1 THREAT LANDSCAPE AGENCY CHALLENGES LESSONS LEARNED THE PATH FORWARD BEN SMITH CISSP CRISC FIELD CTO US EAST BENSMITH Agenda 1 2 The four threat actor categories 4 3 A dditional resourc ID: 842724
Download Pdf The PPT/PDF document "TODAYS PUBLIC SECTOR" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1 1 TODAYâS PUBLIC SECTOR THREAT LANDSC
1 TODAYâS PUBLIC SECTOR THREAT LANDSCAPE AGENCY CHALLENGES, LESSONS LEARNED, THE PATH FORWARD BEN SMITH CISSP CRISC FIELD CTO (US EAST) @BEN_SMITH Agenda 1 2 The four threat actor categories 4 3 A dditional resources Public sector attacks & impact * Things to think about in your agency SAMPLE REFERENCE â âHunting
2 for Sharksâ Teeth (and Other IOCs)â
for Sharksâ Teeth (and Other IOCs)â https :// blogs.rsa.com/hunting - sharks - teeth - iocs/ RSAâs portfolio Four Categories of Attackers Cybercriminals Nation - States âHacktivistsâ Cyber - Terrorists Cybercriminals ⢠Largely financially motivated ⢠Typically target PII, PCI, financial services, retail - PII (pers
3 onally identifiable information); PCI (p
onally identifiable information); PCI (payment card industry) ⢠Large attack scale - Example: thousands of spam emails...and just one enduser click needed ⢠Cybercrime is a proven business model - Organized, sophisticated supply chains - âAffiliateâ models - Ransomware - as - a - service Nation - States ⢠Targets - Go
4 vernment , defense industrial base (DIB)
vernment , defense industrial base (DIB), IP - rich organizations - Decision - making intelligence, other business logic, executive emails ⢠Well - researched , narrowly - targeted attacks - Executive spear - phishing - Watering holes - âVOHO,â researched & published by RSA FirstWatch - Expatriates - â GlassRAT ,â
5 researched & published by RSA Research
researched & published by RSA Research Will Gragido , âLions at the watering hole â the âVOHOâ affairâ [2012] https://blogs.rsa.com/lions - at - the - watering - hole - the - voho - affair/ Peter Beardmore, âPeering into GlassRAT â [2015] https://blogs.rsa.com/peering - into - glassrat/ Hacktivists ⢠Targets -
6 Political targets of opportunity - A
Political targets of opportunity - All verticals ⢠Goals - Further social and political interests - Mass disruption, mercenary ⢠Can be well - researched and/or large - scale ⢠Largely â doxxing â activity and website defacement Cyber - Terrorists ⢠ISIL desires to recruit cyber talent - Appeals (both overt a
7 nd covert) to young, tech - savvy indivi
nd covert) to young, tech - savvy individuals - Mention of a âcyber - caliphateâ has been noted in ISIL communications ⢠Current activities appear to be limited to account takeover, website defacement, and â doxxing â ⢠Unsuccessful power grid attacks have been attributed to ISIL by the US Government - âEmbracing th
8 e most convenient attack, rather than th
e most convenient attack, rather than the largest or most gruesome oneâ - âLow - level attacks of opportunityâ POLITICOâs Joseph Marks, âISIL aims to launch cyberattacks on U.S.â [December 2015] http://www.politico.com/story/2015/12/isil - terrorism - cyber - attacks - 217179 The CIA Triad Integrity Indiana county gove
9 rnment shut down by ransomware to pay u
rnment shut down by ransomware to pay up ; City, streetcar project scammed for $3.2 million ; Ransomware Hackers Blackmail U.S. Police Departments ; E - mail phishing caused county to lose $ 566,000 ; DHS: Over 300 incidents of ransomware on federal networks since June ; 756,000 Warned As L.A. County Workers Fall For Phi
10 shing Attack ; City of Sarasota's syst
shing Attack ; City of Sarasota's system hacked by ransomware, data held hostage ; Hackers hit D.C. police closed - circuit camera network, city officials disclose Indiana county government shut down by ransomware to pay up ; City, streetcar project scammed for $3.2 million ; Ransomware Hackers Blackmail U.S. Police Depa
11 rtments ; E - mail phishing caused coun
rtments ; E - mail phishing caused county to lose $ 566,000 ; DHS: Over 300 incidents of ransomware on federal networks since June ; 756,000 Warned As L.A. County Workers Fall For Phishing Attack ; City of Sarasota's system hacked by ransomware, data held hostage ; Hackers hit D.C. police closed - circuit camera network,
12 city officials disclose 2016 Deloitte -
city officials disclose 2016 Deloitte - NASCIO Cybersecurity Study [32pp] Hactivists ⢠âEarly last year, hackers launched a cyberattack against the state of Michiganâs main website to draw attention to the Flint water crisis. In May, they targeted North Carolina government websites to protest a controversial state law
13 requiring transgender people to use bath
requiring transgender people to use bathrooms that match the sex on their birth certificate. And in July, they took aim at the city of Baton Rougeâs website after the fatal police shooting of a black man .â 160 65 Hacktivist incidents directed against U.S. state and local governments, as tracked by MS - ISAC: 2015 2016 âH
14 acktivistsâ Increasingly Target Local
