By Dave Weinstein | Director of Cybersecurity, NJOHSP
2015 has been quite a year for New Jersey's cybersecurity. As it comes to an end, it's worth noting a few highlights from the last year and foreshadowing what lies ahead in the new year.
The State's primary cybersecurity highlight of 2015 was the establishment of the New Jersey Cybersecurity and Communications Integration Cell, or NJCCIC. On May 20th, Governor Christie chartered the Nation's first information sharing and analysis organization at the state level by signing Executive Order 178. Since then, the NJCCIC's membership has soared with representation from industry, government, and private citizens. I have always preached that the success of the NJCCIC depends on the diversity of our membership, and we've made great strides over the last six months to ensure that our membership mirrors the unique composition of the Garden State's public and private sectors. In this respect, our partnerships with the New Jersey Business and Industry Association and regional Chambers of Commerce have fostered new information sharing channels that heretofore didn't exist. These new communication pathways elevate the barriers to entry for criminals who seek to exploit cyberspace's inherently open architecture for a financial, political, or ideological motive. In the new year, the NJCCIC will further institutionalize these information sharing relationships. Manually-intensive processes will give way to automated, machine-to-machine information sharing to facilitate New Jerseyans' real-time situational awareness of cyber threats.
The NJCCIC also symbolizes the State's risk-based and intelligence driven approach to cybersecurity. In 2015, New Jersey was the first state to bring together highly technical engineers with non-technical analysts to monitor the State's cyber risk on a daily basis. This multidisciplinary posture resulted in more efficient incident response, comprehensive threat analysis, and highly vetted intelligence sharing. In 2016, we will expand this same thinking to New Jersey's other cybersecurity priorities, to include supplementing physical risk assessments of New Jersey's critical infrastructure with cyber risk assessments.
Among other things, 2015 has taught us that cybersecurity is hardly just a technology problem, and the growing interdependencies between people, data, networks, and physical infrastructure demands a holistic risk management strategy. As the Internet of Things rapidly expands, 2016 will usher in a plethora of new software vulnerabilities and even more digital attack surfaces for malicious hackers to exploit. In the new year, we resolve to empower our citizens, governments, and businesses to mitigate these emerging risks and preserve New Jersey's cyberspace as a trusted venue for commerce, governance, education, communication, and privacy.
Happy New Year!