Posted: Feb 15, 2019

Team North Dakota’s cybersecurity experts stepped out of their comfort zones – and normal cybersecurity protection roles – the last week in January during a two-day hacking demonstration at the Capitol. The demonstration, which was open to the public, gave Lucas Pippenger, Ryan Kramer, Tony Aukland and Sean Wiese the opportunity to step behind the cybersecurity curtain to play the role of hackers, helping show members of the Legislature and other attendees common types of cyber attacks.

The two-day event provided an informal, hands-on opportunity for legislators, state employees and interested citizens to learn what the team is doing to protect the state – as well as how they can protect themselves.

Chief Information Security Officer Sean Wiese said, “We have an obligation to educate decisionmakers about the importance of cybersecurity not only for our state by explaining the evolving threat, safeguards and training we have in place, but also to help people understand specific things they can do to protect themselves and their families.”

The team demonstrated several real-world examples of common types of cyber-attacks, including a phishing example. Phishing and spear fishing involve bad actors sending links designed to look legitimate to entice users to click, resulting in potential loss of personal information or even malicious software taking over their device.

Another demonstration showed attendees the dangers of using public Wi-Fi, and the need to protect against illicit access when using unsecured Wi-Fi in public places like hotel lobbies or coffee shops.

“We see the threats against our state every day, and we know that in an increasingly connected world, our devices and our identity are constantly under attack,” said Tony Aukland. “This event builds on the outreach we do nationally as well as locally to help stakeholders from policy makers to school-age children understand how to guard against identity theft and other cyber threats.”

CIO Shawn Riley also had a hands-on role at the event, sharing information with attendees as well as conducting media interviews with local television stations. Gov. Doug Burgum and Lt. Gov. Brent Sanford also stopped by.

“It’s one thing to explain the importance of cybersecurity as a state for North Dakota, but it’s another thing entirely to show people how simple some of the cyber threats are and how easy it is to be a target,” said Riley. “This kind of event allows us to have meaningful conversations with people who can subsequently make more informed decisions to protect themselves and our state.”

A real-time ‘threat map’ showing the geographic location for cyber-attacks directed at the state was shown, as well as a live view of actual attacks being launched in real time against the state datacenter.   The State of North Dakota gets approximately 5.7 million attacks per month.  ND faces threats because of the unique nature of the state network supporting 252,000 daily users – equivalent to a Fortune 30 company – as well as the high-profile nature of our military footprint and leadership role in the energy and agriculture sectors. 

The event also highlighted a number of infographics and outreach materials, including a “Top 10 Tips” handout that can also be found here.

The North Dakota Senate unanimously passed SB 2110 Thursday, Feb. 7, that seeks a uniform approach to cybersecurity for public entities. The bill gives ITD the authority to advise and oversee cybersecurity strategy for all executive state agencies, cities, counties, school districts, higher education institutions "or other political subdivisions." The bill, as amended, also would have ITD consult with the attorney general. In addition, ITD may coordinate with the legislative and judicial branches as to their cybersecurity. The bill will now go to the House for consideration.