When you buy through affiliate links in our content, we may earn a commission at no extra cost to you. Learn 
Ransomware, critical infrastructure attacks against utilities, and artificial intelligence-generated deepfakes are the top cybersecurity threats facing public sector organizations today, says Dan Lohrmann, field chief information security officer (CISO) at Presidio.
And the bad actors are further ahead of the good actors, says Lohrmann.
As such, the private and public sectors must work together to form effective policies and partnerships to combat the cyberattacks we’re facing, he says.
“And the government has to take a leadership role in that,” Lohrmann says. “To a large extent, that’s happening right now with the federal government and a lot of state governments, although in some cases, it’s not happening as much as it should.”
About Dan Lohrmann
Currently, Lohrmann is the field CISO for the public sector at Presidio, a global digital services and solutions provider, where he leads cybersecurity advisory services for public sector clients.
From May 2002 – August 2014, Lohrmann led the state of Michigan’s government’s cybersecurity and technology infrastructure teams, including as enterprise-wide chief security officer, chief technology officer, and chief information security officer.
Lohrmann is the co-author of “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing, and Recovering from Inevitable Business Disruptions.”
Techopedia sits down with Lohrmann to talk about how his work at the NSA has helped him in his career, the top threats currently facing public sector organizations, how he stays ahead of emerging cybersecurity threats, and more.
Key Takeaways
- Working at the NSA helped Dan Lohrmann develop a mindset around putting security first.
- Ransomware, critical infrastructure attacks against utilities, and AI-generated deepfakes are the top cybersecurity threats facing the public sector today.
- No matter how good the technology is, bad actors will continue to try to attack whatever we build.
- More international cooperation is needed to improve cybersecurity because the attacks are not going to stop.
NSA and Cybersecurity
Q: How did your experiences at the National Security Agency shape your approach to cybersecurity?
A: It was a great way to start a career. It kind of laid the foundation for my whole career, and it still helps me today. Everyone talks about building a culture of cybersecurity and building a culture of security and NSA does that, I think, the best in the world.
The training was amazing. When I started, they really took the long view – they had courses on the history of cryptography, and they talked about encryption and the history of codes and the intelligence community going back to World War II.
The NSA really helped me develop a mindset around putting security first.
Q: You’ve had a long and varied career in cybersecurity. What’s the most significant change you’ve witnessed in the field?
A: After I left the NSA in 1991, I went to Lockheed Martin for three years and ManTech International, a security firm in the UK, for four years. Then in 1997, I joined the state of Michigan government as chief security officer (CSO) for the department of management and budget.
And I remember the first day on the job, I was just shocked at the lack of security they had. It was the opposite of the security at the NSA and ManTech. When I [mentioned implementing cybersecurity measures], my colleagues used to mock me, saying, ‘We’re not the NSA, now, are we?’
So how did this change? Well, 9/11 hit and after 9/11 there was a dramatic change and people took security seriously.
And I became the first CISO in Michigan and we realized that we needed to invest heavily in cybersecurity. That was when the U.S. Department of Homeland Security was formed. We did a lot of work with the DHS and a lot of our focus was on cybersecurity after that. That’s where my NSA background helped a lot.
Cybersecurity and the Public Sector
Q: What are the top cybersecurity threats currently facing public sector organizations?
A: Ransomware clearly is top of the list. Ransomware just keeps hitting state, local, and federal government agencies. Also critical infrastructure attacks against utilities, including the electric grid.
And deepfakes with AI is a big threat now as they’re getting more sophisticated. Deloitte just put out a study talking about deepfakes and AI and fraud: In 2023, there was about $12.3 billion in online fraud and that’s expected to grow to $40 billion by 2027.
That’s largely because of AI.
So it’s a little bit scary when everyone talks about AI being the savior to save us, but Deloitte is saying AI is going to create more loss, more fraud.
