Cyber Threat to Critical Infrastructure Mike Lettman Chief

Cyber Threat to Critical Infrastructure Mike Lettman Chief

Cyber Threat to Critical Infrastructure Mike Lettman Chief Information Security Officer State of Arizona Why Cyber? There is no such thing as a cyber emergency, there are only emergencies caused by many things. In order to declare a state of emergency you need to have kinetic affects, threats to health and public safety Many things can cause an emergency: nature, man made, cyber, accident, malfunction Major General Michael McGuire TAG State of Arizona Headlines Ukraine says Russian cyber attacks targeted its main airport Jihadists in the West are taught to DERAIL trains and target stations in chilling new al-Qaeda terror guide that includes lists of 'vulnerable' US rail routes FBI and Homeland Security launch probe as foreign cyber attackers target U.S. water supply

What Could Go Wrong? What if? Road Energy Sirens Water Telecom Transportation Dams What did go Wrong? History of cyber and physical Sept 2007

Nov 2007 Jan 2014 Dec 2015 Oct 2016 April 2017 May 2017 June 2017 DHS Generator Natanz nuclear power North Carolina Ukraine power grid IOT attack on DYN Dallas sirens WannaCry ransomware Notpetya ransomware Maersk Who and How Who Hacktivists Anonymous, WikiLeaks

Insiders Snowden Criminals Individuals, gangs, groups Terrorist ISIL, al-Queda Nations US, China, Russia, Israel, Iran How SQL injection BotNet Phishing Social Media Infected Websites Why is there concern?

Why - Attacks Cyber Investigations 15/Day Trojan Attempts 3000/Day SQL Injection 50/Day SPAM 100K/Day Web Activity 8.3M/Month Why - Cost

2016 there was 1093 breaches 36,601,939 records 19,699,094 ssns 7,472,540 credit cards @$250 = $9,150,484,750 cost to organizations Layered Security Protect National Cyber Security Framework Remediate Critical Security Controls Municipal and Small Business Cyber Impacts Tina Slankas Deputy Director, City of Phoenix Office of Homeland Security & Emergency Management Community Impact of Cyber Click to add text

Community Impact of Cyber Business email compromise Fraudulent email from executive ordering a money transfer or bank change Currently hitting real estate companies around escrow October 2013 December 2016 $5.3 billion lost Ransomware Malicious software that encrypts your files until you pay a ransom Trend started around 2012 Key targets: Hospitals, Local government, Police departments Cost includes downtime and data loss Ransomware damage may exceed $5 billion in 2017

How Ransomware Gets In How Much Are Ransoms? Impacts to Small Business The World Economic Forum classifies cybercrime as a Top Global Risk. 85% of business assets are in digital form Small businesses are a target. Easy target for cybercriminals. Systems as a secret doorway into their corporate partners networks. Experience a higher proportion of cybercrime costs Experience the disruptive effects of data breaches both immediately and in the long term

Last year alone over 430 million new versions of malware launched on the open web Any device connected to the Internet can be hacked. Devices offer hackers quick access to businesses data through unsecured Wi-Fi networks Compromised IoT devices and turn them into bots to use in future attacks Adequate security protocols do not yet exist Over 75% of all cyberattacks target known vulnerabilities Costs of Cybercrime

In 2015 cyber attacks cost businesses as much as $400 billion a year From 2013 to 2015 the cyber crime costs quadrupled Projected to quadruple from 2015 to 2019 Cost of data breaches will increase to $2.1 trillion globally by 2019 The average cost of one cyber breach $4 million globally $7 million in the United States One cyberattack can result in millions of dollars in expenses: < 30 days to contain a cyberattack, the average cost is $7.7 million > 90 days, the average cost is $12.2 million

Immediate costs: Customer breach notifications Post breach customer protection Regulatory compliance fines Public relations/crisis communications Attorney fees and litigation Technical investigations Loss of customer trust Disruption of normal business operations Immediate financial losses Long term costs: Increase in insurance premiums Operational disruptions Lost value in customer relationships Value of lost contract revenue Devaluation of trade name Loss of intellectual property Loss of future business contracts and relationships Cyber Threats to Private Industry

