homeland security cyber strategies & resources for resiliency spring directors conference 2013...
TRANSCRIPT
Homeland Security
Cyber Strategies & Resources for Resiliency
Spring Directors Conference 2013
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
Richard C. BaronExecutive Director
Ohio Homeland SecurityHomeland Security Advisor to Ohio
What Does Cyber Threat Mean
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
Risk = Threat X Vulnerability X Consequence
Vulnerability= What is the vulnerability
Consequence = What is the consequence
Threat = What is the threat
Risk = What is at risk
Cyber Space
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
.com/.net/.org
.mobi/….
Public/Corpoate
Domain
.mil
Military
Domain
.gov/.usGovernmental Domain
Cyber Environment
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
Cyberspace is where the Nation stores its treasure (intellectual property) and its wealth (money)
Benefits:
• National security
• Economic competiveness
• Public safety
• Civil liberties & privacy
Information Layer
Physical Infrastructure
Geographic Layer
People
Cyber Identity
Source U.S Cyber Command
Changing Environment
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
Source U.S Cyber Command
• Unprecedented rate of change - Consumerization of IT technology
• Mobile Computing• Rapidly expanding environment with companies not focused on
the threats• BYOD – Bring your own device (to work)
• Adoption of the “cloud computing” model• Social Networks• Geographical Information Systems (GIS)
• Integrated real time sensors, telemetry and resource tasking• Multiple sources of data
• Deliberate attacks from Viruses/malware exploiting the changing landscape
Threat Actors
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
Source U.S Cyber Command
TERRORIST ACTS
CRIMINALELEMENTS
HACKTIVISTS
FOREIGNINTELLIGENCE SUPPLY CHAIN
VULNERABILITY
WIRELESS ACCESS POINTS
REMOVABLE MEDIA
NEGLIGENT USERS
INSIDER THREATS
THREAT ACTORS THREAT VECTORS
Focus of CYBER Security
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
People Systems
9
Rick’s Rules #1
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
Source U.S Cyber Command
The time to plan is not at the time of
crisis!
10
Rick’s Rules #2
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
The event causing the crisis de jour was most likely not an event that could or
was not anticipated!
11
Gordon Graham’s Rule of Risk Management
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
If it is predictable its preventable!
12
Significant Trends (Targets – U.S. “vital services”)
Source U.S Cyber Command
UNCLASSIFIED
Exploitation Disruption Destruction
(U//FOUO) Operation Black Summer (#OpBlackSummer) – Orchestrated by hacktivists groups Tunisian Cyber Army (TCA) and the Al Qaeda Electronic Cyber Army. The premise of the operation is to hack into varied U.S. systems, steal information, and release the information in a large data release on 11 September 2013. Main start-date is 31 May 2013.
Examples of the areas already targeted and hacked – U.S. State Department, Army National Guard, Custom and Border Protection, etc.)
Tactic used – SQL injection vulnerabilitiesSub-operation for #OpBlackSummer is called #FridayOfHorror, and usually targets one area following Friday prayer (ex: aviation systems, financial sector, etc.)TCA infiltrated a State of Ohio agency workstation in Chillicothe, OH 19 April 2013. This is currently being investigated by OSP.
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
13
Significant Trends (VOIP)
Source U.S Cyber Command
UNCLASSIFIED
(U//FOUO) Telephony Denial of Service (TDoS) – An international issue that involves the flooding of telephone systems from digitalized calls, usually targeting Voice over IP (VoIP) systems. The caller uses a spoofed number, and is usually located overseas in areas such as India. Result of intentional generation of illegitimate computer-generated phone traffic targeting a victim’s phone systemsSome leverage Voice Over Internet Protocol (VOIP) telephone equipmentHas the potential to significantly disrupt legitimate telephone call volume and impact continuity of operations
• Scheme: Payday loan scam or employee debt
• Targets: Public sector entities, including PSAPs, emergency communication centers, and businesses targeted
Exploitation Disruption Destruction
14
Significant Trends (VOIP)
Source U.S Cyber Command
UNCLASSIFIED
Ohio Incidents: • Ohio: Nov 2011 – 3 hospital lines flooded,
• Reported in February from Mentor Police Department (Cleveland) – Payday scamLE involved in business call, victim called local PD Then flooded police and fire emergency lines – 5 minutes
• February: Dublin local business received harassing phone calls of employee debt, threatening legal action called 40 times in 2 days.
