Idaho Cybersecurity Awareness: On a Mission to Equip Citizens with the Knowledge They Need to Safely Access the Internet

TL; DR: Idaho Cybersecurity Awareness is a state-run website working to help citizens reduce online risk via information, resources, and training. The free site offers tools tailored to the needs of parents, teens, kids, educators, and small businesses alike. Moving forward, the team behind Idaho Cybersecurity Awareness hopes to increase strategic partnerships and outreach at the county level to ensure critical infrastructure, such as election systems, is protected from malicious exploits.

Cyberattacks are painful events for businesses of all sizes, but they can be downright devastating for SMBs.

According to Idaho Cybersecurity Awareness, approximately 60% of small businesses are forced to shutter their doors within just six months of a breach.

“Small businesses tend to be a huge target,” said Keith Tresh, Chief InfoSec Officer at Idaho Cybersecurity Awareness. “Statistics show that 43% of all hacks are aimed at small businesses, yet only 14% are equipped to actually handle such attacks.”

Idaho Cybersecurity Awareness, a state-run website, is working to provide businesses and residents the information, resources, and training they need to reduce online risk. The state’s goal is to keep readers informed of the threats that exist, their potential impacts, and mitigation strategies.

“A significant part of our site is dedicated to increasing awareness for Idaho citizens of all walks of life — including parents who are trying to restrict their young children’s access, and entrepreneurs looking to defend their small businesses with limited resources,” said Lance Wyatt, Information Security Engineer at Idaho Cybersecurity Awareness. “Then, we’re trying to provide cybersecurity tools to implement in those various environments.”

The site includes advice and commentary from the team, advisory alerts, access to online cybersecurity courses, basic security frameworks, and information on filing internet crime complaints, among other resources.

Keith and Lance told us that, in the future, the goal is to ramp up strategic partnerships and outreach at the county level. This will help ensure that mission-critical online infrastructure, such as election systems, is protected from cyber threats.

Lance and his team relaunched Idaho Cybersecurity Awareness in 2019 after upgrading the site to make meaningful content more accessible.

“In the process of revamping the website, the team took a look around and saw that the Multi-State Information Sharing and Analysis Center (MS-ISAC) had a competition for best cybersecurity website,” Keith said. “They decided to take notes from the past winner to create a better site of their own.”

The effort was so successful that the State of Idaho finished first place in the MS-ISAC Best of the Web contest held during cybersecurity month in September 2019, before Keith joined the team.

“Now, in addition to winning the award, we’ve got a frontend with meaningful metrics, links to relevant resources, and strong content designed to help pretty much any user build a better cybersecurity posture,” Keith said.

Since then, the goal has been to expand and update the number and types of resources provided on the site.

“We’re on a constant mission to keep the resources current, making sure that there are not more available that we’re missing out on, and vetting materials that are contributed to us voluntarily,” Lance said. “We’re always reviewing material, making sure it’s relevant, simple to understand, and easy to implement.”

Lance said he and Keith seek feedback from cybersecurity experts in other governmental agencies as well as those in higher education. “They are also looking at our information and giving us good input and evaluations.”

To that end, Keith said the team is also building strategic partnerships with universities in Idaho and the Idaho National Labs (INL), one of many national laboratories under the U.S. Department of Energy.

“The strategic partnerships we’re building are going to help us provide more and better resources for folks in a lot of different areas — we’re excited about that,” he said.

In 2017, Idaho leaders appointed Jeff Weak, a veteran U.S. Air Force information technology and cybersecurity officer, as the state’s first Director of Information Security. He also serves as administrator of Idaho’s Information Technology Services (ITS).

“The most recent direction from Administrator Jeff Weak is for us to focus on community outreach,” Keith said. “We want to make sure people are aware the site is out there, and we want to get the site to a point where it’s user-friendly for all audiences — small-business owners, parents, schools, students — the entire community.”

Keith said that one of the biggest challenges is pairing the right information with the right group. That’s why the site’s cybersecurity awareness resources, featured on the home page, are clearly segmented based on demographics.

“You certainly don’t want to give a small-business owner a resource that is meant for a large enterprise because it wouldn’t work well for them,” he said. “We’re focused on staying abreast of the latest information and making sure we’re tailoring content to specific users with everything from resources designed for protecting children from online threats to free classroom curriculum for educators.”

Businesses, for example, can leverage the site for free security toolkits, online resources for securing networks and computer systems, access to the National Cyber Awareness System, security configuration benchmarks, disaster recovery information, and links to other useful information.

For more than a decade, industry leaders have warned of a persistent and growing shortage of workers with tech skills.

According to Deloitte’s “Cyber Risk in Consumer Business” study, almost 350,000 online security jobs in the U.S. remained unfilled as of July 2017. The situation is expected to snowball from there, with the global shortfall in the IT security workforce projected to surpass 1.8 million workers by 2022.

Keith told us that the situation in the public service sector is no different.

“I’ve been in public service almost my entire life — first in the military, and then working for two different states,” he said. “One of the things that I’ve found in public service — and within cyber as a whole — is that we don’t have enough bodies to fill cybersecurity jobs. When you add in the next layer, which is that public entities don’t have the money to pay top-dollar salaries, the problem gets worse.”

That’s one of the reasons Keith is working with local universities and the INL on workforce development. The goal is to help educational institutions create hands-on learning opportunities that emulate work in the field.

“We’re also working to create internships that allow students to see what cybersecurity in the public sector is all about,” he said. “It helps them with their studies but also helps us potentially recruit future talent.”

Lance said that a recruiting pipeline from universities to entry-level jobs in the public services sector would be a win-win situation for all parties involved.

“We could start grooming people for the operational environment, and they get a chance to see how it works,” he said. “Frankly, one of the benefits that we bring to the table in terms of government work, especially within the state, is that we have some interesting capabilities and access to information that the private sector doesn’t.”

In the private sector, he said, cybersecurity employees must focus on ensuring that the networks and computer systems supporting a company’s mission function properly.

“We get to participate with the federal government, law enforcement, and the National Guard,” Lance said. “We get to have all that integration and access to all those different functions — it becomes very intricate. You get a very broad overview of how cybersecurity works across multiple disciplines and industry sectors.”

As for what the future holds, Keith and Lance are working on strategic partnerships to help counties mitigate cyber threats.

“It’s tough enough at the state level to combat cyber threats, but we want to start working with counties, providing them resources and advice,” Lance said. “That’s what we’re moving toward through strategic partnerships with the National Guard and the Office of Emergency Management (OEM) as well.”

The team is also working with Idaho’s Secretary of State office on election system infrastructure. “We’re partnering closely with them to assist in making that cyber-security mission happen,” Lance said.