Marc Thorson, MBA, Executive Director for Regional Technology Services in the NIU Division of Information Technology, will be presenting a Dec. 4 Civic Leadership Academy webinar on The State of Cybersecurity and How to Be Proactive. This course is aimed at city/county managers and other local government employees. We spoke with Marc to learn more about the course and the cybersecurity threats facing local governments today.
Register for the course on the NIU Civic Leadership Academy website.
Can you start by sharing why it’s important for local government leaders to have up-to-date knowledge about cybersecurity?
It’s vital for the risk management and liability of their organization. In the past, I’ve worked in local government for many years, and what kept me up at night is that we just don’t know all of the threats that are coming. Even though our tools have improved, hackers are still a step ahead of us and every organization is a target. It’s really not a matter of if your organization will be attacked, but when. We have to assume at this point that a cyberattack will happen, and we have to be prepared to mitigate risk and limit the damage when an attack is detected.
So what local government leaders need to know is that cyber threats are not going away. Cybersecurity is an investment for the future that your organization can’t afford not to make.
This course will help people to separate out the real threats from sensationalism, so they can make informed decisions about the best way to invest their cybersecurity resources.
Can you share an example or two of the types of cybersecurity attacks that affect local government bodies?
There were several high-profile incidents recently in Illinois where a town’s or village’s network was hacked and data was breached. Generally, cybercriminals are after money, so they are looking to hack into networks to obtain financial information and other confidential data that they can use to access bank accounts.
There are also some attacks that are more rare but particularly dangerous where hackers target water treatment plants, electrical grids or other utilities. This can pose a serious risk to critical infrastructure and public health.
What kind of skills or knowledge do you want people to walk away from this course with?
What I want people to take away is an understanding of how the cybersecurity landscape is changing, what’s current and what is coming down the pipe to us as we move into the future. In the past I’ve taught several courses where we dove specifically in the details of a what a risk assessment looks like and how to practice an incident response plan. In this course, the goal isn’t to dive into the weeds, but instead to give a high-level overview of the types of threats that exist and the responses available to mitigate those threats.
Another thing people will walk away with is an idea of why investing in cybersecurity is so important – so that leaders have the language to talk about these risks to their community and clearly explain their cybersecurity goals and projects. If civic leaders have the goal of cybersecurity, but they can’t get their leadership and community on board, then it’s a failure-to-launch scenario.
Can you share a little bit about sort of your background and how you came to work in cybersecurity?
I’m dating myself… but I’ve been working with computers basically since personal computers became available! I was fortunate enough to have a father who was a systems analyst, so I was able to learn about data systems and data processing from a young age.
My first job toward my career was shortly after high school as a part time IT technician for a local village, and then I’ve had many different roles over the years related to network engineering and programming. I’ve worked for three local governments, an educational institution, as well as a nonprofit company, so I’ve seen a wide range of different organizations, some with many resources and others where resources were much more scarce.
One of my missions is to help organizations with limited resources – such as local governments – make the most of those resources they do have so they can find workable solutions to the cybersecurity landscape. Even without the budget of a large organization, there’s a lot you can do to achieve compliance and be more prepared for possible cybersecurity threats.
I came to NIU about 6 years ago to help NIU continue a large grant-funded project to bring fiber optic broadband to the region – especially helping rural communities that had been largely ignored by broadband companies. Since then, I’ve had the opportunity to work with the NIU Center for Governmental Studies to help northern Illinois communities assess and manage their networks and their broadband technology – and, of course, cybersecurity is a big part of this.
My education is largely in business – I have an undergraduate degree in business management as well as my MBA – and I love bringing insights from the business school in to help local governments. Local governments often lag behind private industry in terms of investing and preparing for cyberattacks, so we have the potential to make a positive difference by sharing this information.
What resources do you recommend as a starting point for leaders who want to expand their knowledge about cybersecurity?
There are several great free resources out there designed to support local governments! Here are a few I’d recommend starting with:
- The Cybersecurity and Infrastructure Security Agency (CISA) – This federal agency is the national coordinator for cyber defense. They have a wealth of information about the threat landscape and steps you can take to protect your organization – all shared in everyday language that is easy to understand.
- Center for Internet Security (CIS) – This nonprofit organization is free to join and offers a wealth of resources to member organizations – most at no cost. They provide timely advisories about current threats, such as vulnerabilities in web browsers and other software, and they can help you analyze a suspected cyberattack on your organization.
- CIS Multi-state Information Sharing and Analysis Center – This division of CIS is designed specifically to help state, local, tribal and territorial governments collaborate to improve cybersecurity and reduce risks.
- CIS Elections Infrastructure Information Sharing and Analysis Center – This division of CIS brings together election officials and cybersecurity professionals to work to ensure the integrity of local, state and territorial elections.
How can people learn about and register for this new webinar?
The webinar is coming up on December 4 from 9 to 11:30 a.m. Folks can learn more and register on the CLA website.
