Our Crisis Turning Point 2016 12-13.3

transcript

Our Crisis Turning Point

Our Current State of

Cyber In-Security 2016-12-13.3

Massive Data Breaches

WHO is doing the Hacking? WHAT are Their Goals? WHAT is Being Stolen?

WHAT is their “End-Game”?

• As a nation…

We suffer from a ‘delusion of technology grandeur’

• Resulting in an overall -

False ‘Sense of Cyber-Security’ (Bad things can’t happen to us…)

IMHO (In My Humble Opinion)…

This has lead us into a period that is putting our nation

in a HIGH RISK category…

We have ‘slept’ as our political adversaries have pilfered our nation’s

defense assets (Intellectual Property), used our currency against us and

created a cyber army that can be used in an effort to defeat us militarily.

Just HOW did I arrive at this conclusion?

Photos courtesy of: SAIC Gregory Fowler, FBI, Portland, OR

U.S. Development Costs: Joint Strike Fighter Lockheed / Martin $337 Billion

China’s Development Cost… SIGNIFICANTLY LESS

U.S. Defense Asset Designs Stolen by Hackers Before & After 2006

• F-35 Joint Strike Fighter

• Black Hawk Helicopter

• Global Hawk Surveillance Drone

• Patriot Missile System

• GE Jet Engines

• Aegis Ballistic Missile Defense System

• C-17 Globemaster Transport Aircraft

• RC-135 Reconnaissance Aircraft

• Other Less Notable Designs

• Our Army is at its lowest point since just after WWII.

• Our Navy has its smallest fleet size since 1917.

• Our Air Force & Navy are salvaging parts from museums

and airplane-graveyards to keep what few aircraft we have are ‘deployable’ “ready”.

• It’s ALL in the news… every day.

• Just “WHY” is this important to us, now?

• It’s not just my opinion…

Rear Admiral Thomas C. Lynch

CIA Agent Michael Baker

Newt Gingrich Speaker of the House

Richard A Clarke Presidential Advisor - Cyber

We ALL Concur! • America has become war-weary and

‘over-embraced’ technology to the detriment of our safety and National Security.

• Our cars’ computerized systems can be hacked or

taken over, our hospital networks and active medical devices can be compromised or our data encrypted and held for ransom.

• What we don’t know or fail to comprehend about cyber threats can now injure us or worse!

What the Experts say…

“Cybercrime is becoming everything in

crime. Again, because people have

connected their entire lives to the

Internet, that’s where those who want to

steal money or hurt kids or defraud go.

So it’s an epidemic for reasons that make

sense.” 10/2014

about: Cybercrime… James Comey – Director FBI

about: Data Breach… General Michael Hayden – Former Director: NSA (1999-2005); CIA (2006-2009)

“It’s shame on us for not protecting this kind of information… (How does this type of Gov’t.

data breach happen?) It’s a tremendously big deal… There are three layers: The government

system, the political system and popular culture. So the governmental system: Raw

incompetence is the best explanation I can offer you. That’s at the executive-branch level. At

the political level, last week we began reigning in the renegade NSA for actually having phone

bills (yours and mine) up at Fort Meade… and Thursday we learned that OPM had lost (over)

14 million sets of records. At the level of popular culture, we Americans have not yet decided

what it is we want … or will permit our government to do in this cyber domain. Until we make

those decisions, these kinds of events are more likely.” 6/2015

about: U.S. Military Abilities… Richard Clarke – Former Presidential Advisor, Cyber Security

“The U.S. military is no more capable of operating

without the Internet than Amazon.com would be.

Logistics, command and control, fleet positioning,

everything down to targeting, all rely on software and

Internet-related technologies. … All of it is just as

insecure as your home computer, because it is all

based on the flawed underlying technologies and uses

the same insecure software and hardware.”

4/2012

about: North American Electrical Power Grids… George R. Cotter – Retired 2009 Former Chief Scientist NSA (60 years as Cryptologist) Specialty North American Electrical Generation & Distribution Networks

“With adversaries’ malware in the National Grid, the nation has little to no chance of

withstanding a major cyberattack on the North American electrical system. Incredibly weak

cybersecurity standards with a wide open communications and network fabric, virtually

guarantees success to major nation states and competent hacktivists.” 4/2015

IDentity Theft

• As of 2012, has surpassed ALL other types of Theft (COMBINED)!

