Cyber Security Summits: Have One

Everybody seems to be convening cyber summits. Governments from New York to California, organizations from InfraGard to SANS to EDUCAUSE, more and more states and even private businesses are holding various types of cyber security summits. Why? Do they work? Should you add it to your 2008 (or perhaps 2009) agenda? We did in Michigan. Here’s why.

 First, some history. Growing up in Baltimore, I remember several very important presidential meetings regularly being held at Camp David (north of Frederick, Maryland, for those who aren’t from the East Coast.)  Although our President would entertain various foreign dignitaries from somewhere a few times a month, occasionally, there would be a really important meeting called a summit. You know, like Reagan meeting with Gorbachev in Reykjavik, Iceland.

Bottom line, the word “summit” was reserved for that rare, one-off, spectacular, moment in time in which the whole world watched.  

Not anymore. If you Google “government summit”  now, you’ll get over 5 million results. Not to be outdone, our industry has joined the party, a Google search of “cyber security summit” recently yielded 168,000 results.

In government and even in the wider IT industry, there now seems to be about a summit a week. Education Summits, Health Technology Summits, even Data Warehouse Summits. Of course, there is the annual Gartner IT Security Summit that is always good, but now we are even seeing state-specific or city-specific cyber summits.

For examples of what I’m talking about, you can visit the Cyber Safe California Summit 2008. (which is this week) or the website for the Rochester Security Summit  that was held last year.

My reaction to this “new summit normal” had (until recently) been to laugh at the trend. (Please understand, I wasn’t mocking the events, only the name summit.)  These were excellent conferences, but I wondered: why call them summits? 

There are so many cyber security conferences, IT conferences and vendor-specific conferences and events that I believed another state-specific summit didn’t seem to make sense.

Well I’ve changed my mind. Yes, a few friends and colleagues have persuaded me to join the summit parade. Why?   

 For one, our Michigan Cyber Security Summit in June will be in Lansing – where our Michigan Government is. We will be able to bring together all parts of our State’s public sector, including K-12 education, community colleges, universities, local and state government, even some federal government leaders.

 Second, we will be able to offer a low cost local event for a wider state audience that generally doesn’t care much about cyber security conferences. This summit will be for government managers and agency leaders to focus for a day on cyber security.

Third, and most important, we can shine the media and PR light on the important cyber security business issues we face. It provides training and cultural change for an essential topic in ways that security conferences in San Francisco or even Detroit generally provide to security professionals.  

Don’t get me wrong, RSA and SecureWorld events are important and helpful. They are just for a different audience.

So Michigan will join the list of states that will hold a Cyber Security Summit this year. Perhaps your state, or city, or government agency, or business should hold one as well.       

If you’re bothered by the name – call yours whatever you want.