Spotlight

NC State University collaboration promotes cybersecurity awareness

American businesses face ongoing cyber threats from countries like China, Russia, and North Korea, aiming to steal vital data or demand ransom payments. Laura Rodgers, Director of Cybersecurity Practice at North Carolina State University, partners with the North Carolina Military Business Center (NCMBC) to offer cybersecurity education and resources, helping defense contractors understand and meet federal regulations. While diligence is important year round, October is Cybersecurity Awareness Month and is a great time to talk about recent innovations.
Posted 2023-10-17T18:16:24Z  - Updated 2023-11-07T15:27:12Z
By 
Don Vaughan

American businesses face daily threats from cyber terrorists in countries like China, Russia, and North Korea. These attackers aim to steal crucial information or hold it hostage for ransom, often demanding payment through cryptocurrency. Unfortunately, many businesses can't recover from the damage and are forced to shut down.

Cybersecurity is critical to companies that operate with the United States government or the Department of Defense. If a company looking to provide goods or services at the federal level doesn't have sufficiently robust cybersecurity in place to protect itself from international hackers, it may find itself out in the cold.

Laura Rodgers, director of cybersecurity practice, at North Carolina State University in Raleigh, is here to help. Working in cooperation with the North Carolina Military Business Center (NCMBC), Rodgers provides information and classes designed to help North Carolina businesses, and those out of state looking to partner with them, understand and work through the complicated process of cybersecurity certification and application.

When Rodgers was with the NCMBC, before her job with NC State, she realized cybersecurity requirements for working with the DoD were highly complicated, perhaps too complicated for many small businesses to understand and follow. She talked with NCMBC Executive Director Scott Dorney, who authorized her to develop a cybersecurity training program. "I did a lot of webinars and started a free course for defense contractors in North Carolina," Rodgers says. "I also developed an Excel workbook for defense contractors that is available through the NCMBC website."

The goal, Rodgers says, is for all entities to work together in the name of national security. "Otherwise," she observes, "we're not going to make it as a country."

Anyone who is a federal contractor or in a federal contracting NC business supply chain can take advantage of the resources offered through the NCMBC, including the cybersecurity resources developed by Rodgers, a former defense contractor with decades of experience.

"I come in once a business needs help getting a cybersecurity program put into place that is not only secure but compliant with all the federal regulations," Rodgers explains. "A company might reach out to the NCMBC because they don't know where to start with a cybersecurity program. I talk to them about the kind of data they process on behalf of the Defense Department or other federal agencies and that determines the direction we need to go, depending on the sensitivity of the data."

Controlled unclassified information, although not classified, is still easily accessible and a growing concern, according to Rodgers. "There are a lot of new regulations to protect that level of information, and I talk to l defense contractors about the kind of data they handle and point them toward available resources."

One of the most effective resources is the cybersecurity regulations and implementation class Rodgers developed. The class meets weekly and takes about a year to complete. Some businesses find the process and rules overwhelming and decide to hire a paid consultant instead. "I tell those companies if they take my course, it will save them around $30,000 in consulting fees," Rodgers says. "However, there is still a lot they must do. I can guide them, but I can't do the work for them."

Rodgers spreads the word about her class, her workbook, and other essential resources in a variety of ways. Prominent among them is a yearly symposium specific to cybersecurity which attracts cybersecurity providers, companies in need of cybersecurity, and others. "Around 300 people registered for this year's symposium," Rodgers says. "We're hoping to see 400 at next year's symposium, to be held February 22-23, 2024 at The McKimmon Center in Raleigh. It's meant to have something for everyone."

Rodgers has also established a LinkedIn group called Secure North Carolina, which provides cybersecurity information and resources to individuals and industry. "Cybersecurity changes at a rapid pace, so it can be difficult to keep up," she notes. "Part of my job is to make sure all of that information gets out to those who need it." If you’re interested in cybersecurity in North Carolina, please join our LinkedIn group.

Also involved in cybersecurity outreach to potential and established defense contractors is the North Carolina Partnership for Cybersecurity Excellence (NC-PACE), a coalition of education, government, and industry organizations working together to strengthen and advance the state's cybersecurity ecosystem. "We're working to pump people into that ecosystem and get them jobs, but we're also working on cybersecurity research," Rodgers notes. "Three of the entities in our coalition – NC State University, UNC Wilmington, and UNC Charlotte – hold an annual symposium, so we're reaching thousands of people."

In addition, UNC Wilmington is involved in Cybersecurity Maturity Model Certification (CMMC) outreach, which Rodgers assists with. CMMC compliance is required of any company interested in doing business with the Department of Defense and enhances cyber protection standards for companies.

"The end goal," Rodgers says, "is to position North Carolina as a national leader in cybersecurity. We believe we have all the assets we need, including educational institutions, the workforce, the researchers, and the technology. We're building the ecosystem to support that vision."

Rodgers faces several challenges in her quest to educate North Carolina companies about the need for cybersecurity, no matter how small a business, and the need for cybersecurity compliance for those looking to work with the Department of Defense or the federal government. "One of the biggest problems is that cybersecurity is very abstract," she notes. "Most of us don't have the technical acumen to understand how hackers can access our computers, and when we don't understand something, we tend to ignore it. One of the hardest parts, even with defense contractors, is making them realize a breach can happen to them and the cost of protecting themselves. It's a hard sell."