View
218
Download
4
Category
Preview:
Citation preview
`
Cyber Attacks & Breaches
“It’s not if, it’s When”
IMRI Team | Aliso Viejo, CACopyright © 2016 IMRI. All rights reserved. Proprietary Information
Copyright © 2016 IMRI. All rights reserved. Proprietary Information
Data Center/Cloud Computing/Consolidation/Operations • 15 facilities, 4 million users, 2800 applications
• 22 Savings & Loans operations with merger of $2 billion in assets
• Manages over $300 million in High Performance Computing operations
• Managed and delivered multi-million dollars of enterprise technology services for utility companies
Cyber Security • Supports the largest information network in world with over 1500 networks and 7 million devices
• Engaged with U.S Army Network Enterprise Technology Command, Missile Defense Agency,
U.S Army Corps of Engineers, DISA
• F.E.M.A network security and perimeter defense and 3rd party verification and validation
• U.S Unified Combatant Commands and Army Regional Cyber Centers worldwide
TelecommunicationsTrusted advisors to the FirstNet leadership team providing wireless public safety expertise and
professional services support for United States first high speed wireless broadband nationwide network
for first responders solely to police, firefighters, emergency medical service professionals and other public safety officials
Trusted Leader with Solution Oriented Results Since 1992
Copyright © 2016 IMRI. All rights reserved. Proprietary Information
Why is Federal Government Focused on Cyber?
• State-sponsored hacking is pervasive and difficult to detect and prevent
• Many attacks target intellectual property from the private sector • Stopping state-sponsored IP theft is a “top U.S. national security priority”
• Large-scale data breaches can have a negative impact on the economy as a whole
• 3 million known cyber attacks on DoD networks per month or 100,000 attacks per day
• DoD’s cyber focus causes 99.9% of attempted attacks fail• 100 per day are successful
• DHS US-CERT provides up-to-date information on current cyber security activity, new vulnerabilities and tips on security issues facing the general public
• Helps organizations and companies shore up their defenses and catch potential vulnerabilities before they are exploited by hackers
Copyright © 2016 IMRI. All rights reserved. Proprietary Information
It is in the United States’ best interest to Focus on Cybersecurity
Copyright © 2016 IMRI. All rights reserved. Proprietary Information
Challenges in Manufacturing:Indiscriminate internetworking (IOT)Connected networks that operate at different levels of trustIndustry believes that Firewalls are enoughBugs in software allowing for easy entry for malicious activityOnly 80% of the network is known, 20% is “unknown”
Cyber Attacks in Manufacturing
Software bugsFailed firewallsLack of vendor management
Copyright © 2016 IMRI. All rights reserved. Proprietary Information
What You Should Know About DoD Security and Compliance
• DFARS §252.204-7012 resulted from increased cyber espionage where adversaries stole sensitive government information—often from a contractor or subcontractor.• Requires all DoD contractors to comply with NIST security controls• Minimum cybersecurity standards cover 14 areas as described in NIST 800-171 • Full compliance required by December 31, 2017
Copyright © 2016 IMRI. All rights reserved. Proprietary Information
DoD relies upon contractors to carry out a wide range of missions and shares sensitive data with them. Inadequate safeguards threaten America’s national security and put service members’ lives at risk.
New DFARS cybersecurity regulations are demanding, especially for small businesses, but solutions exist.
• DoD contractors must adhere to two basic cybersecurity requirements:1. Provide adequate security to safeguard covered defense
information from unauthorized access and disclosure
2. Rapidly report cyber incidents and cooperate with DoD to respond
Copyright © 2016 IMRI. All rights reserved. Proprietary Information
Vulnerability Points
•Unused telephone line –war dialing
•Use of removable media
• Infected Bluetooth enabled devices
•Wi-Fi enabled computer thathas Ethernet connection to SCADA system
• Insufficiently secure Wi-Fi
•Corporate LAN /WAN
•Corporate web server email servers internet gateways
Typical Ecosystem
Securing the Ecosystem – IMRI’s Approach
Copyright © 2016 IMRI. All rights reserved. Proprietary Information
Understand the
strengths &
weaknesses of
current cyber
security
arrangements
Identify
critical assets
Understanding
what you are
Protecting
What Can You Do Now?
Develop a cyber
security roadmap
Detect, Protect, and Prevent
Copyright © 2016 IMRI. All rights reserved. Proprietary Information
`
THANK YOU!Please visit us www.cytellix.com
Call (949) 215-8889
Email info@cytellix.com
IMRI Team | Aliso Viejo, CACopyright © 2016 IMRI. All rights reserved. Proprietary Information
Copyright © 2016 IMRI. All rights reserved. Proprietary Information
Recommended