1 / 13

Cybersecurity Threats in Higher Education

This brief highlights recent cyber threats to higher education institutions, including advanced persistent threats from suspected sources such as Russia, China, Italy, and Brazil. It also discusses specific data breaches and vulnerabilities in university systems.

reichel
Download Presentation

Cybersecurity Threats in Higher Education

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Cybersecurity Threat Bob Turner Chief Information Security Officer MTAG Brief - August 2015

  2. Recent cyber threats to higher education Advanced Persistent Threat Suspected Sources (Russia, China, Italy, Brazil) Late Breaking News!!! July 31, 2015: UConn Breached in what appears to be an APT style attack … malicious code detected in March 2015, trigger could have been in place as early as 2013!!! August 16, 2015: University of Virginia breached by an APT with malicious code discovered and confirmed in early June 2015. No loss of PII or PHI noted. • Cause: Malware • Target: : School of Engineering sensitive information and intellectual property • Duration: 2-years • Cause: Malware • Target: College of Engineering sensitive information and intellectual property • Duration: 2-years Second Attack with similar signatures at the College of Liberal Arts occurred in May 2015 Data Breach Attack • Cause: Web Server Exposure • Target: Campus web server containing ~37,500 financial identities. • Duration: 2 months • Cause: Infrastructure Exposure • Target: ID card server containing 300,000+ SSNs • Duration: 1 day University of Wisconsin–Madison

  3. Cybersecurity Definitions • Threat • Vulnerability • Risk Periodic Reporting • Network Activity and Indicators of Compromise • Threat Sources • Impact • Likelihood • Risk Rating • Updates and Initiatives Common Ground University of Wisconsin–Madison

  4. What are the current attack vectors? Changes in Higher Education From 2014 Wisegate Survey: Assessing and Managing IT Security Risks University of Wisconsin–Madison

  5. Foreign adversaries and economic competitors * • Take advantage of the openness and collaborative atmosphere • Academic Event Exploitation * • Social Engineering & Theft of Intellectual Property • Academic Espionage * • Social media manipulation; using false identities to solicit sensitive information • Academic event solicitation; using a conference to solicit sensitive information • Tour groups/delegation visits; pretending to be lost and wandering into sensitive areas, or to gain physical access to automated systems. • Studying abroad; coercion and recruitment by foreign government agents • Information Sharing (…the open environment) ** • Steal technical information or products • Bypass expensive research and development • Spread false information for political or other reasons What is the Cyber Threat? Options: Detection or Prevention * = From FBI Counterintelligence SPIN 15-006 dated June 2015 ** = From FBI Report, Higher Education and National Security - April 2011 University of Wisconsin–Madison

  6. Critical Computer / Person Vulnerabilities • Lenovo & Superfishspyware • Adobe Flash / Microsoft / Java • Compromised Credentials (Phishing) • Browser vulnerability to cross-site scripting (IE11) Network Scanning Activity • IT Security Team reviews logs for attacks and reports to the CISO daily. Recently, this activity has resulted in notifications to 10 web server administrators resulting in improved security configurations. Reflects status of implementing system alerts received since Jan 2015 90 Day Threat Window Events per Week Sample Points in 2015 Impact if Not Patched or if Breached • Web sites can be altered or taken off-line • Critical data obtained • Elevated privileges • Loss of research data, systems off-line for repair and recovery MTTD – Detection MTTR– Remediation Critical Server Patches and Significant Vulnerabilities • Multiple WordPress security releases • Factoring Attack on RSA-Export Keys (”FREAK”) • OpenSSL Security Advisory (patches released) • Drupal core vulnerabilities and patches • VENOM vulnerability University of Wisconsin–Madison

  7. Activity • Summary of Events • Significant Issues • Threat Report • Impact • Likelihood • Risk rating • Updates and Initiatives Quarterly Cyber Threat Brief Options: Detection or Prevention University of Wisconsin–Madison

  8. Academic and research responsibilities can be burdened when cybersecurity processes and procedures are not risk reducers • While research environments are run by talented technologists providing adequate security controls, providing system information to the campus wide cybersecurity team should follow industry best-practices • Remote scans and continuous monitoring are options for gathering vulnerability information and can be run during off-peak hours • Perceptions (and a little reality) that vulnerability and asset management scanning slows down higher performance networks • Computing power and high bandwidth can mask criminal activity • Scans can be tailored to be as non-intrusive as possible or scheduled to occur outside peak computing windows • Not all campus networks have adequate IT support or appropriately trained cybersecurity staff • The Office of Cybersecurity can provide support on a transactional basis Balancing Risk, Security and Convenience Options: Detection or Prevention University of Wisconsin–Madison

  9. Cybersecurity in Layers • Defensive controls form a bastion relationship with implementation risk increasing the closer to the data you get • Requires a greater focus on user enforced controls and training • Balance between people, process and technology components • Tailor RMF to match SDLC, taking into account the need for high functioning CMdB Relationship between Systems Development Life Cycle (SDLC) and Risk Management Frameworks Relationship between data and layers of control University of Wisconsin–Madison

  10. Here is a sample of Threat Actor actions and activities we can prove through tools and observation: What can we prove? Options: Detection or Prevention University of Wisconsin–Madison

  11. Known threat actors and attack signatures that cannot be detected without external cyber intelligence feeds: • Cleared staff to get access to intelligence providing better understanding of the motivations and practices of more significant threats and threat actors • File checksums on individual end points • - Issue: Need increase end point visibility • Network attack signatures over encrypted channels • Issue: Need increased sharing of campus web server logs and improved processes for log analysis • Issue: Need technology to assist viewing encrypted traffic • Palo Alto (end points) • Citrix (web servers) Other Concerns Options: Detection or Prevention University of Wisconsin–Madison

  12. How can we address the cyber threat? Increased network and system visibility Proactive management of vulnerabilities • Action Plan • Establish a centralized vulnerability management approach • Persistent network and web application scanning • End-Point monitoring with our vulnerability management tool (Secunia - excludes Mac, Linux, printers and most network devices) • Improve network monitoring and analytics capabilities • Communicate cybersecurity strategy, vulnerability information and scan/patch status to leadership and system/network owners • Advise on operating in environments with increased risk Does not represent all Campus end-points (estimated 56K total) University of Wisconsin–Madison

  13. What questions do you have? http://www.cio.wisc.edu/security.aspx University of Wisconsin–Madison

More Related