SlideShare a Scribd company logo

Cybersecurity for Emergency Managers

Download as PPTX, PDF
Sarah K Miller
Sarah K Miller

This document discusses cybersecurity issues for emergency managers. It notes that cybersecurity is everyone's responsibility, not just IT, and outlines common threats like data breaches, human error, and cyber warfare. It then details steps in the cybersecurity lifecycle including prevention through policies and training, protection, mitigation through backups and monitoring, response planning, and recovery procedures. The document warns that most organizations lack comprehensive cybersecurity policies and enforcement. It also discusses social engineering threats and provides examples of cyber incidents including a case where prank 911 calls overloaded emergency systems.

Technology
1 of 28
Cybersecurity for Emergency Managers
Cybersecurity is everyone’s problem • Cybersecurity is NOT just IT’s problem. IT Emergency Management Law Enforcement And everyone in your organization
The threat • Malicious vs unintentional • Active attacks • Data breaches • Human error • Cyber warfare
Locally
Lifecycle
Prevention • What have you done to prepare? • What policies are in place? • What training is in place? • How are the policies enforced? • THINGS YOU MUST HAVE • Emergency Operations Plan • Cybersecurity Policy • Acceptable Use Policy
Protection
Mitigation • What steps have you taken? • What steps can you take? • Insurance • Backups • Redundancy • Monitoring • https://haveibeenpwned.com • Early Reporting • Training
Response Do you have a response plan? Does everybody know how to recognize an incident? Does your staff know what to do if they suspect an incident? Who do you call for help?
Recovery What’s your recovery plan? Beyond just the technology Who do you call for help?
Sample Incident annex https://1drv.ms/w/s!At2Gwcs7z-oh3Ubt7QNXAZ-HHeM2
References • National Cyber Incident Response Plan, Department of Homeland Security, 2016 • Computer Security Incident Handling Guide (Revision 2) National Institute of Standards and Technology, 2012 • Washington State Significant Cyber Incident Annex, Washington Military Department – Emergency Management Division, 2015 • ISO/IEC 27032 – Information Technology – Security techniques – Guidelines for cybersecurity, International Standards Organization, 2012
Annex Parts Policies Sets expectations Situation/ Assumptions Requires all components to be in place Concept of Operations Will require local discussion Responsibilities EM/IT/LE Expect some pushback
Major Cyber Incident Checklist • Action items • Pre-Incident Phase • Response Phase • Recovery/Demob Phase
Common Issues Most entities lack a comprehensive cybersecurity policy that vests responsibility with every employee. Those that have policies don’t enforce them A greater number of incidents occur than are reported in any formal way Lack of response plans leads to slow recognition, response, recovery. Lack of individual security leaves entire organization at risk
Human Factor Phishing, social engineering • Enabled by agency and employee use of social media and other things Careless info access/dissemination • Public spaces • Public wifi • Unlocked computers • Lack of caution
Examples To: Siri McLean (siri@piepc.org) From: PIEPC Accounting (piepc@wsu.edu) Subject: PIEPC Unpaid Invoice -------------- Dear PIEPC Attendee: We have recently identified an issue that caused your last IAEM dues invoice to remain unpaid. Please login to our website at your earliest convenience to view your invoice and remit payment (preferably via credit/debit card). If you have any questions, please contact us at 509-335-3530 or reply to this email.
Social Engineering
Social Media Names Personal details Personal details provided by third parties Account spoofing Operational details shared
Meet Desai
Meetkumar Hiteshbhai Desai • Investigators traced the calls and discovered they originated from a link posted to Twitter and YouTube. The link was to a site named "Meet Desai" and its domain was hosted out of San Francisco. When the link was clicked, it continually called 911 and would not let the caller hang up. • His page received 151,000 hits • Desai said his intent was to make a non-harmful, yet annoying, bug that was meant to be funny, officials said.
It was not funny • Surprise Police Department notified the Maricopa County Sheriff's Office of more than 100 hang-up 911 calls within a few minutes. • The volume put authorities "in immediate danger of losing service to their switches." • The emergency systems for the nearby Peoria Police Department and the Maricopa County Sheriff's Office also received a large number of repeated calls. • Agencies in California and Texas were also affected.
OCTOBER 10, 2017 Meetkumar Desai, age 19, was sentenced to 3 years supervised probation for carrying out a reckless cyberattack on 911 emergency call systems in Maricopa County. Authorities will also be able to monitor Desai’s computer while he is on probation.
Other Examples This Photo by Unknown Author is licensed under CC BY-NC-SA
QUESTIONS? Contact me: Sarah Miller, MPA, CEM President, IAEM Region 10 Past Chair, IAEM Emerging Tech Caucus sarah@skmillerconsulting.com twitter: @scba

