![Page 1: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/1.jpg)
0
Briefing on Cyber SecurityAdministration CommitteeApril 28, 2020
Julius SmithVice President, Chief Information Officer
![Page 2: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/2.jpg)
1
Cyber Security Overview
• Introduction
• The Threat Landscape
• DART Cyber Security Program
• Defensive Steps
![Page 3: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/3.jpg)
2
Digital DART
Cloud
End Users
ITS/IVC
Network Infrastructure
Applications/Databases
Headquarters
The
Big
Pic
ture
![Page 4: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/4.jpg)
The Threat Landscape
FBI Cybercrime Stats
High Profile Breaches
COVID-19 Impact
![Page 5: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/5.jpg)
4
FBI Crime Complaint Center 2019 Statistics
IC3 = Internet Crime Complaint Center
1
2
3
4
![Page 6: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/6.jpg)
5
Threat Landscape & Recent Cyber Security Attacks
Source: https://www.identityforce.com/blog/2020-data-breaches
High profile breaches January 2020 to April 2020
![Page 7: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/7.jpg)
6
COVID-19 Exploited by Malicious Cyber Actors
The COVID-19 pandemic is changing everyday life for workers across the globe. We continue to see attackers take advantage of the coronavirus situation to lure unsuspecting users into various pitfalls such as phishing, fraud, and disinformation campaigns.
• Phishing, using the subject of coronavirus or COVID-19 as a lure
• Malware distribution, using coronavirus- or COVID-19- themed lures
• Registration of new domain names containing wording related to coronavirus or COVID-19
• Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.
![Page 8: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/8.jpg)
7
Account Hijacking on the RiseAccount hijacking is prevalent and fast-growing affecting organizations’ user accounts and application access as well as individual users personal accounts and identity.
• Hijacking by Phishing deceives users into providing their user-names, passwords, and account numbers via deceptive e-mails, fake Web sites, or both
• Hijacking with Spyware works by inserting malicious software, often referred to as “spyware,” on a person’s computer
• Most organizations haven’t implemented Multi-Factor Authentication to mitigate account hijacking risks
![Page 9: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/9.jpg)
8
COVID-19 Remote Work• Ensure meetings are private, either by requiring a password for entry or controlling guest access
from a waiting room
• Do not share a link to a teleconference
• Consider security requirements when selecting vendors
• Ensure VTC software is up to date
• Employees should continue to be wary of unsolicited emails they receive that contain attachments or embedded links relating to the pandemic
• Using secure Virtual Private Network (VPN) connections with multi-factor authentication structures
• We have worked to safeguard the remote workforce to share data securely
• Launched updated Cyber Security Awareness Training
![Page 10: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/10.jpg)
9
DART Cyber Security Program
Principles
Security Strategy
Risks Domains
![Page 11: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/11.jpg)
10
Principles
“DART approaches cyber security as an enterprise-wide risk management issue, not just an IT issue.”1
“We understand the legal implications of cyber risk as they apply to the Agency’s specific circumstances.”2
“DART leadership sets adequate access to cyber security expertise, and discussions about cyber risk management on the cyber security governance council meeting agenda.”3
“DART leadership sets the expectation that management will establish an enterprise-wide cyber-risk management framework.”4
“Cyber risks discussions will include identification of which risks to avoid, which to accept, and which to mitigate or transfer through insurance, as well as specific plans associated with each approach.”5
![Page 12: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/12.jpg)
11
Security Strategy Considerations
BUSINESS PLAN
THREATS REVIEW
GOVERNANCE
VISION STATEMENT
GAP ANALISYS
PRIORIZATION
DEPARTMENTS TECH
STRATEGY
COOP & BUSINESS
CONTINUITY
ECOSYSTEM MONITORING
National Institute of Standards and Technology Cyber Security Framework
![Page 13: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/13.jpg)
12
Data, Technology, and Physical Security Risks Domains
Information Technology
Security
Operational Technology
Security
Health, Safety, Environmental
Product/Service Management
Security
Supply Chain Security
Head of Info/Network
Security
Data Security
![Page 14: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/14.jpg)
13
Defensive steps
Our People
Security Response
Security Updates
![Page 15: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/15.jpg)
14
First line of defense our people..• Deployed the updated 2020 DART
Computer-Based Cyber Security Training
• Bus and Rail Operators Cyber Security Training
• Cyber Security Campaigns
• InfoStation Communications
• Email on Threat Landscape
• Password complexity and new password portal
• Multi-Factor Authentication
• Identity Management
• Physical Security
![Page 16: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/16.jpg)
15
Security Response
Classification ResponseEVENTAn event is an observed change to the normal behavior of a system, environment, process, workflow or person. Examples: router access control lists (ACLs) were updated, firewall policy was pushed.ALERTAn alert is a notification that a particular event (or series of events) has occurred, which is sent to responsible parties for the purpose of spawning action. Examples: the events above sent to on-call personnel.INCIDENTAn incident is an event that negatively affects the confidentiality, integrity, and/or availability (CIA) at an organization in a way that impacts the business. Examples: attacker posts company credentials online, attacker steals customer credit card database, worm spreads through network.
Through security tools and automated correlation engines the security events were reduced to
actionable and addressed 2,049 alerts
Managed Security Service Provider (MSSP) Level 1 Security operations Center (SOC)
mitigated 1415 of the alerts
634 alerts were escalated from MSSP to DART Level 2 & 3 SOC
For the first quarter of 2020, DART observed 7,977,813 security events
SECURITY OPERATIONS
![Page 17: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/17.jpg)
16
Security Updates
VENDOR MANAGEMENT & RISKS REVIEWS-Vendor management audit completed. Updating processes and procedures.
PAYMENT CARD INDUSTRY DATA SECURITY AUDIT -Completed Recertification March 2020
-Awarded Report of Compliance (ROC)
-Awarded Attestation of Compliance (AOC)
CYBER & DATA GOVERNANCE-Focused on policy, standards, and governance execution
APPLICATIONS & ARCHITECTURE -Routine applications, operating systems, and hardware updates
-Patch Management
-Multi-factor Authentication
- Multiple Virtual Private Network (VPN) Solutions
01
02
03
04
![Page 18: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/18.jpg)
17
Designing Secure Solutions
Security-led projects to enhance and/or implement new safeguards
Review of software applications and security architecture of other departmental and inter-departmental projects
Review of virtual conference rooms, new cloud applications and providers through vendor security management process
Technology Network Security Operations section is involved in multiple “secure-by-design” architecture initiatives.
Multi-factor authentication (MFA) method in which a computer user is granted access only after successfully presenting two or more pieces of evidence
![Page 19: Briefing on Cyber Security - DART.org · 0 Briefing on Cyber Security Administration Committee. April 28, 2020. Julius Smith. Vice President, Chief Information Officer](https://reader034.vdocuments.site/reader034/viewer/2022042400/5f0ebac67e708231d440a7a5/html5/thumbnails/19.jpg)
18
Thank you