Ron FordRegion 1 Cybersecurity Advisor – New England

Cyber Resilience during

COVID-19

CISA ROLE

Risk Management during COVID-19

Best Practices

We are the Nation’s Risk AdvisorsCISA leads national risk management for cyber and physical infrastructure

6

CISACybersecurity Advisor Program

7

CISA mission: Lead the collaborative national effort to strengthen the security and resilience of America’s critical infrastructure

In support of that mission, Cybersecurity Advisors (CSAs):

• Assess: Evaluate critical infrastructure cyber risk.

• Promote: Encourage best practices and risk mitigation strategies.

• Build: Initiate, develop capacity, and support cyber communities-of-interest and working groups.

• Educate: Inform and raise awareness.

• Listen: Collect stakeholder requirements.

• Coordinate: Bring together incident support and lessons learned.

Cybersecurity Advisor Program

CSA Deployed Personnel

8

CSA Offices

Contact cyberadvisor@cisa.dhs.gov

HomelandSecurity Office of Cybersecurity and Communications

9

CISA Insights on COVID-19

• Risk Management for Novel Coronavirus (COVID-19)

• This product is for executives to help them think through physical, supply chain, and cybersecurity issues that may arise from the spread from of COVID-19.

• What’s in this guide:• Actions for Infrastructure Protection • Actions for your Supply Chain • Cybersecurity for Organizations • Cybersecurity Actions for your Workforce and Consumers

• To stay current with CISA’s efforts regarding the COVID-19, visit: cisa.gov/coronavirus.

10

CISA Cyber Essentials

• Cyber Essentials Toolkit: https://www.cisa.gov/cyber-essentials

• National Cyber Security Alliance: www. staysafeonline.org

• Hybrid work models may be possible where some workers may work on-premise and off-premise.

• Telework capability has certainly become extremely important during COVID-19 and stress-tested organizations’ capabilities on IT deployment, workload, and management as well as addressing security challenges.

11

Cyber Threat Landscape

11

12

Ever Expanding Attack Surface

HomelandSecurity Office of Cybersecurity and Communications

13

Cyber Threat Landscape

• May 23, 2020: Joint Announcement on Chinese Govt Targeting of COVID-19 Research Organizations,

• May 13, 2020, CISA updated the Cyber Resource Hub, which list free and available cybersecurity assessments

• May 12, 2020: CISA and the FBI published Cyber Alert (AA20-133A), Top 10 Most Exploited Vulnerabilities between 2016-2019

*The Health Sector is especially vulnerable to cyber threats

§ Ransomware§ Phishing Campaigns & Business E-mail Compromise§ Lack of Software Patching§ Misconfiguration of Technology§ Supply Chain (Hardware, Software, Cloud Services)§ Advanced Persistent Threats (Organized, Well-funded, Highly-capable

Groups)§ Internet of Things (IoT)§ Insider Threats (Intentional & Unintentional)§ Weak Passwords

*All listed will increase the likelihood of a compromise or service disruption.

Most Common Cyber Threats

15

Cybersecurity and Resilience

15

16

• Consider your health.

• How do you become healthy?• Can you buy good health? • Can you “manufacture” good

health?

• You can’t buy it in a product.

• Good health and resilience are both emergent properties.

• They develop – or emerge – from what we do.

Resilience Emerges From What You Do

17

• Periodic assessments are essential for resilience, helping you:

• Measure your cybersecurity efforts• Manage improvements over time

Criticality of Periodic Assessments

18

Working toward Cyber Resilience

Follow a framework or general approach to cyber resilience. One successful approach includes:

IdentifyServices

Create Asset Inventory

Protect & SustainAssets

Manage Disruptions

Exerciseand Improve

Identify and prioritize services

Identify assets and align assets to services and inventory assets

Establish risk management, resilience requirements, control objectives, and controls

Establish continuity requirements for assets and develop service continuity plans

Define objectives for cyber exercises, perform exercises, and evaluate results

Process Management and Improvement

19

CISA Cybersecurity Services

19

20

Sampling of Cybersecurity Offerings

Preparedness Assistance:

• Cybersecurity Advisors• Advisory Services• Assessments• Working group collaboration• Best Practices • Incident assistance coordination

• Protective Security Advisors • Assessments• Incident liaisons between government and

private sector• Support for National Special Security

Events

21

• Cyber Resilience Review (Strategic)

• External Dependencies Management (Strategic)

• Cyber Infrastructure Survey (Strategic)

• Cybersecurity Evaluations Tool (Strategic/Technical)

• Phishing Campaign Assessment (EVERYONE)

• Vulnerability Scanning / Hygiene (Technical)

• Validated Architecture Design Review (Technical)

• Risk and Vulnerability Assessment (Technical)

Range of Cybersecurity Assessments (Voluntary & No-Cost to You)

TECHNICAL(Network-Administrator Level)

STRATEGIC(C-Suite Level)

Tech

nica

lSt

rate

gic

22

BEST PRACTICES

Leadership Must OWN the Issue

Good Cyber Hygiene – Blocking and Tackling

Risk Management –What Can I Accept?

Balance Security, Mission and Privacy

Be Prepared –EXERCISE

Defend and Continue to Operate

Leverage Relationships

MAKE YOUR OWN LUCK!

QUESTIONS?

Contact UsReport Cyber Incidents:DHS/CISA24/7 Line: 888-282-0870Central@cisa.govhttps://www.us-cert.gov/report

MS-ISAChttps://www.cisecurity.org/ms-isac/24/7 Line: 866-787-4722soc@cisecurity.orghttps://www.cisecurity.org/isac/report-an-incident/

24

Ron FordDHS/CISA Cybersecurity Advisor Region 1 - New EnglandRon.Ford@cisa.dhs.govcyberadvisor@cisa.dhs.govwww.cisa.gov/cybersecurity