.Connect. Academic Alliance. Dedicated to increasing the quantity and quality of the nation’s cybersecurity workforce, CyberWatch West provides a forum for a growing network of educational institutions, and private sector and government partners in the western United States that focus on student development, curriculum development, faculty development, and partnerships. Whatcom Community College is the lead institution and the CyberWatch West center is located on its campus in Bellingham, Washington. CyberWatch West members include over 50 educational institutions.

As part of its mission, CyberWatch West conducts the following activities:

Hosts cyber competitions for college and high school students. These competitions allow students to learn and showcase skills, network with other students and faculty, and compete for awards.
Conducts outreach and awareness activities to students in grades K-12 to promote cyber as a fun, challenging, and viable career opportunity.
Connects students to training, professional development, mentorship, and scholarship opportunities, and promotes the development of cyber-focused student organizations and clubs.
Provides financial aid, through its Faculty Graduate Program, to faculty looking to pursue graduate studies in cybersecurity.
Develops and facilitates a faculty training program, of which most classes are free to members.
Offers guidance and resources for cyber curriculum development.

High schools and higher education institutions can join CyberWatch West as Institutional Members. Other organizations interested in working with CyberWatch West can become an official partner. To learn more about CyberWatch West, visit www.cyberwatchwest.org.

Federal Spotlight: Department of Homeland Security Cyber Exercises

An activist group is protesting the development of a new marine terminal that will disrupt local wildlife. Using a spear phishing campaign against employees of a local water utility company, the group uses employee credentials to hack into the company’s industrial control systems. Planting malicious code into vulnerable software, the group is able to remotely shut down valves, disrupting water distribution to thousands of residents. The activist group demands the city shut down the development of the new marine terminal or else they will further disrupt the city’s public utilities.

Thankfully, this did not happen in real life. Instead, this was a scenario used in a recent Department of Homeland Security cybersecurity exercise. Just as a fire drill helps students understand exactly what to do and where to go during a fire, cyber exercises help organizations practice their procedures so that should a cyber attack occur, the incident response is timely and coordinated and the impact of the attack is lessened.

DHS has a mission to lead the federal government effort to enhance our nation’s cybersecurity. This includes improving our cyber incident response capability and identifying and protecting against potential cyber risks. As part of this mission, DHS facilitates numerous cybersecurity exercises that bring together government, industry, and international partners.

The largest of these exercises are part of the DHS Cyber Storm Exercise Series. A biennial national-level exercise, the series began in 2006 with Cyber Storm I, the first government-led, full-scale cyber exercise. Since then, DHS has sponsored Cyber Storms II, III and IV, and DHS component, the Federal Emergency Management Agency, focused its 2012 National Level Exercise on cybersecurity as well.

These exercises help identify where government and industry need to strengthen and improve their cyber incident response. For example, findings from Cyber Storm II identified the need for a national coordination center dedicated to cybersecurity. In response, DHS developed the National Cybersecurity and Communications Integration Center (NCCIC). The NCCIC is a 24x7 cyber situational awareness, incident response, and management center that brings together partners from all levels of government, critical infrastructure, intelligence, and law enforcement communities. NCCIC processes and capabilities were tested during Cyber Storm III.

The latest exercise, Cyber Storm IV, included a series of exercises focusing on individual communities, including multiple states. These building block exercises occurred at the Federal, state, and international levels, providing the opportunity to design focused events that evaluate specific capabilities.

Aside from national, comprehensive cyber exercises, DHS also supports cyber exercises focused on states and other organizations. For many states, a DHS-facilitated cyber exercise is one of the first or only times they are able to really look at their cyber response capabilities and test their cyber incident response plans.

Cyber Storm and other cyber exercises are run by the DHS Office of Cybersecurity and Communications, Operational Planning, Exercises, and Training Integration Unit. For more information about DHS recent cyber exercises, visit http://www.dhs.gov/cyber-storm-securing-cyber-space.