Cyber security readiness for manufacturing:

Protecting Your business from the Robot Zombie Hackmageddon

Cytellix, Cyber Security Division of IMRI | Aliso Viejo, CA

Copyright © 2017 IMRI. All rights reserved. Proprietary Information

Today’s Agenda

Introduction

Statistics are a wake up call

Cybersecurity preparedness is real

Industry standards driving compliance

What should be done

Common questions

Q&A

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Who am I?

Spencer Cobb, 20 years experience in Cyber security. Various roles in multiple cutting edge start ups helping global organizations secure their networks and confidential information.

Cytellix, is the commercial cyber security division of IMRI.

IMRI, Delivering comprehensive IT and engineering solutions since 1992

Successfully delivered over $150 Million in technology contracts. Secure over 1500 networks with 7M endpoints. Army, DISA, Missile Defense Agency are customers.

We are focused on helping small manufacturers meet new Federal Supply chain compliance guidelines around cyber security readiness.

Partnered with Manufacturing Extension Partnerships around the U.S.

- 3 -

Quick survey…

• Raise your hand if….(Keep them up please)

• You or someone you know has had their personal credit card or identity stolen.

• Your company or a company you know has been hacked.

• Your company or a company you know has been hit with ransomware.

• Your company or a company you know has paid ransom ware…

You are likely running out of hands and your arms are getting tired.

- 4 -

Cyber attacks on the rise!

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Attacks are becoming common place. Hacking is a fact of life.

Robotics and Automation

- 6 -

From this ….

Robotics and Automation

- 7 -

From this ….

Or…Zombie Robot Hackmaggedon.

- 8 -

To this?

Cyber attacks on the rise!

60% of SMB cybercrime victims go out of

business within 6 months of attack (NCSA)

50% of all surveyed in 2014

reported being victims of cyber attacks. (National SBA)

70% of all targeted attacks struck

small to mid-sized organizations in 2016.(SMB Group)

50% of small and midsized businesses have fallen victim to ransomware

48% of those paid a ransom, (2017 Ponemon Institute)

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Small business getting attacked

79% percent of small businesses do not have an incident response plan. Without one, you may

never be able to fully recover when a cybersecurity incident becomes a reality.

75% of spear-phishing attacks in 2015 targeted businesses less than 250 employees.

53% of small businesses reported they do not allocate budget for risk mitigation services

because they do not store valuable data, yet the majority of respondents reported they store email addresses (68%) and phone numbers (65%), along with other valuable Personal information.

56% of SMB’s are unprepared to identify and respond to a security event (EiQ Networks

2017)

75% of SMB’s admitted a small-to-nonexistent IT security staff, with zero to two employees

dedicated to that role. (EiQ Networks 2017)

- 10 -

More Statistics…July 17

- 11 -

2 out of 3 companies

don’t fully measure whether

their disaster recovery will

work as planned.

4out of 5 never measure

the success of security training

investments.

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Thycotic survey July 2017

Security Challenges

- 12 -

What do we know?

Constant system upgrades, moves and changes

Resources in IT and Cyber are limited in most organizations

Real time analysis across the entire enterprise or cloud is

required

Awareness of every computer, network, device (IoT) and route is

required for true situational awareness

We need to understand attack paths, risks and data leaks

Increased requirements for Cyber Security Compliance and

Policies

Who is attacking?

Nation states

- 13 -

Hacktivists

Organized Crime

Anonymous

PLA Unit 61398

Why are we being attacked?

- 14 -

Value at Risk

- 15 -

256 days Average time to detect malware*

$5,850,000 / US Average total cost of a data breach**

*Beyond Trust** Ponemon Institute

Costing a data breach: Brand value Intellectual propertyCustomer relations Supplier relationsCompetitive information Information Recovery Systems Recovery RemediationDamage Control DowntimeLegal costs Forensics

Categories of attacks in SMB

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Statistics of the Market

- 17 -

Top Cyber Attack Threats in Manufacturing

Average cost of a cyber attack on a Manufacturer

Why now?The statistics show the small and mid-size business market has not been able to track the constant system upgrades, moves and changes. 60% of these businesses will experience losses, from cyber incidents, significant enough to drive them out of business within six months. Limited budgets and cyber resources in IT have prevented business owners from protecting their infrastructure. The awareness of the devices (IoT) on networks is almost nonexistent. New requirements for Cyber Security Compliance and Policies have rolled out to many industries, and there are more to come.

