Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
0
Briefing on Cyber SecurityAdministration CommitteeApril 28, 2020
Julius SmithVice President, Chief Information Officer
1
Cyber Security Overview
• Introduction
• The Threat Landscape
• DART Cyber Security Program
• Defensive Steps
2
Digital DART
Cloud
End Users
ITS/IVC
Network Infrastructure
Applications/Databases
Headquarters
The
Big
Pic
ture
The Threat Landscape
FBI Cybercrime Stats
High Profile Breaches
COVID-19 Impact
4
FBI Crime Complaint Center 2019 Statistics
IC3 = Internet Crime Complaint Center
1
2
3
4
5
Threat Landscape & Recent Cyber Security Attacks
Source: https://www.identityforce.com/blog/2020-data-breaches
High profile breaches January 2020 to April 2020
6
COVID-19 Exploited by Malicious Cyber Actors
The COVID-19 pandemic is changing everyday life for workers across the globe. We continue to see attackers take advantage of the coronavirus situation to lure unsuspecting users into various pitfalls such as phishing, fraud, and disinformation campaigns.
• Phishing, using the subject of coronavirus or COVID-19 as a lure
• Malware distribution, using coronavirus- or COVID-19- themed lures
• Registration of new domain names containing wording related to coronavirus or COVID-19
• Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.
7
Account Hijacking on the RiseAccount hijacking is prevalent and fast-growing affecting organizations’ user accounts and application access as well as individual users personal accounts and identity.
• Hijacking by Phishing deceives users into providing their user-names, passwords, and account numbers via deceptive e-mails, fake Web sites, or both
• Hijacking with Spyware works by inserting malicious software, often referred to as “spyware,” on a person’s computer
• Most organizations haven’t implemented Multi-Factor Authentication to mitigate account hijacking risks
8
COVID-19 Remote Work• Ensure meetings are private, either by requiring a password for entry or controlling guest access
from a waiting room
• Do not share a link to a teleconference
• Consider security requirements when selecting vendors
• Ensure VTC software is up to date
• Employees should continue to be wary of unsolicited emails they receive that contain attachments or embedded links relating to the pandemic
• Using secure Virtual Private Network (VPN) connections with multi-factor authentication structures
• We have worked to safeguard the remote workforce to share data securely
• Launched updated Cyber Security Awareness Training
9
DART Cyber Security Program
Principles
Security Strategy
Risks Domains
10
Principles
“DART approaches cyber security as an enterprise-wide risk management issue, not just an IT issue.”1
“We understand the legal implications of cyber risk as they apply to the Agency’s specific circumstances.”2
“DART leadership sets adequate access to cyber security expertise, and discussions about cyber risk management on the cyber security governance council meeting agenda.”3
“DART leadership sets the expectation that management will establish an enterprise-wide cyber-risk management framework.”4
“Cyber risks discussions will include identification of which risks to avoid, which to accept, and which to mitigate or transfer through insurance, as well as specific plans associated with each approach.”5
11
Security Strategy Considerations
BUSINESS PLAN
THREATS REVIEW
GOVERNANCE
VISION STATEMENT
GAP ANALISYS
PRIORIZATION
DEPARTMENTS TECH
STRATEGY
COOP & BUSINESS
CONTINUITY
ECOSYSTEM MONITORING
National Institute of Standards and Technology Cyber Security Framework
12
Data, Technology, and Physical Security Risks Domains
Information Technology
Security
Operational Technology
Security
Health, Safety, Environmental
Product/Service Management
Security
Supply Chain Security
Head of Info/Network
Security
Data Security
13
Defensive steps
Our People
Security Response
Security Updates
14
First line of defense our people..• Deployed the updated 2020 DART
Computer-Based Cyber Security Training
• Bus and Rail Operators Cyber Security Training
• Cyber Security Campaigns
• InfoStation Communications
• Email on Threat Landscape
• Password complexity and new password portal
• Multi-Factor Authentication
• Identity Management
• Physical Security
15
Security Response
Classification ResponseEVENTAn event is an observed change to the normal behavior of a system, environment, process, workflow or person. Examples: router access control lists (ACLs) were updated, firewall policy was pushed.ALERTAn alert is a notification that a particular event (or series of events) has occurred, which is sent to responsible parties for the purpose of spawning action. Examples: the events above sent to on-call personnel.INCIDENTAn incident is an event that negatively affects the confidentiality, integrity, and/or availability (CIA) at an organization in a way that impacts the business. Examples: attacker posts company credentials online, attacker steals customer credit card database, worm spreads through network.
Through security tools and automated correlation engines the security events were reduced to
actionable and addressed 2,049 alerts
Managed Security Service Provider (MSSP) Level 1 Security operations Center (SOC)
mitigated 1415 of the alerts
634 alerts were escalated from MSSP to DART Level 2 & 3 SOC
For the first quarter of 2020, DART observed 7,977,813 security events
SECURITY OPERATIONS
16
Security Updates
VENDOR MANAGEMENT & RISKS REVIEWS-Vendor management audit completed. Updating processes and procedures.
PAYMENT CARD INDUSTRY DATA SECURITY AUDIT -Completed Recertification March 2020
-Awarded Report of Compliance (ROC)
-Awarded Attestation of Compliance (AOC)
CYBER & DATA GOVERNANCE-Focused on policy, standards, and governance execution
APPLICATIONS & ARCHITECTURE -Routine applications, operating systems, and hardware updates
-Patch Management
-Multi-factor Authentication
- Multiple Virtual Private Network (VPN) Solutions
01
02
03
04
17
Designing Secure Solutions
Security-led projects to enhance and/or implement new safeguards
Review of software applications and security architecture of other departmental and inter-departmental projects
Review of virtual conference rooms, new cloud applications and providers through vendor security management process
Technology Network Security Operations section is involved in multiple “secure-by-design” architecture initiatives.
Multi-factor authentication (MFA) method in which a computer user is granted access only after successfully presenting two or more pieces of evidence
18
Thank you