1 / 28

Cyber Disruption: Probability and Response Readiness

Cyber Disruption: Probability and Response Readiness. WSEMA September 18, 2013. SHORT BIO. Partner, MK Hamilton and Associates CISO, City of Seattle Managing Consultant, VeriSign GSC Senior Principal Consultant, Guardent Independent Security Consultant CEO, Network Commerce, Inc.

kaia
Download Presentation

Cyber Disruption: Probability and Response Readiness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cyber Disruption: Probability and Response Readiness WSEMA September 18, 2013

  2. SHORT BIO Partner, MK Hamilton and Associates CISO, City of Seattle Managing Consultant, VeriSign GSC Senior Principal Consultant, Guardent Independent Security Consultant CEO, Network Commerce, Inc. Ocean Scientist, NASA/JPL

  3. Enabling Kevin Mitnick JPL, SunOS 4.13, and SATAN Accessing credit cards Oceanographic hacking FreeBSD and the FWTK The Bad Guys Network Commerce Inc. Don’t Try This

  4. Security Philosophy • Assume breach • Preventive controls not good enough • Detective controls more imperative as device population grows • Focus on key assets and event detection • Mobile security should be carefully evaluated • Prevention on the "network of things" will not scale

  5. Cyber Meets Emergency Services • Emergency response driven by IT disruption • What it would look like • What we normally do • How response is different • What we know now • How we are addressing the problem

  6. Local Government Services that affect quality of life, and life We’d like them to be there

  7. My Perspective • Credit cards, IP, and Infrastructure • Hacktivists, organized crime, and nation-states • Capability, meet intent

  8. Critical Infrastructure Now the target of most attacks Overall cyber attacks are up, but most dramatically in the last year, the type of attack has shifted away from hacking and financially motivated crime toward cyber espionage focused on critical infrastructure, such as utilities, according to research from communications provider Verizon. “These aren’t about stealing data and fraud, they’re about deny, disrupt and destroy,” said Bryan Sartin, director of investigative response for Verizon. In its upcoming Data Breach Investigation Report, a yearly document that is one of the more noteworthy surveys of attacks released to the public, the company found that cyber espionage, once a far lesser component of the attack volume, is now dominating networks. http://www.federaltimes.com/article/20130227/SHOWSCOUT01/130227002/Critical-infrastructure-now-target-most-attacks

  9. CRITICAL INFRASTRUCTURE It’s good business sense!

  10. Attack on Fake Control System

  11. Attack on Financial Sector

  12. Telephony Denial of Service

  13. The Tunisian Cyber Army

  14. #OpBlackSummer

  15. Closer to Home

  16. Closer…

  17. Clark County Website Defacement

  18. THREAT PROBAILITY: SIGNIFICANT

  19. How We Handle Disasters • Preparedness exercises • EOC Activation • NIMS: ESF2 and Logistics Branch • WebEOC and other IT-enabled methods • Role of the National Guard • Application of the Stafford Act

  20. What’s Different • Escalation path not defined • NIMS difficult to apply • Fusion Center as coordination point • No FEMA resource list, etc. • Mutual-Aid agreements • Role of the private sector

  21. State of Readiness • Exercises – Emerald Down, Evergreen, NLE12 • Fusion Center Cyber Analyst (intake@wsfc.wa.gov) • National Guard and State Response Plan for Significant Cyber Disruption • CIRCAS • FEMA resource typing • FBI cyber task force • US Attorney Jenny Durkhan

  22. PRISEM Public Regional Information Security Event Management Regional Asset for Situational Awareness and Common Operating Picture

  23. PRISEM History • DHS S&T funding to initiate; Five grants total • Participants contribute firewall logs, netflow, botnet alerts (Einstein); arbitrary devices under monitoring • Commercial SIEM infrastructure at UW APL • Cities of Seattle, Lynnwood, Bellevue, Kirkland, Redmond; Thurston and Kitsap Counties; Seattle Children’s Hospital, Snohomish PUD

  24. PRISEM IN ACTION: HUNT FOR APT1

  25. Before the Real Event • Conduct more exercises on cyber disruption • Finish the SCIRP • Cement the role of the Fusion Center • Continue working with FEMA • Conduct outreach to the Private Sector • Improve information sharing and situational awareness

  26. Benefits of Preparedness • Improved resilience • Avoiding cascading failures • Protect regional infrastructure • We learn to integrate

  27. Is Cybersecurity a Bubble?

  28. My Contact Information Michael Hamilton Chief Information Security Officer City of Seattle Michael.Hamilton@Seattle.gov 206.684.7971 (D)

More Related