Cybersecurity: Operating in a Threat Laden World. Christopher Buse, Assistant Commissioner & CISO

Similar documents
National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018

Cybersecurity for Health Care Providers

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Healthcare HIPAA and Cybersecurity Update

CYBER SECURITY AIR TRANSPORT IT SUMMIT

ISACA West Florida Chapter - Cybersecurity Event

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Statement for the Record

Cyber Security Program

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Cybersecurity for Service Providers

Business continuity management and cyber resiliency

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

CYBER RESILIENCE & INCIDENT RESPONSE

Bad Idea: Creating a U.S. Department of Cybersecurity

Cyber Resilience. Think18. Felicity March IBM Corporation

e:

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

Cybersecurity and Hospitals: A Board Perspective

Copyright 2016 EMC Corporation. All rights reserved.

RSA NetWitness Suite Respond in Minutes, Not Months

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

HEALTH CARE AND CYBER SECURITY:

HOSTED SECURITY SERVICES

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Todd Sander Vice President, Research e.republic Inc.

Automating the Top 20 CIS Critical Security Controls

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

ACM Retreat - Today s Topics:

Changing the Game: An HPR Approach to Cyber CRM007

Cybersecurity. Securely enabling transformation and change

Cybersecurity Survey Results

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

If you were under cyber attack would you ever know?

CONE 2019 Project Proposal on Cybersecurity

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Managed Endpoint Defense

Ransomware A case study of the impact, recovery and remediation events

The New Era of Cognitive Security

Cybersecurity & Digital Privacy in the Energy sector

The UK s National Cyber Security Strategy

Directive on Security of Network and Information Systems

Protecting your next investment: The importance of cybersecurity due diligence

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Express Monitoring 2019

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Introducing Cyber Observer

Cybersecurity The Evolving Landscape

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Cyber Hygiene: A Baseline Set of Practices

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

LOA CYBER DISCUSSION. Mr Bob Picket Joint Staff J-4 19 October 2015 UNCLASSIFIED

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Digital Health Cyber Security Centre

An All-Source Approach to Threat Intelligence Using Recorded Future

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

End-to-End Trust, Segmentation and Segregation in the IIoT

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces

Cybersecurity Fundamentals Paul Jones CIO Clerk & Comptroller Palm Beach County CISSP, ITIL Expert, Security+, Project+

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

K12 Cybersecurity Roadmap

Cyber Resilience - Protecting your Business 1

GOVERNMENT IT: FOCUSING ON 5 TECHNOLOGY PRIORITIES

Cyber Security Technologies

Rethinking Information Security Risk Management CRM002

align security instill confidence

U.S. Customs and Border Protection Cybersecurity Strategy

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

DDoS MITIGATION BEST PRACTICES

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Chapter X Security Performance Metrics

with Advanced Protection

Transcription:

Cybersecurity: Operating in a Threat Laden World Christopher Buse, Assistant Commissioner & CISO

The Internet is Way Cool

Over 6.4 Billion Internet Things Smart lights controlled using a smartphone app or via the web, as can fans, hot tubs, water pumps, thermostats, even door openers Smart TVs connect to the Internet for web browsing, image sharing, gaming, or watching streaming video Today s cars are computerguided and wirelessly connected via Bluetooth, GPS, radio protocols Smart fridge can track what it stores, alerting when products expire, & even add items to smartphone shopping list Personal medical devices can be implantable or external & allow remote monitoring / treatment Security cameras & systems can be remotely armed & checked, get alerts or review your security feeds from any location F-35 fighter jet has a highly advanced computerized logistics system designed to minimize repair and re-equipping turnaround times by monitoring the plane s status and preemptively making service decisions so that ground crews are ready to go before the plane even lands Sources: Gartner, Forbes, Vice, Cisco IBSG, University of Michigan, ABC News, Qmed, Network World

Not Long Ago Computers Were Big Apollo Guidance Computer IBM System/360 Model 75 2 MHz processor 4 kb RAM 75 kb Storage Weight: 70 lbs 6 MB (6,000 kb) program Source: https://en.m.wikipedia.org/wiki/apollo_guidance_computer

Massive Capacity Roughly 42,000 times more capacity than it took to put humans on the moon Source: https://en.wikipedia.org/wiki/iphone

There is a Dark Side

Unprecedented Cyber Threats the increasing prevalence and severity of malicious cyberenabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. I hereby declare a national emergency to deal with this threat. --- President Barak Obama Fraudsters Hacktivists Nation States THEFT DISRUPTION DESTRUCTION ADDITIVE MOTIVATION PROGRESSION LINE

Exponential increases in hacker activity Billions in losses Well-Funded Adversaries 8

Threat Landscape 90% Hacks perpetrated by external actors 60% Systems compromised within minutes 75% Initial compromises spread within 24 hours 50% New vulnerabilities became full exploits in less than 30 days 70 90% Malware samples are unique to an entity More Threats More Targeted More Sophisticated

Government is Behind

Timeline of State Governments at Risk 2010 2012 2014 2016 A call to secure citizen data and inspire trust A call for collaboration and compliance Time to move forward Turning strategy and awareness into progress

Leaders Overestimate our Capabilities Confidence in Ability to Protect Against External Attacks State officials 66% CISOs 27%

Our IT Model is Tough to Defend

Lack of Resources is Biggest Problem

What Does This Mean for Minnesota?

Microcosm of the National Scene Spend less than 2% of total IT spend Service delivery gaps Attack surface that is difficult to defend Legacy systems with outdated technologies

Success Indicators Executive commitment: Security is #1 priority Solid planning foundation Talented staff that work together Wins under our belt

Cybersecurity Foundation Service Delivery Model Policies and Standards Strategic Plan

Strategic Plan 18 core strategies 5 year aspirational goals 2 year milestones Extensive vetting

Theme #1: Build Secure Systems

Security Engineering Integrated system development Specialized security tools System security plans Risk communication

Secure Datacenters 24*7*365 staffing Physical security Consistent and frequent patching Enterprise security program tools and processes

Secure Network Advanced monitoring tools Strong perimeter protection Data loss prevention

Theme #2: Improve Situational Awareness

Risk Management Ongoing application risk assessments Cybersecurity risk scorecards Cybersecurity insurance

Training General awareness training Targeted training Executive awareness

Theme #3: Minimize Operational Risk

Denial of Service Streamline mitigation processes Prepare for massive attacks

Vulnerability Management Find exploitable vulnerabilities faster Reduce time to remediate

Monitoring 24*7*365 coverage Advanced monitoring tools Faster incident response and forensics

Disaster Recovery Testable recovery strategies Exercise viability of plans

Theme #4: Foster Strategic Partnerships

Talent College talent feeder program Scholarship for Service

Threat Intelligence More intelligence feeds Local government coordination

What does this mean for Minnesota? It s time to execute.

Thank you! Chris.buse@state.mn.us @BuseTweet

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback