Gov. Rick Snyder, the self-proclaimed “one tough nerd,” came to the University on Thursday to speak on a topic he says nerds know best: cyber security.
“First of all, I am proud to say I am a nerd,” Snyder said. “One subset of that is being a techie. Technology is something that’s critically important, that’s transforming our lives, and it’s not going to go back, it’s only going to continue to advance.”
Snyder spoke at the 11th annual Security at the University of Michigan IT conference at the University, hosted by University Information and Technology Services. The conference focused on cyber security this year in honor of October’s status as National Cyber Security Awareness Month.
“For everything we do to say we’re advancing information technology taking it to the next level, I think it’s equally important that there’s a corresponding effort to encourage better cyber security,” Snyder said.
University President Mark Schlissel introduced Snyder, and recognized the governor’s high value on education. Snyder recieved his B.A., MBA and J.D. from the University as well as a honorary degree.
“He’s persistent. It doesn’t matter what the climate is, he’s going to work to achieve goals he has for the citizens of this state and I’ve learned from this,” Schlissel said. “Finally, I’ll always be impressed with how he gets away with going to public events without wearing a necktie.”
Though Snyder noted that the crowd of roughly 150 attendees probably shared his views on the necessity of increasing cyber security, he said it was a big issue in the state of Michigan and around the world.
“In the state of Michigan alone, we’ve seen a huge escalation in the number of times we’re attacked,” he said. “One, I think there are more attacks, but secondly I think we’re better at recognizing we’re attacked. I think in many cases we were probably being attacked and we didn’t even know it.”
Currently the state of Michigan’s government experiences about 2.5 million cyber attacks every day, according to Snyder. He said if a cyber attack occurs, people are at risk of losing both confidential information and their reputation.
Citing his own personal experience with identity theft, he asked attendees to raise their hands if they, too, had been affected, with a majority of people in the crowd acknowledging they had.
“What do you do about (cyber threats)?” he said. “Well, you have to be proactive, and I’m proud to say at the state of Michigan I think we’re a leader in this country.”
He said Michigan has a competitive advantage compared to other regions because of the state’s public universities and colleges, as well as their ability to collaborate with one another.
“In terms of advantages, we’re sitting upon one of the greatest advantages in the world: the University of Michigan,” Snyder said.
Along with Snyder’s remarks, several experts on cyber security spoke throughout the day, discussing issues faced by many institutions, such as universities .
During a panel discussion in the afternoon, Jen Miller-Osborn, cyber threat intelligence analyst for Palo Alto Networks, said the education sector is the third most victimized sector in the country for cyber attacks for both student data and research.
“From a nation-state perspective, universities are also a really big target,” Miller-Osborn said. “They target college students and professors, too, and it makes perfect sense: You’re working in a research institution.”
Miller-Osborn said previously in her career, she would receive e-mails with resumes and requests for internships that contained hidden viruses.
Randy Hegarty, enterprise security IT manager in Pennsylvania State University’s information security office, cited his own experience dealing with a network breach during the panel.
Last year, the FBI notified Penn State’s College of Engineering that information had been compromised since 2012.
“Earlier, someone called it an unprecedented threat with an unprecedented response,” Hegarty said. “Basically, that’s where our institution took this because it was a deep concern.”
Tom Winterhalter, supervisor of the FBI Detroit Division’s Cyber Squad, said universities and individuals can prevent threats by building up the security of their network through measures such as making complex passwords.
“So many students use very simple passwords,” Winterhalter said. “At one university, which I will not name, many people still had their passwords still set at ‘123456.’ ”
In his speech, Snyder urged attendees to take action on the issue, citing as one example the Civilian Cyber Corps, a new organization composed of citizens willing to collaborate with one another if Michigan were to experience a broad attack. Snyder said he foresees the organization as a precursor to a long-term solution which he hopes will eventually be a specialty team within the National Guard.
“How do you deal with the issue after it’s already happened? How do you hit restore? How do you get back up? It’s an area (in which) I think we’re woefully inadequate,” Snyder said. “I don’t think most organizations are really fully prepared to respond if they have a huge attack happen to them. The smaller ones we can manage, but if we had a big one or we had one that affected sectors of our economy or something, we are not prepared for that one.”