Homeland Security

Cyber Strategies & Resources for Resiliency

Spring Directors Conference 2013

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

Richard C. BaronExecutive Director

Ohio Homeland SecurityHomeland Security Advisor to Ohio

What Does Cyber Threat Mean

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

Risk = Threat X Vulnerability X Consequence

Vulnerability= What is the vulnerability

Consequence = What is the consequence

Threat = What is the threat

Risk = What is at risk

Cyber Space

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

.com/.net/.org

.mobi/….

Public/Corpoate

Domain

.mil

Military

Domain

.gov/.usGovernmental Domain

Cyber Environment

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

Cyberspace is where the Nation stores its treasure (intellectual property) and its wealth (money)

Benefits:

• National security

• Economic competiveness

• Public safety

• Civil liberties & privacy

Information Layer

Physical Infrastructure

Geographic Layer

People

Cyber Identity

Source U.S Cyber Command

Changing Environment

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

Source U.S Cyber Command

• Unprecedented rate of change - Consumerization of IT technology

• Mobile Computing• Rapidly expanding environment with companies not focused on

the threats• BYOD – Bring your own device (to work)

• Adoption of the “cloud computing” model• Social Networks• Geographical Information Systems (GIS)

• Integrated real time sensors, telemetry and resource tasking• Multiple sources of data

• Deliberate attacks from Viruses/malware exploiting the changing landscape

Threat Actors

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

Source U.S Cyber Command

TERRORIST ACTS

CRIMINALELEMENTS

HACKTIVISTS

FOREIGNINTELLIGENCE SUPPLY CHAIN

VULNERABILITY

WIRELESS ACCESS POINTS

REMOVABLE MEDIA

NEGLIGENT USERS

INSIDER THREATS

THREAT ACTORS THREAT VECTORS

Focus of CYBER Security

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

People Systems

9

Rick’s Rules #1

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

Source U.S Cyber Command

The time to plan is not at the time of

crisis!

10

Rick’s Rules #2

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

The event causing the crisis de jour was most likely not an event that could or

was not anticipated!

11

Gordon Graham’s Rule of Risk Management

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

If it is predictable its preventable!

12

Significant Trends (Targets – U.S. “vital services”)

Source U.S Cyber Command

UNCLASSIFIED

Exploitation Disruption Destruction

(U//FOUO) Operation Black Summer (#OpBlackSummer) – Orchestrated by hacktivists groups Tunisian Cyber Army (TCA) and the Al Qaeda Electronic Cyber Army. The premise of the operation is to hack into varied U.S. systems, steal information, and release the information in a large data release on 11 September 2013. Main start-date is 31 May 2013.

Examples of the areas already targeted and hacked – U.S. State Department, Army National Guard, Custom and Border Protection, etc.)

Tactic used – SQL injection vulnerabilitiesSub-operation for #OpBlackSummer is called #FridayOfHorror, and usually targets one area following Friday prayer (ex: aviation systems, financial sector, etc.)TCA infiltrated a State of Ohio agency workstation in Chillicothe, OH 19 April 2013. This is currently being investigated by OSP.

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

13

Significant Trends (VOIP)

Source U.S Cyber Command

UNCLASSIFIED

(U//FOUO) Telephony Denial of Service (TDoS) – An international issue that involves the flooding of telephone systems from digitalized calls, usually targeting Voice over IP (VoIP) systems. The caller uses a spoofed number, and is usually located overseas in areas such as India. Result of intentional generation of illegitimate computer-generated phone traffic targeting a victim’s phone systemsSome leverage Voice Over Internet Protocol (VOIP) telephone equipmentHas the potential to significantly disrupt legitimate telephone call volume and impact continuity of operations

• Scheme: Payday loan scam or employee debt

• Targets: Public sector entities, including PSAPs, emergency communication centers, and businesses targeted

Exploitation Disruption Destruction

14

Significant Trends (VOIP)

Source U.S Cyber Command

UNCLASSIFIED

Ohio Incidents: • Ohio: Nov 2011 – 3 hospital lines flooded,

• Reported in February from Mentor Police Department (Cleveland) – Payday scamLE involved in business call, victim called local PD Then flooded police and fire emergency lines – 5 minutes

• February: Dublin local business received harassing phone calls of employee debt, threatening legal action called 40 times in 2 days.

• Brunswick city school system, Feb 2013 Payday loan scam “lit up all their phones” – VOIP for 2 days, hit off and on.

Exploitation Disruption Destruction

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

Presidential Executive Order 21

Policy

It is the policy of the United States to strengthen the security and resilience of its critical infrastructure against both physical and cyber threats. The Federal Government shall work with critical infrastructure owners and operators and SLTT entities to take proactive steps to manage risk and strengthen the security and resilience of the Nation's critical infrastructure, considering all hazards that could have a debilitating impact on national security, economic stability, public health and safety, or any combination thereof. These efforts shall seek to reduce vulnerabilities, minimize consequences, identify and disrupt threats, and hasten response and recovery efforts related to critical infrastructure.

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

1. Develop a State Cybersecurity Strategy,2. Appoint a Cybersecurity Committee3. Request and receive regular security briefings4. Practice cyber incident response5. Request attorneys review current IT contracts with vendors for security provisions.6. Ensure that hardware and software are being procured in a “secure manner.”7. Request attorneys review contractual relationships with third party service providers8. Use Multistate Information Sharing and Analysis Centers (ISACs) for intrusion detection and prevention, vulnerability scanning, penetration testing, and training and education services.9. Ensure that security and procurement/acquisition staff receive training and resources10. Identify business continuity and disaster recovery initiatives11. Work with law enforcement to prioritize cybersecurity.12. Use convening authority to raise statewide awareness.

Twelve Steps Governors Can Take to Improve Cybersecurity

Cybersecurity, Education, & Economic Development Council

121.92 Cybersecurity, education, and economic development council.

(A) There is hereby created the cybersecurity, education, and economic development council.

(G) The council shall conduct a study and make recommendations regarding both of the following:

(1) Improving the infrastructure of the state's cybersecurity operations with existing resources and through partnerships between government, business, and institutions of higher education;

(2) Specific actions that would accelerate growth of the cybersecurity industry in the state.

OHS Strategic Plan

Protection

Goal 3: Reduce risk to statewide infrastructure by implementing the National Infrastructure Protection Plan andeach of the supporting Sector Specific Plans where applicable. Risk reduction programs will address cyber, human, and physical security.

Cyber attacks often occur unnoticed, disrupting commerce and costing an estimated total of $46–70 billion in losses across the U.S.

OHS Cyber-Security Strategy

Initiative 1: Share cyber security threat information across the homeland security enterprise.

Initiative 2: Create a cyber security culture in state and local government.

Initiative 3: Partner with the public and private sectors to support their cyber security efforts.

Initiative 4: Identify cyber resources (human and equipment) to leverage for creating cyber incident response teams.

Initiative 5: Raise cyber security awareness across Ohio.

Resources Personal & Business Information

Resources Public Sector Monitoring

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

Source U.S Cyber Command

21

IT-ISAC members participate in national and homeland security

efforts to strengthen the IT infrastructure through cyber

information sharing and analysis.

Information Technology ISAC

(IT-ISAC)

In February 2010, the Department of Defense (DoD), DHS, and the

FS-ISAC launched a pilot designed to improve the sharing

of sensitive, actionable information.

Financial Services ISAC

(FS-ISAC)

The MS-ISAC provides a common mechanism for raising the level of

cybersecurity readiness and response in state, local, tribal, and

territorial (SLTT) governments.

Multi-State ISAC

(MS-ISAC)

22

Resources – SAIC Daily Briefing

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

U N C L A S S I F I E D F O R O F F I C I A L U S E O N L Y

Source U.S Cyber Command

UNCLASSIFIED

23

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

24

Resources – SAIC Daily Briefing

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

Questions & Discussion

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY

?

Contact Information

U N C L A S S I F I E D / F O R O F F I C I A L U S E O N LY