Financial Services Michael Kirby II Head of FIS Risk and Cybersecurity Product Strategy 9/11/2017 Threats and breaches have permanently disrupted the industry Cybercrime is #3 on the list of FBI National Security threats: 1. Biological Weapons 2. Nuclear Weapons 3. Cybercrimes 4. Climate Change 5. Transnational Crime 2001 2002 (Nov) U.S. Justice

Department announces more than 70 indictments and 125 convictions or arrests for phishing, hacking, spamming and other Internet fraud as part of Operation CyberSweep 2003 ISO establishes ISO 27001, a formal information security industry standard 2004

2005 National Cyber Investigative Joint Task Force (NCIJTF) serves as the national focal point for coordinating cyber threat investigations 2006 (Feb) Top 5 Bank has 1.2M names and SSN numbers stolen (Feb) FBI's e-mail system is hacked (April) Top 5 Bank/ Top 10 Bank/ Bank insiders hack 670K+ accounts (June) CardSystems admits hackers planted virus and accessed 14M credit card numbers (potentially 40M); company folds Equifax and TransUnion, Canadas

main credit bureau receive an average of 1,600 calls / month regarding the theft of financial or credit information (Aug) Richard Clarke, chairman and CEO, Good Harbor Security Risk Management LLC delivered a stern warning of the realities of cyberspace, reiterating what U.S. Attorney General Eric Holder recently pointed out, There are two types of American companies, those that have been hacked and those that dont know they have been hacked 2007 2008 2009

(Jan) Hackers break into Department of Homeland Security computers, install malware, and transfer files to a remote Chinese-language Web site; Unisys (the contractor) charged with covering up the intrusion (April) Large Life Insurance discloses approximately 1.2M users were potentially exposed as the result of a vulnerability in the portfolio information system 2010 2011 (Jan) FBI warned U.S. retailers to prepare for more cyber attacks after discovering about 20 hacking cases in the past year that involved the

same kind of malicious software used against Target 2012 (April) Sony announced 77M account holder information was breached via Sony PlayStation Network including account holder identification, DOB, e-mail, home address, login info and up to 12M account holders credit card information (June) Top 10 Bank reported that 210,000 card holders had their personal data compromised by hackers; stolen info included names, account #s and e-mail addresses

2013 2014 Target breach Home Depot breach (April ) MasterCard and Visa alerts market that card processor Global Payments systems have been breached and as many as 10M cards may have been compromised 17

2016 Community analysis IBM: Security trends in the financial services sector Financial Services customers had 65% more events than other industries up 29% from 2015 Threat actors 94% External, 6% Internal Data compromised 71% Credentials, 12% Payment, 9% Personal VZN DBIR 75% Outsiders, 25% Internal actors. Focus: Vulnerabilities, Phishing, Credentials Dimension Data (2016 report) Spear-phishing 17% of 2015 incidents, up from 2% in 2014 Brute Force up (2% => 7%), DDoS down (4% => 3%), Malware up (2% => 5%) Geographical shift: more US now End-point security remains a key weakness

18 2016 Cybersecurity Trends Motivations and attacks Denial of Service (DoS/DDoS): Extortion, Fun, Punishment, Competition Ransomware: Extortion, some Punishment Data Theft: Sales, Espionage, Identity Theft, Fun, Embarrassment Credential Theft: Sales of credentials, credential reuse, password list aggregation Botnets: DDoS, Bitcoin mining, Spam, illegal storage 19 Defense Challenges Endpoint control weak (patch, behavioral)

Polymorphism and the demise of signature-based defense SWIFT: weak banks, long-term recon No silver bullets Each layer has weaknesses IOCs growing at alarming rate High volume of threat data and indicators is difficult to manage Credentials (reused, weak) Cannot alert on password attacks if they use the right password Strategic challenges Bigger, more complex customers need bigger, more complex solutions Regulatory and industry standard changes Changing threat landscape (Ransomware changes) 20 Aggregated Defense Recommendations Community analysis

IBM Training and employee awareness Proprietary Email and IAM solutions Augmented cyber security intelligence VZN DBIR (Vulnerabilities) Targeted methodical patching, mitigation, scanning (Phishing) Filter email, awareness training, segmentation, strong AAA, Monitor outbound traffic (Credentials) Strong unique passwords (Web App) MFA for critical apps, validate input, patch platforms and third party plugins interesting... focus on the web app, not how to protect from the web app Dimension Data Effective patch management Social engineering (phishing) training Endpoint protection / detection Threat intelligence Ad-blocking software IP reputation

21 The Layered Approach LAYERED SECURITY FRAMEWORK Defense in Depth is an Information Assurance strategy utilized by Managed Security Services in which multiple layers of defense are placed throughout an Information Technology system. It addresses security vulnerabilities in personnel, technology and operations for the duration of the system's lifecycle. Access Management

DATA APPLICATION HOST NETWORK PERIMETER Encryption Access Control Input Validation Host IDs Vulnerability Assessment Access Control Host IDs Virus Protection Vulnerability Assessment Access Control Intrusion Detection

Intrusion Prevention Vulnerability Assessment Access Control Firewall VPN Encryption Access Control 22 Example: Defense in Depth More recent trending Google OATH Phishing Campaign (May 2017) Phishing attack, appeared to be Google Docs sharing from known Google contacts Sent to 736 customers 702 blocked by Email Gateway due to invalid recipients, SPAM, or trending SPAM. 30 delivered but ignored/deleted by users 4 users clicked the bait but denied access due to Unclassified blocking. 0 infected endpoints found

Google took immediate action to protect users, including removing the fake Google Docs pages and disabling the offending accounts. Example: Web Security Web requests blocked, 2016 Block Type Blocked by Category Sum of Hits Webrep 25,178,540 Adobe Flash 16,844,059 Unclassified

4,601,239 Unclass+Flash Unclass+Flash; 134,796; 0.29% PUA; 26,027; 0.06% Virus; 2,985; Spyware; 0.01%14; 0.00% Unclassified; 9.83% 134,796 PUA 26,027 Virus

2,985 Spyware Adobe Flash; 36.00% Webrep; 53.81% 14 Total 46,787,660 24 2016 FIS and/or its subsidiaries. All Rights Reserved. FIS confidential and proprietary information. Cyber Resources Owen Zorge State Compliance and Privacy Officer Federal Cyber Resources

US Department of Homeland Security Stop. Think. Connect. October is National Cyber Security Awareness Month Weekly Themes Toolkits: Students, Parents and Educators, Professionals, Older Americans, Government, Industry, Small Business, Law Enforcement US Computer Emergency Readiness Team (US-CERT) Strives for safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners. Ready.Gov Planning Ahead for Disasters National Cyber Resources Information Sharing and Analysis Centers (ISAC) National Council of ISACs

Sector-based ISACs that collaborate with each other across private and public sector critical infrastructure. Automotive, Aviation, Communications, Defense Industrial Base, Electricity, Emergency Management, Financial, Healthcare, Multi-State, Transportation, Water, and others. Local Cyber Resources Arizona Infragard Mission: to help protect Arizonas infrastructure by supporting the priorities of the FBI; to cultivate partnerships with public and private sectors through bi-directional sharing of actionable information, training and educational events. Arizona Cyber Threat Response Alliance (ACTRA) Mission: The hub for collaborative cyber information sharing in a neutral environment of trust where partners from industry, academia, law enforcement, and intelligence come together Arizona Counter Terrorism Information Center (ACTIC) , 1-877-2-SAVE-AZ

The ACTIC is a joint effort between the Arizona Department of Public Safety, Arizona Department of Homeland Security , Federal Bureau of Investigation, and other participating agencies providing both intelligence, investigative and technical support to state, local, tribal and federal law enforcement agencies as well as other agencies critical to Arizona and the countrys homeland security efforts. Cyber Resources Best Practices National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Identify, Protect, Detect, Respond, Recover NIST Special Publications (SP) 800-53 Rev 4, Security and Privacy Controls Other Cybersecurity Frameworks International Standards Organization (ISO) 27001 / 27002 Control Objectives for Information and Related Technology (COBIT)

Information Privacy Health Insurance Portability and Accountability Act (HIPAA) Do you process any Protected Health Information (PHI)? Payment Card Industry Data Security Standard (PCI DSS) Do you process or store any Payment Card information? Personally Identifiable Information (PII) NIST SP 800-122 nformation-pii Do you process or store SSNs, Date of Birth, etc.? What You Can Do As Leaders Demonstrate active support for cybersecurity

Create a culture of cyber security Emphasize its importance (tone at the top) Resource it appropriately (budget and people) Chat regularly with your CISO Discuss the organizations current security posture, threats and risks, and needs Follow processes and security safeguards Be a good example Dont circumvent processes (thats how business email compromises occur) Dont post/share passwords Call to Action Complete Cyber Security Awareness Training Identify Essential Functions?