• Brunswick city school system, Feb 2013 Payday loan scam “lit up all their phones” – VOIP for 2 days, hit off and on.
Exploitation Disruption Destruction
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
Presidential Executive Order 21
Policy
It is the policy of the United States to strengthen the security and resilience of its critical infrastructure against both physical and cyber threats. The Federal Government shall work with critical infrastructure owners and operators and SLTT entities to take proactive steps to manage risk and strengthen the security and resilience of the Nation's critical infrastructure, considering all hazards that could have a debilitating impact on national security, economic stability, public health and safety, or any combination thereof. These efforts shall seek to reduce vulnerabilities, minimize consequences, identify and disrupt threats, and hasten response and recovery efforts related to critical infrastructure.
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
1. Develop a State Cybersecurity Strategy,2. Appoint a Cybersecurity Committee3. Request and receive regular security briefings4. Practice cyber incident response5. Request attorneys review current IT contracts with vendors for security provisions.6. Ensure that hardware and software are being procured in a “secure manner.”7. Request attorneys review contractual relationships with third party service providers8. Use Multistate Information Sharing and Analysis Centers (ISACs) for intrusion detection and prevention, vulnerability scanning, penetration testing, and training and education services.9. Ensure that security and procurement/acquisition staff receive training and resources10. Identify business continuity and disaster recovery initiatives11. Work with law enforcement to prioritize cybersecurity.12. Use convening authority to raise statewide awareness.
Twelve Steps Governors Can Take to Improve Cybersecurity
Cybersecurity, Education, & Economic Development Council
121.92 Cybersecurity, education, and economic development council.
(A) There is hereby created the cybersecurity, education, and economic development council.
(G) The council shall conduct a study and make recommendations regarding both of the following:
(1) Improving the infrastructure of the state's cybersecurity operations with existing resources and through partnerships between government, business, and institutions of higher education;
(2) Specific actions that would accelerate growth of the cybersecurity industry in the state.
OHS Strategic Plan
Protection
Goal 3: Reduce risk to statewide infrastructure by implementing the National Infrastructure Protection Plan andeach of the supporting Sector Specific Plans where applicable. Risk reduction programs will address cyber, human, and physical security.
Cyber attacks often occur unnoticed, disrupting commerce and costing an estimated total of $46–70 billion in losses across the U.S.
OHS Cyber-Security Strategy
Initiative 1: Share cyber security threat information across the homeland security enterprise.
Initiative 2: Create a cyber security culture in state and local government.
Initiative 3: Partner with the public and private sectors to support their cyber security efforts.
Initiative 4: Identify cyber resources (human and equipment) to leverage for creating cyber incident response teams.
Initiative 5: Raise cyber security awareness across Ohio.
Resources Personal & Business Information
Resources Public Sector Monitoring
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
Source U.S Cyber Command
21
IT-ISAC members participate in national and homeland security
efforts to strengthen the IT infrastructure through cyber
information sharing and analysis.
Information Technology ISAC
(IT-ISAC)
In February 2010, the Department of Defense (DoD), DHS, and the
FS-ISAC launched a pilot designed to improve the sharing
of sensitive, actionable information.
Financial Services ISAC
(FS-ISAC)
The MS-ISAC provides a common mechanism for raising the level of
cybersecurity readiness and response in state, local, tribal, and
territorial (SLTT) governments.
Multi-State ISAC
(MS-ISAC)
22
Resources – SAIC Daily Briefing
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
U N C L A S S I F I E D F O R O F F I C I A L U S E O N L Y
Source U.S Cyber Command
UNCLASSIFIED
23
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
24
Resources – SAIC Daily Briefing
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
Questions & Discussion
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY
?
Contact Information
U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY