EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

Similar documents
Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Retail Security in a World of Digital Touchpoint Complexity

Statement for the Record

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Cybersecurity Session IIA Conference 2018

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Defending Our Digital Density.

Corporate Security & Emergency Management Summary of Submitted 2015 Budget From Rates

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

ISACA West Florida Chapter - Cybersecurity Event

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Department of Management Services REQUEST FOR INFORMATION

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cyber Security Technologies

Service Provider View of Cyber Security. July 2017

JSC THE JUSTICE & SAFETY CENTER. Snapshot 2014

Government IT Modernization and the Adoption of Hybrid Cloud

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

European Union Agency for Network and Information Security

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cyber Attacks & Breaches It s not if, it s When

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Security and networks

Itu regional workshop

Cybersecurity: Operating in a Threat Laden World. Christopher Buse, Assistant Commissioner & CISO

THALES DATA THREAT REPORT

Cyber Security: Threat and Prevention

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

Cyber Security and Cyber Fraud

CISO View: Top 4 Major Imperatives for Enterprise Defense

CCISO Blueprint v1. EC-Council

Turning Risk into Advantage

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

align security instill confidence

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Cyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Oregon State Police. Information Technology. Honor Loyalty. Pride Dedication

CloudSOC and Security.cloud for Microsoft Office 365

Cybersecurity in Higher Ed

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

CYBER SOLUTIONS & THREAT INTELLIGENCE

with Advanced Protection

Cybersecurity and Nonprofit

Transport and ICT Global Practice Smart Connections for All Sandra Sargent, Senior Operations Officer, Transport & ICT GP, The World Bank

Cyber-Threats and Countermeasures in Financial Sector

locuz.com SOC Services

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Combating Cyber Risk in the Supply Chain

CISO Success Strategies: On Becoming a Security Business Leader

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Keep the Door Open for Users and Closed to Hackers

CIRT: Requirements and implementation

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

GOVERNMENT IT: FOCUSING ON 5 TECHNOLOGY PRIORITIES

Business continuity management and cyber resiliency

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

A company built on security

SHARE Session Protecting Critical Data on a z/os Mainframe: A New Attitude

STRATEGIC PLAN

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Jeff Wilbur VP Marketing Iconix

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Effective Partnerships: Security and Privacy in Smart Cities

Cybersecurity and Hospitals: A Board Perspective

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Cyber, An Evolving Ecosystem: Creating The Road For Tomorrows Smart Cities

About Issues in Building the National Strategy for Cybersecurity in Vietnam

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

External Supplier Control Obligations. Cyber Security

Summary of Cyber Security Issues in the Electric Power Sector

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

2015 VORMETRIC INSIDER THREAT REPORT

Public Sector Cyber Security Series

2018 Edition. Security and Compliance for Office 365

Advanced IT Risk, Security management and Cybercrime Prevention

Building Resilience in a Digital Enterprise

CYBER RESILIENCE & INCIDENT RESPONSE

STRATEGIC PLAN. USF Emergency Management

PISMO BEACH COUNCIL AGENDA REPORT

DATA BREACH NUTS AND BOLTS

White Paper. How to Write an MSSP RFP

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

Transcription:

Information Technology Shared Service Team North Dakota Cyber Security Across North Dakota Threats and Opportunities 15 September 2018 EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

AGENDA SIRN / FirstNet / Network Backbone Cyber Security

Procurement Events Date RFP Issued 11/6/17 Deadline for receipt of proposals 2/15/18 COURAGE Financial Item Fiscal Note: HB 1178 Projected Biennium Revenue Value $9.6 M $7.5-8M Revenue in Fund $4M Expenses Incurred $49,974.53 Loan Value Zero Approximate initial evaluation completion 3/9/18 Demonstrations and presentations 3/19/18 3/23/18 Best and Final Offer(BAFO) Issued 4/23/18 BAFO Response Due 6/6/18 SIRN Governance Approval to proceed to negotiations phase 7/24/18 Public Safety Radio Challenges: COVERAGE INTEROPERABILITY CHALLENGES AGING INFRASTRUCTURE Currently in contract negotiation phase Intent to award objective 12/2018 HB 1178: Public Safety Mission Critical Voice

FirstNet is HERE and AVAILABLE TODAY COURAGE 3G / 4G / 5G services available for Emergency Responders Priority and Preemption is available today Things to be Aware of ~80% of the state has 4G, but 0% 5G today 40 new towers being built Coverage is expanding constantly however, CHECK COVERAGE BEFORE LEAPING IN

Major Network Backbone Upgrades for all Government COURAGE 20 x 100 times faster than most communities have available today Installs in progress, to be completed July 2019

North Dakota Cyber Situation Overview

The threat landscape has significantly changed over recent years, driven by state-actor industrialized hacking, and increasing government complexity: Then the old way Now Build a perimeter defense Security culture focus System focus Monitor everything / Data Focus Assume the inside is good and outside is bad Defense-in-depth Fantasy of 100% compliance with zero-risk Lock the house, and the car, and the safe

THREATS Complexity of Cyber Attack Capabilities are Growing (2016 Survey) High Foreign state sponsored cyber espionage Insecure codes Cyber terrorism Cyber warfare Government IMPACT: trust Cost to protect Legal/ regulatory Critical infrastructure Low DATA IN SECURE BUSINESS SYSTEMS Mainframe systems Internetworking Network attacks Emergence of open systems Hackers Data breach INTERNET ACCESS AND HIGHLY CONNECTED SYSTEMS Online access to citizen data Advances in internetworking self service Cyber crime Identity theft Critical infrastructure attacks Malware ACCESS ANYWHERE & ANYTIME Integrated online eligibility systems Big data Cloud Mobile DATA EVERYWHERE; USER EXPERIENCE DRIVEN Wearable technology Unmanned vehicles Internet of things Smart devices Drones (UAS) Artificial intelligence Mobile payment Electric grid Critical Infrastructure Etc. 1990s 2000s 2010-2014 Now Distributed systems are significantly harder to protect against escalating threats 42+ organizations in the US had over 1,000,000 records stolen in 2017