• Can typically take more than 800 hours to repair

• Is NOT Limited to ONE Occurrence per Individual

• Can occur in MANY different ways

Ransomware

• Typically initiated by a Phishing Attack or Spear-Phishing Attack

• Encrypts your Data, Disk Drive(s) or ALL Storage

• Devices connected to your network(s)

• May DELETE all your Data (WIPER)

• May also qualify as a Data Breach (Data Theft)

Social Media Hacking

Why Social Media Hacking?

WSJ Article Small Business

TYPES of Records Breached

COST of a Data Breach

Hacker Rewards - Breached Computer

Courtesy Krebs On Security

Hacker Rewards - e-Mail

Courtesy Krebs On Security

Where Do I Start ? ? ? • Secure the services of a good Cyber Security Consultant

(Minimum 10-15 years experience)

• Document / Diagram Your IT Infrastructure o Account for ALL your Host Computers, Servers, Networking & End-

Point Devices

• Select the members of your Cyber Security Incident Response

• Perform a SWOT Analysis of your Cyber Vulnerabilities

• Select a seasoned Data Breach / Cyber Insurance Professional (Minimum 7-10 years experience)

Then…

• Create a Layered Security Model

• Separate Your HIGH VALUE Target / Vulnerable Data from the rest of your networks

• Layout Short / Medium & Long Range Goals

• Create your Initial Cyber Security Incident Response Plan

The CHOICE is Ours to Make!

• Will we as a nation remain Passive and RE-Active to our current situation… ?

(Pearl Harbor Scenario)

• Wrestle our future back from those ‘I don’t see a problem’ short-sighted individuals /

organizations and transform our nation into a PRO-Active movement that will attack the problems

BEFORE they destroy us!

The THREAT is REAL America… Get Over It!

Solutions That REALLY Work… …And Won’t Bust Your Budget!

• Next Generation Anti-Virus / Anti-Malware STOPS Ransomware BEFORE it Encrypts Your Data!

(Endpoints & Servers!)

• Data Scanning & Protection Locate and Protect ALL Your Sensitive Data!

Your Staff can Install and Configure These Products!

Where Has ALL The Data Gone?

FCW Interview with Admiral Mike Rogers,

Director of the NSA:

http://fcw.com/articles/2014/11/20/nsa-predicts-cyberattack-2025.aspx

FCW Interview with DNI James Clapper

http://fcw.com/articles/2015/02/26/cumulative-cyber-threat.aspx

http://www.scmagazine.com/intel-security-conducts-cyberattack-survey/article/427429/

U.S.A. DHS-Defined

Critical Infrastructure Economic Sectors

1. Water

2. Food & Agriculture

3. Dams

4. Financial Services

5. Chemical

6. Critical Manufacturing

7. Commercial Facilities

8. Emergency Services

9. Transportation

10. Healthcare

11. Government Facilities

12. National Defense

13. Information Technology

14. Communications

15. Nuclear Reactors

16. Electrical Energy

Critical Infrastructure Economic Sectors

The REALITY – A Fragile, Vulnerable Economy, Subject to our Lynch-Pin Theory

What Is The GRID?

An Inter-Connection of Electrical Generation Facilities, Distribution Components and

Sub-Stations that Distribute the BES (Basic Electric System) to Government, Commercial and

Residential facilities.

North American Electrical Grids

DOE – Hierarchy of Electrical Reliability Monitoring

DOE – Regional Entities

DOE – Regional Reliability Coordinators

http://www.wsj.com/articles/SB10001424052702304851104579359141941621778

3 Types of Primary Threats to the Grid

• Low-Tech

• Hi-Tech

• Natural Phenomenon

Primary Threats to The Grid

PG&E’s Metcalf, CA Transmission Substation – Supplies A.C. Power to Silicon Valley “Most significant incident of Domestic Terrorism involving the GRID that has ever occurred” in the U.S. –Jon Wellinghof, then Chairman FERC • Began before 1 a.m. 4/16/2013

• Cut phone lines / fiber optic cables • Within 30 minutes, snipers opened fire with AK-47s on substation transformers • Knocked out 17 extra large transformers • Power was re-routed to keep power on to Silicon Valley, however it took 27 days to

make this one substation operational again • Total cost to repair this ONE substation $15 Million

http://www.wsj.com/articles/SB10001424052702304851104579359141941621778

Low-Tech Defense to AK-47 Style Attack

• Projectile Shredding Fencing

• Real-Time Situation Monitoring of Sub-Stations (Nationwide Network)

http://www.betafenceusa.com/Bullet-Resistant-Fence

EMP Event

• TND Detonation at Altitude

• Produces a Hi-Frequency Event (Electro-Magnetic Pulse) [EMP]

• Only Current Protection is to enclose equipment to be protected in a Faraday Cage (EMI Shielding)

August 31, 2012 Magnificent CME

• Published September 4, 2012 (NASA)

• On August 31, 2012 a long filament of solar material that had been hovering in the sun's atmosphere, the corona, erupted out into space at 4:36 p.m. EDT.

• The coronal mass ejection, or CME, traveled at over 900 miles per second.

• The CME did not travel directly toward Earth, but did connect with Earth's magnetic environment, or magnetosphere, with a glancing blow, causing aurora to appear on the night of Monday, September 3rd.

The Following Image of the Earth is to scale with the Filament Eruption (CME). Note: the Earth is not this close to the sun, this image is for scale purposes only.

https://svs.gsfc.nasa.gov/cgibin/details.cgi?aid=11095

What is a Coronal Mass Ejection?

Actual Distance from Sun: NOT to Scale

Charged Ionosphere Produced by a CME Rising to the Carrington Level Event

CME / CLE Defenses

• Solar Observation Satellites

• Synchrophasor Device Integration for BES Protection

• Monitoring & Alerting Network E-ISAC (Benefiting Owner-Operators)

Hospital / Patient Vulnerabilities

HOSPITALS MEDICAL RECORDS

ACTIVE MEDICAL DEVICES

Wrong Mission x Outdated Approach = FAILURE (Focusing on Patient Records) (Ignoring Advanced Threats) (Patients NOT Protected)

General Implementation Issues w / Hospital I.T. Infrastructure

• Insecure (un-secured) services (Insecure protocols) • Broken Access Controls • Default Configurations • Shared Credentials • Unpatched Systems

ISE “Securing Hospitals” – February 23, 2016

Healthcare Facilities Security Blueprint

Facility Re-Design Processes

Sample Good Network Architecture - Medical Facility

Highly Secure & Protected Area

Patient Health Attack Model

CEO, Global 1 Research & Development, Ltd.

Bill has more than 50 years in I.T., Telecommunications and Security. With a background in Electrical Engineering & Database Design,

he has been a consultant to the U.S Federal Government, various state agencies and Fortune 500 companies.

Bill assists companies in reviewing their Business Continuity, Data Recovery and Data Breach plans. He also assists CEO, CIO and CISO staff with vulnerability assessments & remediation, implementing enhancements to harden their web servers, internal networks, and data protection. Averting

damage from the next major cyberattack on Corporate America and helping individuals protect their identity are Bill’s primary goals. He has spoken extensively on technical matters both domestically and in Latin

America for over 20 years. Bill is the creator of the Data Breach Boot Camp™ Seminar Series for executives.

Perhaps some of his past clients say it best:

“I have worked with Bill on multiple projects over the past 21 years… He has a rare ability to see solutions where most find clutter…

You will find him a valuable, reliable contributor to any serious project.”

P.L. Thomas, PhD NIH, Bethesda, MD.

“I have found Bill to be very competent. He can be relied upon to deliver quality in business.”

A.P. Bertolino MD, PhD, MBA, Exec. V.P. Pharmaceutical Company, San Francisco, CA

Bill currently resides with his wife Barbara in Doylestown, PA

Former Clients Include…

U.S. Library of Congress U.S. Department of Commerce

U.S. Department of State State of Delaware: Department of Health & Social Services Many other small & medium size businesses (Including Medical Practices)

Available on LinkedIn and SlideShare

Please complete the Speaker Evaluation Form. THANK YOU !

Thank you for your kind attention!

William D. Kiss, Founder & CEO

Global 1 Research & Development, Ltd.

www.BillKiss.com

wdkiss13@gmail.com

Cell: +1.484.357.2339

• For More Information, please contact:

Potential EBITDA Savings

How To Squeeze Savings Out of Already Allocated Budget Dollars