Cybersecurity: Operating in a Threat Laden World. Christopher Buse, Assistant Commissioner & CISO

Transcription

1 Cybersecurity: Operating in a Threat Laden World Christopher Buse, Assistant Commissioner & CISO

2 The Internet is Way Cool

3 Over 6.4 Billion Internet Things Smart lights controlled using a smartphone app or via the web, as can fans, hot tubs, water pumps, thermostats, even door openers Smart TVs connect to the Internet for web browsing, image sharing, gaming, or watching streaming video Today s cars are computerguided and wirelessly connected via Bluetooth, GPS, radio protocols Smart fridge can track what it stores, alerting when products expire, & even add items to smartphone shopping list Personal medical devices can be implantable or external & allow remote monitoring / treatment Security cameras & systems can be remotely armed & checked, get alerts or review your security feeds from any location F-35 fighter jet has a highly advanced computerized logistics system designed to minimize repair and re-equipping turnaround times by monitoring the plane s status and preemptively making service decisions so that ground crews are ready to go before the plane even lands Sources: Gartner, Forbes, Vice, Cisco IBSG, University of Michigan, ABC News, Qmed, Network World

4 Not Long Ago Computers Were Big Apollo Guidance Computer IBM System/360 Model 75 2 MHz processor 4 kb RAM 75 kb Storage Weight: 70 lbs 6 MB (6,000 kb) program Source:

5 Massive Capacity Roughly 42,000 times more capacity than it took to put humans on the moon Source:

6 There is a Dark Side

7 Unprecedented Cyber Threats the increasing prevalence and severity of malicious cyberenabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. I hereby declare a national emergency to deal with this threat. --- President Barak Obama Fraudsters Hacktivists Nation States THEFT DISRUPTION DESTRUCTION ADDITIVE MOTIVATION PROGRESSION LINE

8 Exponential increases in hacker activity Billions in losses Well-Funded Adversaries 8

9 Threat Landscape 90% Hacks perpetrated by external actors 60% Systems compromised within minutes 75% Initial compromises spread within 24 hours 50% New vulnerabilities became full exploits in less than 30 days 70 90% Malware samples are unique to an entity More Threats More Targeted More Sophisticated

10 Government is Behind

11 Timeline of State Governments at Risk A call to secure citizen data and inspire trust A call for collaboration and compliance Time to move forward Turning strategy and awareness into progress

12 Leaders Overestimate our Capabilities Confidence in Ability to Protect Against External Attacks State officials 66% CISOs 27%

13 Our IT Model is Tough to Defend

14 Lack of Resources is Biggest Problem

15 What Does This Mean for Minnesota?

16 Microcosm of the National Scene Spend less than 2% of total IT spend Service delivery gaps Attack surface that is difficult to defend Legacy systems with outdated technologies

17 Success Indicators Executive commitment: Security is #1 priority Solid planning foundation Talented staff that work together Wins under our belt

18 Cybersecurity Foundation Service Delivery Model Policies and Standards Strategic Plan

19 Strategic Plan 18 core strategies 5 year aspirational goals 2 year milestones Extensive vetting

20 Theme #1: Build Secure Systems

21 Security Engineering Integrated system development Specialized security tools System security plans Risk communication

22 Secure Datacenters 24*7*365 staffing Physical security Consistent and frequent patching Enterprise security program tools and processes

23 Secure Network Advanced monitoring tools Strong perimeter protection Data loss prevention

24 Theme #2: Improve Situational Awareness

25 Risk Management Ongoing application risk assessments Cybersecurity risk scorecards Cybersecurity insurance

26 Training General awareness training Targeted training Executive awareness

27 Theme #3: Minimize Operational Risk

28 Denial of Service Streamline mitigation processes Prepare for massive attacks

29 Vulnerability Management Find exploitable vulnerabilities faster Reduce time to remediate

30 Monitoring 24*7*365 coverage Advanced monitoring tools Faster incident response and forensics

31 Disaster Recovery Testable recovery strategies Exercise viability of plans

32 Theme #4: Foster Strategic Partnerships

33 Talent College talent feeder program Scholarship for Service

34 Threat Intelligence More intelligence feeds Local government coordination

35 What does this mean for Minnesota? It s time to execute.

36 Thank