I think that’s a huge issue for governments, whether that be driver’s licenses or all the things that the government does. The question is: is it fake or is it real?
Q: How do you approach risk management and incident response planning for public sector clients?
A: I always tell people that it depends on where they’re at in their journeys. If they haven’t had risk assessments in a long time, i.e., looking holistically at their entire operations, then they need to be doing that.
And maybe they haven’t had penetration tests or tabletop exercises in a long time. They need to do these things on a regular basis, at least annually.
I also look for their incident response plans and ask if they’ve tested them. I then grade people in those areas, determine the areas that need work, and I put together action plans to work through what those risk areas are.
Staying a Step Ahead
Q: How do you stay ahead of emerging cybersecurity threats and ensure your team is prepared to tackle them?
A: For me, personally, it’s reading like crazy. I write a blog for a technology magazine, and I’m very active online. I’m very passionate about cybersecurity and I enjoy interacting with people on LinkedIn and interacting with people at conferences.
I’m a lifelong learner and that’s really important. I also believe in the truism that you learn something better when you teach it. So I do a lot of conferences and public speaking. I get out and talk and interact with people.
Sometimes people disagree with me, and sometimes they agree with me. But through that engagement, you learn the industry really well. And I think I look for the same thing in my staff members. Are they passionate about their work? Are they lifelong learners? Are they going the extra mile?
Q: With the rapid advancement of technology, how do you evaluate and integrate new cybersecurity solutions into your company’s existing framework?
A: That’s a great question. I think constantly looking at what’s coming next has to be a big part of this. Everyone wants to talk about how generative AI and AI are rapidly changing the processes we use, the technology that we use.
So part of what I do is constantly looking at the future. I put together a report every December on the top security predictions and trends for the coming year. These aren’t just my trends, they’re trends from all the top vendors. I encourage security pros to read those reports. I summarize them, so you don’t necessarily have to read every report from every vendor.
So we look at the trends that multiple vendors are saying are coming, what technologies and processes are new and that you should pay attention to.
And then really thinking through how that applies to your organization because I’ve found that different companies are really good in some areas and maybe not as good in other areas.
So maybe they’re really good at identity management or maybe they’re really good with their network architectures.
But they haven’t thought as much about threats or they haven’t done as good a job thinking through people issues around their companies. So just really having a holistic approach to looking at your enterprise, your infrastructure, and also looking at what security trends are next on a regular basis. It has to be part of the way you do business each and every.
An Eye Toward the Future
Q: What role should government policy play in cybersecurity?
A: I think it’s vital. Going back to the hot topic of the day, AI and generative AI, we have to think about the ethical use of AI. An individual state, county, or local government might not have a lot of influence over Google, or Microsoft, or Amazon.
But if the private sector comes together and advocates for government policy, federal policy, that’s going to have a lot of impact because it’s going to have buying power.
And it’s also going to have influence because it brings together that public/private group that can talk to the top companies, such as OpenAI, to think about how they can effectively do things that are best for society.
I think having policies will improve cybersecurity; however, I still think the bad actors are ahead of the good actors. They’re working together against us. So we need to work together to have policies and partnerships that are going to be effective to combat the cyberattacks we’re facing.
The government has to take a leadership role in that. I think to a large extent, that’s happening right now with the federal government and a lot of state governments, although in some cases, it’s not happening as much as it should.
Q: What trends or developments do you foresee in the cybersecurity landscape over the next five to 10 years?
A: No matter how good the technology is, whether we’re talking robotics, artificial intelligence, autonomous vehicles, bad actors will continue to try to attack whatever we build.
So the importance of cybersecurity will continue to grow. It’s going to be part of every new technology. And quantum computing is going to be very big in cybersecurity as the battles continue. And I think you’re going to start seeing the need for more international cooperation to improve cybersecurity because the attacks are not going to stop.
References
- Deepfake banking and AI fraud risk | Deloitte Insights (Www2.deloitte)
