Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WA DGS 16 presentation - Cyber Threats and Motivations - by Aaron Brown-Peter F. Cipriano-Tony Gillespie


Published on

WA DGS 16 presentation - Cyber Threats and Motivations - by Aaron Brown-Peter F. Cipriano-Tony Gillespie

Published in: Government & Nonprofit
  • Be the first to comment

  • Be the first to like this

WA DGS 16 presentation - Cyber Threats and Motivations - by Aaron Brown-Peter F. Cipriano-Tony Gillespie

  1. 1. Cyber Threats and Motivations Aaron Brown Office of Cyber Security
  2. 2. Washington State’s Border Firewalls: 243 Million Blocks Intrusion Prevention: 7.25 Million Blocks Denial of Service: 26.08 Million Blocks Advanced Threat Detection: 179 Zero-Day Blocks In 1 week we block…
  3. 3. Washington State Government
  4. 4. Hacker Service Price per Record Visa / Mastercard • $4 Visa / Mastercard Stripe/Chip • $12 Date of Birth • $11 Health Insurance • $20 SSN • $30 Personal Identities  Value of PII vs credit card numbers Black Market Prices
  5. 5. Example from WA State  Dan gerBob Alice
  6. 6. Overview Alice
  7. 7. Example from WA State  Dan ger 8:55am 9:10am
  8. 8. Bringing it all together Phishing Message Staff contact information CFO’s schedule Financial Estimate Information The Agency Specific Timing Agency Roles Temporary Bank Account
  9. 9. Wire Transfer Scams
  10. 10. Evolution of Ransomware • Doxing – It’s flat out blackmail • C2 using public internet services • Cross platform support • Encrypt + smash your OS • Crypter to hide or encrypt the sourcecode • Cryptoworms • Fully contained variants
  11. 11. Changing Tactics • Targeting full identity • Less focus on credit card information • Maximizing profits of the stolen data • Profiling the agency and their roles • Profiling personal lives of agency staff • Timing attacks to improve chances of success • Impersonating ‘C’ level communication • Doxing • Cryptoworms • Fully contained Financial Crime
  12. 12.
  13. 13. © 2016 Unisys Corporation. All rights reserved. Digital Government November 1, 2016 Peter F Cipriano, Industry Director Digital Government, Global Public Sector Cyber Threats and Motivations - The People & Process of Cyber
  14. 14. © 2016 Unisys Corporation. All rights reserved. 15
  15. 15. © 2016 Unisys Corporation. All rights reserved. 16 Coordination of Framework Implementation • Executive • Business / Process • Implementation / Operations Source: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, NIST – 2/12/2014
  16. 16. © 2016 Unisys Corporation. All rights reserved. 17 Function and Category Unique Identifiers Source: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, NIST – 2/12/2014 TODAY’S FOCUS You CANNOT secure an infrastructure if you do not know what is in it and how people are using it
  17. 17. © 2016 Unisys Corporation. All rights reserved. 18 NIST Implementation Recommendations CIO Sets the vision and goals ORGANIZATION CHANGE VISION CISO Sets the Governance and polices GOVERNANCE MODEL POLICY PROGRAM MANAGERS Embeds the policies into the project plan SCHEDULE TASKS REPORT STATUS Network Owners Deploy & Configuration TECHNOLOGY EXPERTISE COLLABORATE Application Owners Coding best practices TECHNOLOGY EXPERTISE COLLABORATE End Users Follow the policies ENGAGEMENT REPORT EXPERIENCE PROVIDE DATA PROVIDE DATA
  18. 18. © 2016 Unisys Corporation. All rights reserved. 19 How it all ties together Foreign Actor Publicly Available FREE tool called Google Dorking used to identify vulnerable systems Older server detected through cellular hotspot. Operating system has no chance to prevent against new hacking techniques Iranian Hackers gain access to the SCADA system of the Bowman Avenue Dam in Rye Brook, NY * SCADA - Supervisory Control and Data Acquisition Using traditional hacking techniques gained access to the SCADA systemNew York Times
  19. 19. © 2016 Unisys Corporation. All rights reserved. 20 “How do you make users smarter so that they can make intelligent, well-informed decisions?” … “If your users are making choices that undermine that security you’ve made your job that much tougher.” ADMIRAL MICHAEL S. ROGERS - COMMANDER, U.S. CYBER COMMAND - DIRECTOR, NATIONAL SECURITY AGENCY - CHIEF, CENTRAL SECURITY SERVICE Source: DoD News, Defense Media Activity Oct. 25, 2016– Amaani Lyle Final Thought
  20. 20. © 2016 Unisys Corporation. All rights reserved. 21 Thank you for your time! For more information, please contact: We are here to Help, Contact Us! Peter F Cipriano Industry Director, Digital Government, Global Public Sector Contract: +1 (845) 518-2172 @CiprianoPF
  21. 21. Cyber Threats and Motivations Tony Gillespie US Public Sector Strategist
  22. 22. Speaker 2 4 Tony Gillespie Recently retired GS15 Assistant Chief of Staff G6/CIO for Marine Corps Installations East. 35 years in the Marine Corps active duty and Civil Service. Was responsible for the Voice, Video, Data and Security for all USMC bases on the East Coast south of Quantico, Va. Primary architect and Pilot for C2C for the DoD