What are the core functions under normal conditions? What is your processes for providing your services? Are functions documented and written in a clear description for readers? Estimation of personnel and Vital Records or Resources for each function? Have the functions been sorted by Tiers and Prioritized? Do you have a plan? What are you going to do? Who are you going to call? What resources do you have available? Monthly Exercises Can organization function for 1 hour without tech? No computers No internet No databases Top Ways to Prevent Cyber Attacks

Dont click on ANYTHING Unexpected email attachments Links in email messages even if they promise tantalizing pictures! Ads on websites (banner ads, ones on the sides of pages) Ensure your anti-malware software is running and up-to-date Set it to automatically update Apply all software updates/security patches when released Set your PC to automatically update Use a strong, unique password Questions Owen Zorge State Compliance Officer Mike Lettman Chief Information Security Officer Arizona Department of Administration [email protected] Tina Slankas Deputy Director, Office of Homeland Security & Emergency Management Michael Kirby Head of FIS Risk and Cybersecurity Product Strategy, FIS 36

Recently Viewed Presentations

  • BIOL 4120: Principles of Ecology Lecture 17: Community Ecology

    BIOL 4120: Principles of Ecology Lecture 17: Community Ecology

    BIOL 4120: Principles of Ecology Lecture 19: Decomposition and Nutrient Cycling ... etc Spiraling Varies with speed of water Varies with biological system holding nutrients Retention of detritus can results in tighter spiral Woodland stream P moves 10.4 m/d P...
  • Mrs. Prices 2nd Grade Insert Class Photo Mrs.

    Mrs. Prices 2nd Grade Insert Class Photo Mrs.

    Please stop by the school office to complete a Volunteer Fingerprinting Form to start the process. For more information on visitors/volunteers on campus please see page 19 of the 2015-2016 KSD Family Handbook. Pets . and Other Animals. For the...
  • The New Testament

    The New Testament

    The New Testament about Christ was not written until AFTER Christ ascended back to the Father. The process of putting the Old and New Testament together took many steps, including: 1. Translating the Hebrew Old Testament into Greek, called the...
  • Reporting and Accountability Understanding Success Anne Couillard Settlement

    Reporting and Accountability Understanding Success Anne Couillard Settlement

    utcomes for clients are a key focus but two-way street important. Specific level of outcomes for specific clients groups. 6. Immediate outcomes. Clients increase knowledge of life in Canada. Intermediate outcomes. Clients access services that meet their needs . Clients...
  • Answer Key- LO 2.3 - Winston-Salem/Forsyth County Schools

    Answer Key- LO 2.3 - Winston-Salem/Forsyth County Schools

    Answer Key- LO 2.38Which of the following statements is validas to why the ground squirrel will sacrifice itself to help other squirrels? A)The ground squirrels biological behavior indicates it is trying to attract a female.B)Every group of ground squirrels assigns...
  • Rotation Schedule

    Rotation Schedule

    If you finish early, use the questions to quiz your reading partner! Wednesday. SCIENCE TEST! Thursday. Find the list of outer space book assignments according to your reading level. Partner read your leveled book. 4. Friday. Continue to read your...
  • Présentation PowerPoint

    Présentation PowerPoint

    en capacité de rassembler au-delà des disciplines, secteurs, domaines, tous les acteurs (territoires de projet, élus, techniciens, entreprises, associations, SCOOP, SCIC, chercheurs, laboratoires, consultants, collectifs citoyens, Conseils de Développement, personnes physiques…) et la construction d'un . Fonds de Dotation
  • HIV Counseling, Testing and Linkage Getting Ready to Test

    HIV Counseling, Testing and Linkage Getting Ready to Test

    Uni-Gold™ Rapid HIV Fingerstick Procedure. Identify fingerstick location, clean the area with Alcohol Wipe, and allow to dry. Make puncture with Lancet. Wipe away the first drop of blood with a sterile gauze pad. Identify the fingerstick location ( usually...