Recommended

Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
Argyle Executive Forum
 
Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4
Sarah K Miller
 
Cyber security; one banker s perspective
Cyber security; one banker s perspectiveCyber security; one banker s perspective
Cyber security; one banker s perspective
Mohammad Ibrahim Fheili
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Infosecurity2010
 
LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering Threat
Lancope, Inc.
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
Ahmed Musaad
 
Phreaknic14
Phreaknic14Phreaknic14
Phreaknic14
James Ruffer
 

Recommended

Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
Argyle Executive Forum
 
Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4
Sarah K Miller
 
Cyber security; one banker s perspective
Cyber security; one banker s perspectiveCyber security; one banker s perspective
Cyber security; one banker s perspective
Mohammad Ibrahim Fheili
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Infosecurity2010
 
LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering Threat
Lancope, Inc.
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
Ahmed Musaad
 
Phreaknic14
Phreaknic14Phreaknic14
Phreaknic14
James Ruffer
 
Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri
Moumita Chatterjee
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
Abzetdin Adamov
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
CBIZ, Inc.
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
Jack Kessler
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
Rob Ragan
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
Shareb Ismaeel
 
Evil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldEvil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the world
Hillary L
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
Blake Carver
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
Anchit Rajawat
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
Murray Security Services
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
abercius24
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
Roger Hagedorn
 
Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010
Vicky Shah
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
Sarah K Miller
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
John Stauffacher
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 

More Related Content

What's hot

Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri
Moumita Chatterjee
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
Abzetdin Adamov
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
CBIZ, Inc.
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
Jack Kessler
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
Rob Ragan
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
Shareb Ismaeel
 
Evil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldEvil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the world
Hillary L
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
Blake Carver
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
Anchit Rajawat
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
Murray Security Services
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
abercius24
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
Roger Hagedorn
 
Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010
Vicky Shah
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 

What's hot (19)

Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 
Evil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldEvil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the world
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 

Similar to Cybersecurity for Emergency Managers

Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
Sarah K Miller
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
John Stauffacher
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Cybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsCybersecurity for King County Public Educators
Cybersecurity for King County Public Educators
Sarah K Miller
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
Tzar Umang
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 Sofia
Steve Poole
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore
Gross, Mendelsohn & Associates
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
GDSCCVR
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Steve Poole
 
2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference
Rea & Associates
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
Sandeep Taileng
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
Steve Poole
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
MansoorAhmed57263
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
Ramya Nellutla
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
AT-NET Services, Inc. - Charleston Division
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
Art Ocain
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
CBIZ, Inc.
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
CCIAOR
 

Similar to Cybersecurity for Emergency Managers (20)

Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Cybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsCybersecurity for King County Public Educators
Cybersecurity for King County Public Educators
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 Sofia
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 

More from Sarah K Miller

Secure your stuff
Secure your stuffSecure your stuff
Secure your stuff
Sarah K Miller
 
DEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster responseDEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster response
Sarah K Miller
 
IAEM cybersecurity 101
IAEM cybersecurity 101IAEM cybersecurity 101
IAEM cybersecurity 101
Sarah K Miller
 
Utilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist editionUtilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist edition
Sarah K Miller
 