Complexity of Data in North Dakota

COURAGE Bad actors are targeting North Dakota We have things they want Social hacktivism with events like Dakota Access Pipeline North Dakota s IT Shared Service has defended against in the last 6 months 34,000,000 Vulnerability attacks 3,300,000 Denial of Service attacks 88,000,000 Spam and Phishing Messages 1,300 0-Day Attacks (attacks with no fixes yet) State-sponsored Hacktivist Criminal

Specifics: High Concern K-12 Items K-12 Malware: Double Pulsar Infection Indicators of threat from North Korea and other nation states identified Over 1/3 of ND schools infected with Double- Pulsar malware just one of many malware threats

COURAGE Communities are being targeted in 2018 Atlanta Ukraine Millions in losses services impacted 230,000 people left without power Municipal Railway Water treatment systems Energy production centers Iron ore furnaces City-wide emergency alarms Electronic construction signs Malware In 2017 San Francisco Attacks against North Dakota Communities Detected by State Cyber Team July 2018 Political Sub Division ATTACKS: 178k CITY THREATS: 66k (Scans, Malware, Vulnerabilities ) COUNTY THREATS: 111k (Scans, Malware, Vulnerabilities ) Most Common Types of Malicious Traffic VULNERABILITIES: 70k MALWARE DETECTED: 54k SPYWARE: 68k SCANNED: 103k

Considerations Moving Forward

Challenges ~50% of the population has had some data breached over the past year Average salary for a Cyber Security Professional is $116,000 annually Unemployment rate for Cyber is ~0% The market for Cyber related jobs is expected to increase by ~1,800,000 people over the next handful of years We need to think differently

What do we need to do?

Mitigations Strategic Operational force Move to a whole of Government approach across Cyber Align with private partners SECURE Establish risk-prioritized controls to protect against known and emerging threats, and comply with standards and regulations Educate Kindergarten through PHD DEFEND Create situational risk and threat awareness across the environment to detect violations and suspicious behavior RESPOND Develop a capability to handle critical incidents, quickly return to normal agency operations, and repair damage to the State

Summary Looking Forward Cyber Security requires a Whole of Government Approach The 21 st Century force must be Cyber educated We need to encompass all 252,000 users on the network (including K-12, Higher-Ed, Political Subs, etc.) ND IT is working through options to bring forward and accomplish this May require: Changes to Century Code Dedicated Cyber security funding / bodies Cyber Security minimum standard enforcement across StageNet CYBER SECURITY Plan RESPOND

Questions & Appendix 18

Centralized Cyber Spending & Staffing Benchmark Paragraph One Two Three The State of North Dakota s Annual Revenue for 2017 was $6.428B IT Spend for 2017 Was $157.235M (~2.4% of Revenue) Percent of ITD budget spent on security Percent of ITD staff focused on security IT security spend by functional area 6.2% 5.0% ~1.4% 5.9% 7.8% 2.9% Operational Infrastructure Security 52% 24% State/Local Government 7 Vulnerability Mgt. & Analytics 12% Application Security 12% GRC Published Average 1 State / Local Government 2 State of North Dakota 3 Published Average 4 State / Local Government 5 State of North Dakota 6 Data Unavailable For State The State of North Dakota s Historical Spend (SFY-2014 SFY-2017) State Fiscal Year - 2014 Annual Revenue: $8.667B *IT Spend: $100.01M / 1.15% State Fiscal Year - 2015 Annual Revenue: $7.918B *IT Spend: $105.63M / 1.33% State Fiscal Year - 2016 Annual Revenue: $5.645B *IT Spend: $168.82M / 2.99% Only 1 FTE is centrally dedicated to Cyber Security in K12 environment and most districts have well intended IT folks, but not trained cyber professionals

Day to Day Cyber Defense SECURE Establish risk-prioritized controls to protect against known and emerging threats, and comply with standards and regulations DEFEND Create situational risk and threat awareness across the environment to detect violations and suspicious behavior RESPOND Develop a capability to handle critical incidents, quickly return to normal agency operations, and repair damage to the State People Fixes Align all state cyber security teams closer Engage force opportunities Process & Policy Fixes Cyber Security Minimum Standard Public / Private Partnership Technical Fixes Building out network segmentation Managing application vulnerabilities Strategic Operational CYBER SECURITY Plan RESPOND force

The Challenge of IT and Information Security ITD Security collaborated with (18) cabinet Agency Stakeholders (e.g., Agency Directors, IT Coordinators and Security Coordinators) and ITD. Through our workshop discussions we noted the following themes: Why IT and information security is challenging and innovation The solutions and process we implement to improve value and services to our citizens may also create, or exacerbate cyber and information risk (e.g., adoption of new technologies, offering new services and developing new service delivery models) Sharing information is imperative The State, its agencies, vendors and most importantly, our citizens are connected using technologies designed to share information not protect it. We have an obligation to secure the information our citizens share with us and as a State, we share with each other. People must be trusted The Sate and every agency rely on people and business partners whom we trust to help us deliver world class service to our citizens every day. Therefore, we must focus on delivering security services that will help the State effectively Secure, Defend and Respond to cyber attacks SECURE Establish risk-prioritized controls to protect against known and emerging threats, and comply with standards and regulations DEFEND Create situational risk and threat awareness across the environment to detect violations and suspicious behavior RESPOND Develop a capability to handle critical incidents, quickly return to normal agency operations, and repair damage to the State 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback