ut dgs 15 presentation - breach - friedman
TRANSCRIPT
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
1/33
When Bad Things Happen
to Good Governments
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
2/33
First Second
Third
Our Panel Members:
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
3/33
Cyber Security
Breach
Hack
DDoS
Malware
Phishing
MalwareSpyware
Ransom-ware
Viruses
Worms
Botnets
Information Security
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
4/33
Source: Center for Digital Government, Digital States, Counties, Cities, 2014.
Public IT Priorities
1. Cybersecurity
2. Shared Services3. Cloud
4. Mobility
5. Staffing
1. Cybersecurity
2. Staffing3. Shared Services
4. Mobility
5. Cost Control
1. Open Gov/Data
2. Mobility3. Cybersecurity
4. Staffing/Portal
5. DR/ COOP
STATE CIOs COUNTY CIOs CITY CIOs
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
5/33
Elected & Appointed Officials
What they want in a network:
0% 20% 40% 60% 80% 100%
Redundancy
Ease of Maintenance
Availability
Security
Source: Center for Digital Government, 2015.
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
6/33
How Did We Get Here?
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
7/33
Sources: ABC | KRON TV | WCPO TV | WWLP TV | WOCH TV |WTNH TV | WH.gov
Ripped from the Headlines
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
8/33
Career-defining Breaches
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
9/33
The Rise of Hacking CrewsVikingdom2015: From Russia with Malice
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
10/33
Missouri Severely Tested
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
11/33
Michael Brown
August 9, 2014
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
12/33
Dateline: Ferguson
Flickr: Chuck Jines
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
13/33
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
14/33
Sources: Operation Ferguson/ Al Jazeera America
Global-Local Hacktivism
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
15/33
Meanwhile in the Capitol…
Google Maps
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
16/33
War Room – 24/7
colorofchange.org
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
17/33
Launch and Learn
Flickr: Steve Warren
The one unfinished part of the
state’s cybersecurity program
and plan when crisis hit: DDoS
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
18/33
Dateline: Jefferson City
Flickr: Steve Warren
DAYS AS WORLDWIDE
Hacktivist Target: 123
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
19/33
Target: Governor Nixon
Flickr: Steve Warren
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
20/33
Target: Governor Nixon
colorofchange.org
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
21/33
The Grand Jury Decision
Scott Olson/ Getty Images
November 24, 2014
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
22/33
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
23/33
What Have We Learned?
Flickr: Steve Warren
1 Understand attacker motives and methods.
2 Assess your network and infrastructure.
3 Integrate ops centers (network & security).
4 Prioritize assets.5 Develop a plan.
6 Establish and exercise a war room.
7 Engage partners early (public & private).
8 Monitor social media.9 Remain nimble and adaptable.
10 Everyone has a role.
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
24/33
Slides available atwww.govtech.com/events
(“Past Events” tab)
govtech.com/security
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
25/33
From the War Room
There is Something forEveryone to Do
To paraphrase a classic film title:
Dr. Strangelove: How I Learned to Stop Worrying and Love Cybersecurity
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
26/33
Cybersecurity = risk management.
Incidents are inevitable.
Prepare.
Fund and support.
Plan for PR.
Elected and Appointed Officials
What Have We Learned?The Little Red Breach Book
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
27/33
What Have We Learned?The Little Red Breach Book
Chief Information/ Technology Officers
Own the plan.
Keep stakeholders informed. No
surprises.
Champion a strong security
culture.
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
28/33
Identify best practices.
Evaluate strategies, programs and
tools.
Monitor critical systems and
infrastructure.
Chief Information Security Officers
What Have We Learned?The Little Red Breach Book
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
29/33
Take it seriously!
Scrutinize the delivery systems.
Rally agency resources.
Agency or Line of Business Managers
What Have We Learned?The Little Red Breach Book
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
30/33
Understand the importance of
their own roles. Train.
See something, say something.
Don’t click on it.
Front Line Employees
What Have We Learned?The Little Red Breach Book
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
31/33
Adopt best practices.
Adhere to requirements.
Share timely information.
Service Delivery Partners PrivateNon Profit
What Have We Learned?The Little Red Breach Book
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
32/33
Encouraged through awareness campaigns to:
Do the basics.
Stay alert for common tricks.
Be a cybercrime-fighter.
General Public - Netizens
What Have We Learned?The Little Red Breach Book
-
8/9/2019 UT DGS 15 Presentation - Breach - Friedman
33/33