Using Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and EngagementUsing Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and Engagement
Sarah K Miller
 
Using Social Media in an Emergency
Using Social Media in an EmergencyUsing Social Media in an Emergency
Using Social Media in an Emergency
Sarah K Miller
 
How to use social media in an emergency
How to use social media in an emergencyHow to use social media in an emergency
How to use social media in an emergency
Sarah K Miller
 
You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...
Sarah K Miller
 
Writing a winning resume
Writing a winning resumeWriting a winning resume
Writing a winning resume
Sarah K Miller
 
ICS and you
ICS and youICS and you
ICS and you
Sarah K Miller
 
Utilizing social media to build your program
Utilizing social media to build your programUtilizing social media to build your program
Utilizing social media to build your program
Sarah K Miller
 
Social media privacy and safety
Social media privacy and safetySocial media privacy and safety
Social media privacy and safety
Sarah K Miller
 
INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010
Sarah K Miller
 
Gaining situational awareness using social media
Gaining situational awareness using social mediaGaining situational awareness using social media
Gaining situational awareness using social media
Sarah K Miller
 
Generational differences in organizations.
Generational differences in organizations. Generational differences in organizations.
Generational differences in organizations.
Sarah K Miller
 
Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.
Sarah K Miller
 
Recruiting and retaining radio volunteers
Recruiting and retaining radio volunteersRecruiting and retaining radio volunteers
Recruiting and retaining radio volunteers
Sarah K Miller
 
Overcoming barriers: The Role of Gender in Disaster
Overcoming barriers: The Role of Gender in DisasterOvercoming barriers: The Role of Gender in Disaster
Overcoming barriers: The Role of Gender in Disaster
Sarah K Miller
 
Interpersonal Communications in the EOC
Interpersonal Communications in the EOCInterpersonal Communications in the EOC
Interpersonal Communications in the EOC
Sarah K Miller
 

More from Sarah K Miller (19)

Secure your stuff
Secure your stuffSecure your stuff
Secure your stuff
 
DEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster responseDEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster response
 
IAEM cybersecurity 101
IAEM cybersecurity 101IAEM cybersecurity 101
IAEM cybersecurity 101
 
Utilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist editionUtilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist edition
 
Using Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and EngagementUsing Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and Engagement
 
Using Social Media in an Emergency
Using Social Media in an EmergencyUsing Social Media in an Emergency
Using Social Media in an Emergency
 
How to use social media in an emergency
How to use social media in an emergencyHow to use social media in an emergency
How to use social media in an emergency
 
You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...
 
Writing a winning resume
Writing a winning resumeWriting a winning resume
Writing a winning resume
 
ICS and you
ICS and youICS and you
ICS and you
 
Utilizing social media to build your program
Utilizing social media to build your programUtilizing social media to build your program
Utilizing social media to build your program
 
Social media privacy and safety
Social media privacy and safetySocial media privacy and safety
Social media privacy and safety
 
INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010
 
Gaining situational awareness using social media
Gaining situational awareness using social mediaGaining situational awareness using social media
Gaining situational awareness using social media
 
Generational differences in organizations.
Generational differences in organizations. Generational differences in organizations.
Generational differences in organizations.
 
Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.
 
Recruiting and retaining radio volunteers
Recruiting and retaining radio volunteersRecruiting and retaining radio volunteers
Recruiting and retaining radio volunteers
 
Overcoming barriers: The Role of Gender in Disaster
Overcoming barriers: The Role of Gender in DisasterOvercoming barriers: The Role of Gender in Disaster
Overcoming barriers: The Role of Gender in Disaster
 
Interpersonal Communications in the EOC
Interpersonal Communications in the EOCInterpersonal Communications in the EOC
Interpersonal Communications in the EOC
 

Recently uploaded

Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
Tobias Schneck
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Sunil Jagani
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Ukraine
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 

Recently uploaded (20)

Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 

Cybersecurity for Emergency Managers

  • 2. Cybersecurity is everyone’s problem • Cybersecurity is NOT just IT’s problem. IT Emergency Management Law Enforcement And everyone in your organization
  • 3. The threat • Malicious vs unintentional • Active attacks • Data breaches • Human error • Cyber warfare
  • 5.
  • 6.
  • 8. Prevention • What have you done to prepare? • What policies are in place? • What training is in place? • How are the policies enforced? • THINGS YOU MUST HAVE • Emergency Operations Plan • Cybersecurity Policy • Acceptable Use Policy
  • 10. Mitigation • What steps have you taken? • What steps can you take? • Insurance • Backups • Redundancy • Monitoring • https://haveibeenpwned.com • Early Reporting • Training
  • 11. Response Do you have a response plan? Does everybody know how to recognize an incident? Does your staff know what to do if they suspect an incident? Who do you call for help?
  • 12. Recovery What’s your recovery plan? Beyond just the technology Who do you call for help?
  • 14. References • National Cyber Incident Response Plan, Department of Homeland Security, 2016 • Computer Security Incident Handling Guide (Revision 2) National Institute of Standards and Technology, 2012 • Washington State Significant Cyber Incident Annex, Washington Military Department – Emergency Management Division, 2015 • ISO/IEC 27032 – Information Technology – Security techniques – Guidelines for cybersecurity, International Standards Organization, 2012
  • 15. Annex Parts Policies Sets expectations Situation/ Assumptions Requires all components to be in place Concept of Operations Will require local discussion Responsibilities EM/IT/LE Expect some pushback
  • 16. Major Cyber Incident Checklist • Action items • Pre-Incident Phase • Response Phase • Recovery/Demob Phase
  • 17. Common Issues Most entities lack a comprehensive cybersecurity policy that vests responsibility with every employee. Those that have policies don’t enforce them A greater number of incidents occur than are reported in any formal way Lack of response plans leads to slow recognition, response, recovery. Lack of individual security leaves entire organization at risk
  • 18. Human Factor Phishing, social engineering • Enabled by agency and employee use of social media and other things Careless info access/dissemination • Public spaces • Public wifi • Unlocked computers • Lack of caution
  • 19. Examples To: Siri McLean (siri@piepc.org) From: PIEPC Accounting (piepc@wsu.edu) Subject: PIEPC Unpaid Invoice -------------- Dear PIEPC Attendee: We have recently identified an issue that caused your last IAEM dues invoice to remain unpaid. Please login to our website at your earliest convenience to view your invoice and remit payment (preferably via credit/debit card). If you have any questions, please contact us at 509-335-3530 or reply to this email.
  • 20.
  • 22. Social Media Names Personal details Personal details provided by third parties Account spoofing Operational details shared
  • 24. Meetkumar Hiteshbhai Desai • Investigators traced the calls and discovered they originated from a link posted to Twitter and YouTube. The link was to a site named "Meet Desai" and its domain was hosted out of San Francisco. When the link was clicked, it continually called 911 and would not let the caller hang up. • His page received 151,000 hits • Desai said his intent was to make a non-harmful, yet annoying, bug that was meant to be funny, officials said.
  • 25. It was not funny • Surprise Police Department notified the Maricopa County Sheriff's Office of more than 100 hang-up 911 calls within a few minutes. • The volume put authorities "in immediate danger of losing service to their switches." • The emergency systems for the nearby Peoria Police Department and the Maricopa County Sheriff's Office also received a large number of repeated calls. • Agencies in California and Texas were also affected.
  • 26. OCTOBER 10, 2017 Meetkumar Desai, age 19, was sentenced to 3 years supervised probation for carrying out a reckless cyberattack on 911 emergency call systems in Maricopa County. Authorities will also be able to monitor Desai’s computer while he is on probation.
  • 27. Other Examples This Photo by Unknown Author is licensed under CC BY-NC-SA
  • 28. QUESTIONS? Contact me: Sarah Miller, MPA, CEM President, IAEM Region 10 Past Chair, IAEM Emerging Tech Caucus sarah@skmillerconsulting.com twitter: @scba