Have feedback about what you would like to see in the next Symposium? We'd love to hear from you! Submit your suggestions using the following survey link DOT Cybersecurity Symposium Survey, or email us using the following email link DOTCyberTraining@dot.gov.
ABOUT THE 2023 SYMPOSIUM
Another Successful
DOT Cybersecurity Symposium
October 2023
As part of Cybersecurity Awareness Month and to help “Secure Our World,” the Department of Transportation (DOT) hosted the eighth annual
DOT Cybersecurity Symposium.
A Look Back at the Event
The 2023 Cybersecurity Symposium ran the full month of October, concluding on October 25, 2023. Hosted events included keynotes and speaker presentations from multiple DOT and federal agency leaders, as well as presentations from members of industry, including Scott Belcher from the Mineta Institute. Each session provided participants with opportunities for learning, meaningful dialogue, and collaboration.​
Week 1
DOT kicked off week one with speeches from keynote speakers Schachter and DeRusha, both of whom stressed the importance of cybersecurity in transportation and provided insights into the future of our Nation’s cybersecurity.
​
“At one time, the e-crime and activist adversaries were the most prevalent and well-known, and ransomware was the well-known method of attack,” said Schachter. “But currently, nation states are targeting identities to infiltrate networks and its systems, particularly the federal government’s IT [information technology] and those even belonging to civilian agencies.”
​
Additionally, DeRusha highlighted the Cybersecurity Symposium’s role in facilitating meaningful conversation between the cyber workforce within DOT, Modal communities, and the Federal Aviation Administration (FAA).
​
“We got to modernize what we’re talking about this month and use the opportunity, I think, in a different way,” said DeRusha. “To have meaningful dialogue and conversation around what are we are up against, what does it mean … and what do we need to do about it now to be prepared for that, and that’s a lot of what we’re focused on in my office.”
​
These morning keynotes were followed by speaker sessions and education seminars hosted by subject matter experts (SMEs) from the federal government and cybersecurity industry. Sessions were broken up into three different learning tracks: Cyber Essentials, Cyber Leadership, and Cyber Awareness. Cloud implementation, enterprise lumberjack and logging, and Air Traffic Organization’s (ATO) Zero Trust policy were some of the topics covered.
Week 2
Week two’s Symposium event occurred on October 11. These sessions highlighted current cybersecurity topics such as cloud security, cyber vulnerabilities, and artificial intelligence.
​
Karyn Gorman from DOT held an informative session on “Breach Assessment Response Team (BART) Incident Response”, focusing on the individuals on the team who have specific roles and responsivities designated by the head of the agency that respond to a breach.
Additional speaker sessions and educational seminars aimed to broaden attendees’ horizons. These were led by experts from various federal government and cybersecurity industry sectors, including DOJ, GSA, and DOT. Supply chain risk, cyber analytics, and modernizing security operations were among the additional topics covered.
Week 3
The third week’s session was held on October 18 and emphasized cyber-crimes, insider threats, and cybersecurity law and integrity.
Ashlea Loftus from the Federal Bureau of Investigation (FBI) held an educational seminar on “FBI Cyber Crimes,” with an emphasis on who DOT’s adversaries are. Additional topics discussed were the cyber-crime ecosystem’s business model, crime-as-a-service, and the level of engagement necessary when dealing with cyber crimes.
Further sessions and educational seminars were hosted by SMEs from multiple federal government and cybersecurity industry sectors, including DOT, Department of Education (DOE), FBI, and the Electronic Frontier Foundation (EFF).
Week 4
The Cybersecurity Symposium’s final event occurred October 25 and focused on cybersecurity awareness, insider threats, and cyber threats to the transportation sector.
​
Christopher Erickson, Department of Education branch chief for cyber operations, spoke on “insider threats,” drawing attention to insider identification, threat actor motivators, detection, and mitigation.
​
“The motivations [of an insider] are as varied as the threats themselves,” explained Erickson. “Money, power, ideology, fame … or maybe they just think it’s funny. The motivations for why threat actors do what they do are wildly different, but the motivations are usually the same within a given group … From the 2022 Verizon Data Breach Report, the majority of attacks were for financial gain. We see similar attacks at the Department of Education, threat actors are after profit, but insider threats are typically acting on their own feelings towards the organization.”
​
Follow-up speakers and educational seminars were led by SMEs from multiple federal government and cybersecurity industry sectors, including DOT, ED, FBI, and the National Institute of Standards and Technology (NIST).
ABOUT THE 2022 SYMPOSIUM
In recognition of
Cybersecurity Awareness Month
and to help you
“See Yourself in Cyber,”
The Department of Transportation (DOT) hosted the seventh annual DOT Cybersecurity Symposium. A record-breaking 1,137 people registered for this year’s event, which concluded with on-site keynote addresses from
U.S. Secretary of Transportation Pete Buttigieg and National Cyber Director Chris Inglis.
A Look Back at the Event
The 2022 symposium began the second week of October and continued through the first week of November. The event included informative keynote presentations and engaging speaker presentations from the U.S. Secretary of Transportation Pete Buttigieg, leaders across DOT, and other federal agencies, as well as presentations from members of industry. Each session provided participants with opportunities for learning, meaningful dialogue, and collaboration.
Office of the Chief Information Officer (OCIO) leadership, including Chief Information Officer Cordell Schachter, Deputy Chief Information Officer Jack Albright, Chief Information Security Officer (CISO) Jay Ribeiro, and Associate Chief Information Officer for Strategic Portfolio Management Andrew Orndorff, kicked off the symposium. FBI Deputy Assistant Director David Scott and FAA Acting Administrator Billy Nolen provided insightful information on the current cybersecurity environment. The first-week speaker series featured topics such as contingency planning, transit industry cyber risk, cybersecurity training and awareness, federal privacy management, unclassified information control, and staying safe online.
Federal Chief Information System Officer Chris DeRusha in the Office of Management and Budget and Senior Advisor for Technology and Innovation​ Lauren Boas Hayes from DHS’s Cybersecurity & Infrastructure Security Agency (CISA) presented the week two keynote addresses. Speaker presentations addressed phishing threats, privacy, ransomware, Azure Directory and MFA support, federal records management, NAS Cybersecurity and Resiliency, and Aviation Cyber Initiative (ACI) GPS Initiatives.
DOT CISO Jay Ribeiro provided a great keynote to launch week three of the symposium. Immediately following CISO Jay Ribeiro, Michael Shivik, Director of Cybersecurity​ from DOT Cybersecurity Operations, addressed participants with a cyber threat and mission risk report. Week three’s speaker series topics included information on enterprise portfolio management, security operations center (SOC) cyber range capability, MFA login.gov, zero trust, cyber workforce, DOT CDM, and trusted internet connection.
The final week of the symposium provided an opportunity for onsite participation. From DOT’s West Atrium, attendees heard directly from U.S. Secretary of Transportation Pete Buttigieg and National Cyber Director Chris Inglis as they provided remarks on the future of our Nation’s cybersecurity and discussed the importance of cybersecurity in transportation. Following the keynote sessions, the symposium’s speaker series continued with topics such as testing system security controls, CSAM Rev 5 Management, protecting data in the cloud, advanced persistent threats, NICE Coordinating Council Status, and application modernization.