  23. 23. 1 2 3 Baseline Security Who is your threat? Visibility 2 5 What do I need to know?
  24. 24. Fundamental Security baseline.. (we all must do it) • Largest threat to networks and end user devices – (Users) • Users are our only reason for having a network. (irony) • Is there a Patch for Stupid? • Over 75% of our Cybersecurity resources are performing fundamental baseline security tasks • Nearly all compromises have proven to be old (2 and 3 years) vulnerabilities that were exploited. • Let’s lock our doors and roll up the windows! (Fundamental security automation) (AKA-”The “Stupid patch” or a wrench big enough to tighten the loose nut) • How much time do you spend wrestling little alligators taking up YOUR cycles when you should be strategizing. 2 6
  25. 25. 1 2 3 IoT Landscape Threat Landscape Visibility 2 7
  26. 26. IoT Device Growth 2 8 PC BYOD IoT 1990 2015 2020 0 5 Billion 30 BillionThe Internet of Things is the network of dedicated physical objects (things) that contain embedded technology to sense or interact with their internal state or external environment. IoT = Internet of Things
  27. 27. 1 2 3 IoT Landscape Threat Landscape Visibility 2 9
  28. 28. Foundation Security SEE – If you can’t see it… you can’t determine risk • IoT • NO Agent - if it requires an agent how do you find it? • BYOD Control – automated and manual • Determine Risk and Deny Access based on policy • Allow access based on “the rest of the story” Orchestrate – take action or pass • Kick-off mitigation • Kick-off scan • Open Ticket or “Pop Up” notifications IoT – Internet of Things BYOD = Bring Your Own Device 3 0
  29. 29. So what? • Staff realigned to proactive tasks (Analytics, Hunting, Forensics) • Resource reduction (be careful with this one!) • 99.x% compliance is not only achievable it can be YOUR the minimum standard! 2nd and 3rd order effects • Increased security across the enterprise • Immediate action and zero day mitigation • Real-time knowledge of current security posture • Asset and license management • Portfolio Management How do I get there? 3 1
  30. 30. Thank you!
  31. 31. Acronym Glossary 33 IM Instant Messaging IOC Indicators of Compromise iOS Apple operating system for mobile devices IoT Internet of Things IP Internet Protocol ISE Cisco Identify Services Engine MAB Mac Authentication Bypass MTP FireEye’s Mobile Threat Prevention Platform MTTD Mean Time to Detection MTTR Mean Time to Resolution NA Not Applicable NAC Network Access Control NERC North American Electric Reliability Corporation Netbios Network Basic Inut/Output System NIC Network Interface Card NIMAPP Network Mapper NIST National Institute of Standards and Technology NMAP network mapper NX FireEye’s Network Threat Prevention Platform (NX) OS Operating System P2P Peer to Peer PCI Payment Card Industry PKI Private Key Infrastructure pxGrid Cisco Platform Exchange Grid RADIUS Remote Authentication Dial-In User Service Reauth Reauthorization RTU Remote Terminal Unit SCADA Supervisory Control and Data Acquisition SDK Software Developer Kit SGT Security Group Tags (Cisco) SIEM Security Information and Event Management SNMP Simple Network Management Protocol SOX Sarbanes Oxley SQL SQL Server SSID Service Set Identifider syslog standard for messaging logging TACACS Terminal Access Controller Access Control TAM FireEye’s Threat Assessment Manager TAP FireEye’s Threat Analytics Platform TCO Total Cost Ownership USB Universal Serial Bus VA Vulnerability Assessment vFW Virtual Firewall VM Virtual Machine VPN VPN AAA Authentication, Authorization and Accounting ACL Access Control List ACS Cisco Secure Access Control Server ARP Address Resolution Protocol ATD Advanced Threat Detection ATP Advanced Threat Prevention BYOD Bring Your Own Device CA Certificate Authority C&C Command and Control CEF Cisco Express Forwarding CoA Change of Authorization DHCP Dynamic Host Configuration Protocol DNS Domain Name Server EMM Enterprise Mobility Management EX FireEye’s Threat Prevention Platform for Email-based Cyber Attacks FERC Federal Energy Regulatory Commission FW Firewall GUI Graphical User Interface HIPAA Health Insurance Portability and Accountability Act HITECH Health Information for Technology for Economic and Clinical Health HPS Host Property Scanner HX FireEye’s Endpoint Threat Prevention Platform ID Identification
  32. 32. Backup
  33. 33. 3 5
  34. 34. 3 6
  35. 35. Vendors are proliferating within these siloed environments Source: Harbor Research, 2014; McKinsey Global Institute, 2015 3 7 IoT Device / Solution Vendors by Physical Environments Personal Home CityFactory LogisticsRetailVehiclesOffice WorksiteMedical Without standards or platforms, each vendor in each vertical environment tends to build their own respective specialized solution stack from scratch