acktivistsâ Increasingly Target Local and State Government Computers Nation - States ⢠âOPM first announced in early June [2015] that the background investigation records of millions of current, former and prospective federal employees and contractors had been stolen in a cyber intrusion that started in early 2014. OPM
15 Hack: Government Finally Starts Notifyin
Hack: Government Finally Starts Notifying 21.5 Million Victims ; Inside the Cyberattack That Shocked the US Government In mid - June, the agency disclosed a second larger attack that targeted information for millions more Americans who applied for security clearances.â Have You Thought About⦠1. Third - party accounts & acce
16 ss to your network 2. Personal email acc
ss to your network 2. Personal email accounts associated with your executives 3. Risks associated with traveling laptops, phones, personnel - While away from the agency, after returning to the agency 4. States/provinces and localities with selective purchasing legislation - Targets for hacktivists, foreign entities, âpatriotic
17 hackersâ 5. What type(s) of visibili
hackersâ 5. What type(s) of visibility do you have within your own agency ? Situational Awareness is not an âEasy Buttonâ The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation [241pp] ⢠Comprehensive visibility must include full packet capture ⢠Reactive behavior vs
18 . proactive hunting for adversaries Addi
. proactive hunting for adversaries Additional Public Sector Resources Local Government Cyber Security: Getting Started (A Non - Technical Guide) [ 16pp ] Additional Public Sector Resources Cybersecurity Guide for State and Local Law Enforcement [61pp] Additional Public Sector Resources ICMA Survey Research: Cybersecurity 201
19 6 Survey [12pp] Additional Public Sect
6 Survey [12pp] Additional Public Sector Resources 2016 Deloitte - NASCIO Cybersecurity Study [32pp]; 2014 Deloitte - NASCIO Cybersecurity Study [32pp]; 2012 Deloitte - NASCIO Cybersecurity Study [40pp] Additional Public Sector Resources State of the States on Cybersecurity [42pp] Additional Public Sector Resources State
20 Cybersecurity Resource Guide [60pp] Wee
Cybersecurity Resource Guide [60pp] Weekly WebEx âLunch and Learnâ session Statewide cyber exercises for locals, tribes and private sector Kids Cyber Awareness Poster contest â CyberGirlz â workshops to prepare middle - and high - school girls for careers in cybersecurity Food For Thought: Cyber Security Awar
21 eness Food Truck Rally âAsk a Hackerâ
eness Food Truck Rally âAsk a Hackerâ video series Publicize Cyber Security Awareness Month on highway billboards Disabled Veteran Cyber Apprenticeship Program âSpot the Security Gapâ Game Additional Public Sector Resources ⢠A recent one - hour panel covered⦠- Budget constraints associated with maintaining a cyb
22 er framework - Evaluating cybersecurity
er framework - Evaluating cybersecurity vendors - Artificial intelligenceâs role in cybersecurity - Cultivating cyber talent Federal News Radio: In Focus: Threat intelligence in the private and public sectors ⢠Ron Carback , Defense Intelligence Officer for Cyber at the Defense Intelligence Agency ⢠Tim Ruland , Chief In
23 formation Security Officer at the U.S. C
formation Security Officer at the U.S. Census Bureau ⢠Shaun Khalfan , Chief Information Security Officer at U.S. Customs and Border Protection ⢠Dr. Zully Ramzan , Chief Technology Officer at RSA Defend Yourselfâ¦Wisely! Visibility Identity Risk Fraud Triple the impact of your existing security team NETWITNESS SUITE Accel
24 erate business while mitigating identit
erate business while mitigating identity risk SECURID SUITE Know which risk is worth taking ARCHER SUITE Take command of your evolving security posture RISK & CYBER SECURITY PRACTICE Act faster than the speed of fraud FRAUD & RISK INTELLIGENCE SUITE The RSA Portfolio Incident Response Retainer, Incident Discovery, Incident Res
25 ponse, IR Hunting Services, Breach Mana
ponse, IR Hunting Services, Breach Management Advanced SOC Design & Implementation Future State Design, Technology Acquisition, Advanced SOC Implementation, Residencies, Education Services Incident Management Program Development Incident Management Lifecycle Development, Threat Detection, Use Case Development, Metrics and KPI Mo
26 deling Cyber Threat Intelligence Program
deling Cyber Threat Intelligence Program Development, Portal Implementation & Customization, Threat Research Security Readiness and Strategy Current State & Gap Analysis, Maturity Modeling, NIST CSF Roadmap Development Advanced Cyber Defense (ACD) Archer SecurID NetWitness Take command of your evolving security posture RISK &
27 CYBER SECURITY PRACTICE Fraud & Risk In
CYBER SECURITY PRACTICE Fraud & Risk Intelligence The RSA Portfolio Secure your Infrastructure Endpoint Data Security Network NSX Data Isolated Recovery Improve your Response Done With You Do It Yourself Translate to Business Risk All Risk Cloud DELL TECHNOLOGIES: SECURITY TRANSFORMATION BEN SMITH CISSP CRISC RSA FIELD CT