When Bad Things Happento Good Governments

First Second Third

Our Panel Members:

Cyber Security

BreachHackDDoS

MalwarePhishingMalwareSpywareRansom-ware

VirusesWormsBotnets

Information Security

Source: Center for Digital Government, Digital States, Counties, Cities, 2014.

Public IT Priorities

1. Cybersecurity2. Shared Services3. Cloud4. Mobility5. Staffing

1. Cybersecurity2. Staffing3. Shared Services4. Mobility5. Cost Control

1. Open Gov/Data2. Mobility3. Cybersecurity4. Staffing/Portal5. DR/ COOP

STATE CIOs COUNTY CIOs CITY CIOs

Elected & Appointed Officials

What they want in a network:

0% 20% 40% 60% 80% 100%

Redundancy

Ease of Maintenance

Availability

Security

Source: Center for Digital Government, 2015.

How Did We Get Here?

Sources: ABC | KRON TV | WCPO TV | WWLP TV | WOCH TV |WTNH TV | WH.gov

Ripped from the Headlines

Career-defining Breaches

The Rise of Hacking CrewsVikingdom2015: From Russia with Malice

Missouri Severely Tested

Michael Brown

August 9, 2014

Dateline: Ferguson

Flickr: Chuck Jines

Sources: Operation Ferguson/ Al Jazeera America

Global-Local Hacktivism

Meanwhile in the Capitol

Google Maps

War Room 24/7

colorofchange.org

Launch and Learn

Flickr: Steve Warren

The one unfinished part of the states cybersecurity program and plan when crisis hit:

DDoS

Dateline: Jefferson City

Flickr: Steve Warren

DAYS AS WORLDWIDE

Hacktivist Target: 123

Target: Governor Nixon

Flickr: Steve Warren

Target: Governor Nixon

colorofchange.org

The Grand Jury Decision

Scott Olson/ Getty Images

November 24, 2014

What Have We Learned?

Flickr: Steve Warren

1 Understand attacker motives and methods.2 Assess your network and infrastructure.3 Integrate ops centers (network & security). 4 Prioritize assets. 5 Develop a plan.6 Establish and exercise a war room.7 Engage partners early (public & private). 8 Monitor social media.9 Remain nimble and adaptable.10 Everyone has a role.

Slides available at www.govtech.com/events

(Past Events tab)

govtech.com/security

From the War Room

There is Something for Everyone to Do

To paraphrase a classic film title:

Dr. Strangelove: How I Learned to Stop Worrying and Love Cybersecurity

Cybersecurity = risk management. Incidents are inevitable. Prepare. Fund and support. Plan for PR.

Elected and Appointed Officials

What Have We Learned?The Little Red Breach Book

What Have We Learned?The Little Red Breach Book

Chief Information/ Technology Officers

Own the plan.Keep stakeholders informed. No

surprises. Champion a strong security

culture.

Identify best practices. Evaluate strategies, programs and

tools. Monitor critical systems and

infrastructure.

Chief Information Security Officers

What Have We Learned?The Little Red Breach Book

Take it seriously! Scrutinize the delivery systems. Rally agency resources.

Agency or Line of Business Managers

What Have We Learned?The Little Red Breach Book

Understand the importance of their own roles.

Train. See something, say something.Dont click on it.

Front Line Employees

What Have We Learned?The Little Red Breach Book

Adopt best practices. Adhere to requirements. Share timely information.

Service Delivery Partners PrivateNon Profit

What Have We Learned?The Little Red Breach Book

Encouraged through awareness campaigns to:

Do the basics. Stay alert for common tricks. Be a cybercrime-fighter.

General Public - Netizens

What Have We Learned?The Little Red Breach Book