Central Delaware
Local officials get eye-opening cyber security lesson
Pictured at Tuesday’s Greater Dover Community Cyber Security Awareness Exercise are, from left, Kent County Levy Court Technology Administrator Dorothy Cheatham, City of Dover IT Director Andrew R. Siegel and State of Delaware Chief Security Officer Elayne Starkey. (Delaware State News/Craig Anderson photo)

DOVER — The second phase of a local effort to increase cyber security throughout the private sector and governmental computer networks of Kent and Sussex counties began with an innocent looking email Tuesday morning.
The simulated opening of the transmission opened up a technological Pandora’s box of potential security compromises, and 60 participants in the first Greater Dover Community Cyber Awareness Tabletop Exercise were alerted to worst-case scenarios.
The email wasn’t real, but City of Dover and Kent County organizers wanted to provide various IT managers, technology coordinators, analysts, finance directors, network technicians, information security officers, consultants and others a taste of what happens when a network is invaded by devious hackers. Participants spent seven hours evaluating methods of response and consequences from a seemingly minor security breach at the time.
The program was part of a four-year federal grant from the Department of Homeland Security designed to enhance a culture of security in a never-ending competition of advances between hackers and the legitimate computer networks fighting off attempted illegal infiltrations.
Delaware was one of three states — Texas and California were the others — to take part in the first phase of the grant program, which enlisted the services of the Center for Infrastructure Services for three years of training sessions beginning in 2009. Local IT professionals formed the Greater Cyber Security Awareness Group to begin learning more ways to protect data from online criminals attempting to harvest information.
“For IT people this is all common knowledge, but for a great majority of employees security concerns are not always so obvious,” City of Dover IT Director Andrew R. Siegel said. “We’re putting this on with a community focus and the sense that we all have to protect one another and share information that we’ve gained through training.
“People tend to exist in their own silos, so to speak, when it comes to technology and security and the goal of our organization is to make that more of a global concern.”
Kent County Levy Court Technology Administrator Dorothy Cheatham attended CIAS sessions since the beginning three years ago, and said Tuesday’s exercise was designed to impart what had been learned to a wide-ranging group of participants.
“This is the first time CIAS has turned it over to us,” Ms. Cheatham said. “The goal has always been to get greater community education going, and that’s what today is all about.”
In a second floor conference room at Levy Court, technology professionals espoused caution during the session that was held from 8 a.m. to 3 p.m. in the county’s main administration building on Bay Road.
“We’re stressing the importance of cyber security and how sophisticated a hacking community there is,” said Elayne Starkey, the state of Delaware’s chief information security officer who spoke to the assembled group first thing in the morning.
“It is a never-ending job to work on protecting databases and personal information. As a government we’ve been given personal information from the public as a nature of the operation, and it’s our responsibility to protect it with every means of security possible.”
Ms. Starkey illustrated the fallout from a November 2012 security breach in South Carolina’s state system that cost $20 million to respond to, and left 687,000 citizens and 300,000 businesses with their personal data swiped. Besides the personal costs, Ms. Starkey said government breaches “take a lot of time to rebuild the public’s trust.”
Program participant Dave Skocik of PR Delaware said the program was valuable as a “cross-disciplinary event for a person who works on the Internet but might not be aware of the importance of basic handling of information.”
Kent County IT Director Kim Crouch said that all employees must know the pitfalls of engaging with unknown email sources and taking steps to cut down on vulnerability to phishing for information that could wreck a computer system and those whose identity is often spelled out online.
“Education is a key,” Ms. Crouch said. “Not everyone is aware of just how much hacking and false advertising is being spread around these days, and it’s important to realize just what steps can bring more security for all.”

City of Dover Mayor Carleton E. Carey, who gave opening remarks and organizers said was a front row participant in the first phase of education programs with CIAS included this statement when promoting the cyber security exercise to participants:

“Do not get complacent in your everyday work schedule … Virtually everything can be at risk. Cyber intrusion can cripple businesses, cities, states and even the world if we let it get out of control.”

The Greater Dover Community Cyber Security Group meets quarterly, and said the exercise is the first in a planned series of continuing community cyber awareness program.

Staff writer Craig Anderson can be reached at 741-8296,
or DSNAnderson on Twitter.