2. Introductions
• The Security Audit is being performed as part of a Statewide initiative
to assess the security of various departments with the goal to create
a more secure network architecture and establish a new set of
security processes and procedures
• The Teams
• MLDSC Team
• DoIT Team
• Skyline Team
Cyber Engineering Services Proprietary
3. Cyber Engineering Services
• Joseph Drissel is the Chief Executive Officer of Cyber Engineering Services. Joseph
held previous leadership positions advising the United States government by
developing best practices on cyber security, monitoring, tracking and protecting
United States assets. Joseph was the Chief of the Intrusions Section at the
Defense Computer Forensics Laboratory (DCFL).
• Cyber Engineering Services was developed to provide incident response,
monitoring, intrusion/malware analysis, training, assessment and cyber related
intelligence/software/hardware to its clients. Cyber ESI has attracted the best
talent in the industry, with experience in Network Security, Computer Forensics,
Incident Response, Intrusions Analysis, and Reverse Engineering Malware.
• Our team of forensic and network security experts bring current, front-line
knowledge from our experience within the federal government’s most advanced
computer forensics lab, the Defense Computer Forensics Laboratory (DCFL) within
the U.S. Department of Defense Cyber Crime Center (DC3) – and our continued
investment with front-line customer engagements.
Cyber Engineering Services Proprietary
6. Threat Landscape
Cyber Engineering Services Proprietary
• Iron Dome Incident – We monitored as multiple Israeli defense firms were breached. The bad actors were targeting the Iron
Dome missile defense system
• http://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/
7. Why does all this matter?
• The same bad actors are targeting assets across multiple sectors,
including the education communities
• With some effort these challenges can be address but there needs to
be a paradigm shift
• The audit being completed by the MLDSC organization represents a
step in the right direction. The audit can be used to enable proper
defensive measures and properly assess risk
Cyber Engineering Services Proprietary
8. MLDSC Core Audit Request
• Vulnerability Scan
• Penetration Test of data center environment
• Review and audit of Technical Architecture Design
• Review of ETL workflow
• Review of our MS/AD roles for Least Access
• Review of MLDS Data Security and Safeguarding Plan (DSSP) and DSSP Implementation Plan
• Review of PII data security
• Review of physical security
• Review of IT inventory process
• Review of System Access procedures
• Review of VMWare environment
• Review of the Log Aggregation process
• Review backup/recovery process
• Verification that new versions of Windows, Oracle patches
• Review external system access
Cyber Engineering Services Proprietary
9. Audit Objectives
• Conduct a Cybersecurity Risk Assessment, targeted at specific assets
and networks associated with the Maryland Longitudinal Data System
Center.
• Identify recommendations for the remediation of risks found during
the assessment.
• Report any identified risks and associated recommendations to
stakeholders within the MLDSC and DoIT.
Cyber Engineering Services Proprietary
10. Audit Scope
• NIST Publications SP 800-30
• 2 Phases
• Phase I
• Preparation and Discovery
• Threat Assessment
• Vulnerability Assessment
• Initial Code Review
• Risk and Recommendations
• Report
• Phase II
• Preparation and Discovery
• Penetration Test
• Physical Security (Some completed in Phase I)
• Risk and Recommendations
• Report
Cyber Engineering Services Proprietary
11. PII Emphasis
• The assessment will have a focus on discovering the encryption
efforts related to PII.
• The penetration test will be completed at the end of the effort and
will be used to validate the assessment.
Cyber Engineering Services Proprietary
12. Current Findings to date
• Asset Discovery - Two categories of assets in place at MLDSC, Primary (Servers,
Networking backbone) and Secondary (Workstations, laptops, printers)
• Physical Security - Primary Assets are protected with above average physical
security. Multiple security controls are in place (badge scanners, multiple secure
doors, physical locks). Physical theft of devices is unlikely.
• Physical theft of storage drives containing the MDM Database PII is unlikely.
• MLDSC devices leverage the MSDE infrastructure.
• MLDSC assets interact with systems residing at several different levels of
security, they will require detailed reviews.
• Potential security vulnerabilities within MLDSC printer (Managed by MSDE) are
being evaluated.
• An evaluation is being performed on the MDM database’s backup in terms of
level of encryption to protect the data in cold storage.
Cyber Engineering Services Proprietary