When Bad Things Happento Good Governments

The Year of the Breach The Cases: 2 You Know, 2 You Dont What Have We Learned? The 1 Thing You Must Do

Our Time Together

Cyber Security

BreachHackDDoS

MalwarePhishingMalwareSpywareRansom-ware

VirusesWormsBotnets

Information Security

Source: Center for Digital Government, Digital States, Counties, Cities, 2014.

Public IT Priorities

1. Cybersecurity2. Shared Services3. Cloud4. Mobility5. Staffing

1. Cybersecurity2. Staffing3. Shared Services4. Mobility5. Cost Control

1. Open Gov/Data2. Mobility3. Cybersecurity4. Staffing/Portal5. DR/ COOP

STATE CIOs COUNTY CIOs CITY CIOs

Elected + Appointed Officials

What Respondents Want in a Network

0% 20% 40% 60% 80% 100%

Redundancy

Ease of Maintenance

Availability

Security

Network

Source: Center for Digital Government, 2015.

How Did We Get Here?

Sources: ABC | KRON TV | WCPO TV | WWLP TV | WOCH TV |WTNH TV | KOIN TV | WSJ | AP | Sony | WH.gov

Ripped from the Headlines

The Rise of Hacking CrewsVikingdom2015: From Russia with Malice

Dr. Strangelove or: How I Learned to Stop Worrying and Love the BombSource: Universal Studios (1964)

Dj vu All Over AgainHere we are again, 50 years later

How I Learned to Stop Worrying and Love Cybersecurity

Our Panel

Career Defining Breaches

Managing the News Cycle

Managing the News Cycle

Michael Brown

August 9, 2014

Dateline: Ferguson

Flickr: Chuck Jines

August 9, 2014 January 7, 2015Sources: Operation Ferguson/ Al Jazeera America

Global-Local Hacktivism

Meanwhile in the Capitol 125 miles away...

Google Maps

War Room 24/7

colorofchange.org

Can Anyone Be 100% Ready?

Flickr: Steve Warren

The one unfinished part of the states cybersecurity program and plan when the crisis hit: DDoS

Dateline: Jefferson City

Flickr: Steve Warren

DAYS AS WORLDWIDE

Hacktivist Target: 123

Target: Governor Nixon

Flickr: Steve Warren

Target: Governor Nixon

colorofchange.org

The Grand Jury Decision

Scott Olson/ Getty Images

November 24, 2014

Attacks ramp up.And fall short.

Key Learnings: Jefferson City

Flickr: Steve Warren

1 Understand Hacktivist Motives and Methods2 Understand DDoS Attacks3 Assess Your Network and Infrastructure4 Prioritize Assets5 Develop a Plan6 Integrate Ops Centers (Network & Security) 7 Engage Partners Early (Public & Private)8 Establish and Exercise a War Room9 Monitor Social Media10 Remain Nimble and Adaptable

Flickr: Steve Warren

[Someone elses] crisis is a

terrible thing to waste!

From the War Room

There is Something for Everyone to Do

Cybersecurity = risk management. Incidents are inevitable. Prepare. Fund and support. Plan for PR.

Elected and Appointed Officials

What Have We Learned?The Little Red Breach Book

What Have We Learned?The Little Red Breach Book

Chief Information/ Technology Officers

Own the plan.Keep stakeholders informed. No

surprises. Champion a strong security

culture.

Identify best practices. Evaluate strategies, programs and

tools. Monitor critical systems and

infrastructure.

Chief Information Security Officers

What Have We Learned?The Little Red Breach Book

Take it seriously! Scrutinize the delivery systems. Rally agency resources.

Agency or Line of Business Managers

What Have We Learned?The Little Red Breach Book

Understand the importance of their own roles.

Train. See something, say something.Dont click on it.

Front Line Employees

What Have We Learned?The Little Red Breach Book

Adopt best practices. Adhere to requirements. Share timely information.

Service Delivery Partners PrivateNon Profit

What Have We Learned?The Little Red Breach Book

Encouraged through awareness campaigns to:

Do the basics. Stay alert for common tricks. Be a cybercrime-fighter.

General Public - Netizens

What Have We Learned?The Little Red Breach Book

Thing

The Exit Question

DOWNLOAD THE PRESENTATION AT

govtech.com/security

http://bit.ly/1D7wPuD