The annual Cybersecurity Leadership and Innovation Awards program, underwritten by McAfee, recognizes the cybersecurity-related contributions of state and local government, education and healthcare organizations and leaders. Winners are evaluated on creativity and leadership, the utilization of technology to achieve results, and the impact of those efforts on state and local government, education and healthcare organizations.
"Cybersecurity threats are on the rise, and as stewards of some of the public's most important and sensitive data, it's more critical than ever that we recognize the government, education and healthcare organizations that are raising the bar when it comes to the best ways to protect that information," said Teri Takai, executive director of the Center for Digital Government. "The winners have demonstrated commitment and dedication to ensure government, education and healthcare systems are available, reliable and trustworthy. Congratulations to all!"
Awards were announced in the following categories: state, county, city, education and leadership. Top honors were awarded to entrants who have developed effective programs to safeguard systems and data.
The 2017 Cybersecurity Leadership and Innovation Award Winners include:
State Government Category:State of Arizona - Security Program The state of Arizona information security office standardized 13 security controls over 35 agencies in six months -- in a federated state with no mandate requiring the agencies to adopt the controls. The contracts negotiated also allow local governments and non-profits the opportunity to purchase security controls at the same price as the state.
County Government Category:Oakland County, Michigan - Information Security Program The Information Security Program has delivered projects in governance, formalized program documentation, technical solutions, incident response, asset management, data management and improved patching process time (from three weeks to one week). The program created a dedicated team for monitoring and response, does outreach to local businesses and offers the CySafe self-assessment template and advisory assistance to all U.S. counties.
City Government Category: Denver's cybersecurity program focused on election integrity. Working collaboratively with the Colorado Secretary of State and the Division of Homeland Security, the city hardened its networks and utilized other tools for the pre-election validation of equipment and day-of monitoring.
Education Category:Houston Independent School District - Privacy, Safety & Security This innovative approach improved security in free educational applications that had few cyber security controls or student data protection. Houston Independent School District employees read every privacy policy and terms of service agreement for the most popular applications and developed a rating system to set standards -- then sent the standards to developers, which forced changes to software products.
Leadership/Innovators - Healthcare Category: Damian Chung, Sr. Director, Cybersecurity Engineering, Dignity Health Damian Chung is responsible for cybersecurity engineering and architecture at Dignity Health. In addition to working on secure cloud solutions for healthcare for the past eight years, he promotes and provides mentorship and motivational guest speaking for Year Up, a non-profit organization that teaches and provides internships for economically challenged young adults interested in technology and cybersecurity.
Leadership/Innovators - Healthcare Category:Ron Cherry, Chief Information Security Officer,Mercy Health Partners In two years, Ron Cherry has grown the cyber security program from two to 10 employees, deployed technology and developed a cyber security strategy and plan fully supported by his CIO. Cherry also obtained the necessary funding and management support to build a secure, stable environment.
Leadership/Innovators - City Government Category:Timothy Lee, Chief Information Security Officer,City of Los Angeles Tim Lee was instrumental in the building of the $1.8 million Integrated Security Operations Center (ISOC), which coordinates across 40 city departments. The ISOC provides real-time situational awareness through the Threat Intelligence Portal that coordinates among city departments; the Multi-State Information Sharing and Analysis Center; the FBI; and the U.S. Secret Service. Tim also chairs the governance body, the Cyber Intrusion Command Center.
Leadership/Innovators - City Government Category:John MacMichael, Chief Information Security Officer, City of Washington, D.C., Office of the Chief Technology Officer John MacMichael, the district's first CISO, led the development and execution of a Security Operations Center; a Governance, Risk and Compliance Division; and a Security Engineering division. John aligned his efforts and priorities to the Center for Information Security's Top 20 controls. Showing leadership and tenacity, he implemented these in his first 12 months.
Leadership/Innovators - County Government Category:Christopher Burrows, Chief Information Security Officer, Oakland County, Michigan Chris Burrows helped create a "CISO-as-a-Service" product to support small governments that do not have the staff or resources to fund a full-time CISO. The objective is to build a CISO Service that all local governments can leverage to assess and improve their risk at a reasonable price.
Leadership/Innovators - State Government CategoryRussell Walker, Chief Technology Officer, Mississippi Secretary of State Russell Walker achieved significant improvements in security in a decentralized state. His dedication resulted in locating weaknesses, mitigating security holes, modernizing equipment, updating network policies and educating users on cyber risks while teaching best practices.
Leadership/Innovators - Education Category: Paul Yoder, Information Security Specialist, El Camino Community College District Paul Yoder is an example of how one person can make a difference. In a community college district where a dedicated cybersecurity specialist is rare (75 percent of community colleges have no dedicated cybersecurity staff and 60 percent have no security awareness program), Yoder gained the support of management and made cyber security a number one priority.
Special Award: Innovation: JEA Bulk Electric System JEA implemented an innovative mitigation strategy for their Energy Management System shut-off safety capability. In case of an attack, the shut-off capability will block JEA's system from any external attempts to operate the switches and other devices on the Grid -- but still allows the Grid to operate under emergency internal controls.
Special Award: Innovation: El Mirage redesigned its city network to make security a priority. Despite a limited budget, the city implemented a secure Supervisory Control and Data Acquisition (SCADA) network to protect the systems that operate the city's water treatment plant. The city also made free, secure wireless networks available at city campuses and public parks.
The Cybersecurity Leadership and Innovation Awards will be presented at the MPOWER Cybersecurity Summit 2017 in Las Vegas next week.
About the Center for Digital Government The Center for Digital Government is a national research and advisory institute focused on technology policy and best practices in state and local government. The Center is a division of e.Republic, the nation's only media and research company focused exclusively on state and local government and education.