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Common TTP’s

Common Tools, Tactics & Procedures in manufacturing attacks

- 18 -

Phishing, spear-phishing, SQLi, malvertising>>>account hijacking or malware infection, for data exfiltration or ransomware (encryption)

What is being stolen?

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Real world anecdotes

Manufacturer in MI: Hit by ransomware 3 different times. Paid

increasing amounts of ransom to decrypt files.

Industrial Materials Manufacturer in PA: Hit by ransomware

twice. Paid $10,000.

Manufacturer in NJ: Put out RFP for components. Provided

information about its products to bidders. Later found out it was

being hacked. FBI found out that a Chinese company which had

bid on the RFP had hacked the company and stolen IP, reproduced

their product for sale on Chinese black market.

- 20 -

Hackers stealing IP from DoD and its suppliers

And Replicating our technology!

These successful attacks have led to stricter guidelines for protecting information in DoD supply chain.

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

DFARS 252.204-7012 4 Things you need to know

1) Contractors have until December 2017 to be in full compliance with the requirements outlined in the clause and NIST 800-171

2) Areas of non-compliance need to be reported to the DoD CIOs office within 30 days after contract award

3) Contractors have 72 hours to report cyber incidents to the DoD CIO (and their suppliers)

4) The cyber DFARS clause needs to be flow down to all suppliers/subcontractors storing, processing and/or generating Covered Defense Information as part of contract performance

- 22 -

DoD Supply Chain Protection: New Cyber Security Guidelines

• If your business currently supplies an OEM in the DoD supply

chain- you will be required to address new cyber guidelines

• DFARS 252.204.7012 (references) NIST 800-171 for

guidelines around Controlled Unclassified Information in Non

Federal Info Systems & Orgs

DoD contractors including small businesses must adhere to two basic cybersecurity requirements

1. Must provide adequate security for information that resides in or transits through internal unclassified systems

2. Must rapidly report cyber incidents and cooperate with the DoD to respond to security incidents

https://www.archives.gov/cui/registry/category-list

- 23 -

Cybersecurity for Manufacturers

- 24 -

NIST 800-171 is our recommended guidance for all Manufacturers.

Adequate security is defined as a minimum in NIST 800-171 with the 14 controls ( to protect controlled, unclassified data):

• Access Control

• Awareness and Training

• Audit & Accountability

• Configuration Management

• Identification & Authentication

• Incident Response

• Maintenance

• Media Protection

• Personnel Security

• Physical Protection

• Risk Assessment

• Security Assessment

• System & Com Protections

• System & Info Integrity

All Dod contractors must implement full compliance no later than December 31, 2017 Contractors must notify the DoD, of any security gaps, within 30-days of any contract

award

What is needed?

- 25 -

• Baseline assessment completed – IE CSET

(DHS Self Assessment- free tool)

• Documentation: GAP analysis completed with

a Security Plan & Plan of Action &Milestones

(POAM) plan of action for remediation and

priority list defined

• Implement continuous improvement and

awareness program in place (continuous

monitoring)

• Prepare for notification to your contractor/

Dod (within 72hrs) should you be hacked

NIST Cyber Security Framework

- 26 -

5 Steps to Reduce Cyber Risk(NIST Cybersecurity Framework)

PROACTIVE

REACTIVE

NIST has provided the cyber security framework to help all businesses understand the basic tenets of reducing exposure and risk to hacking and compromise.

CUI -Questions to ask

• Does our company store, transmit, process or generate

CUI? What does it consist of?

• How do we protect it? Is it encrypted? Where do we store it?

Do we back it up?

• Who has access? How do we authenticate them? Do we log

this access?

• How do we monitor ‘it’? How does it traverse our network?

Who receives it? Do we / can we log and track that receipt?

• How do we know when we have an incident? How do we

report it? Who is involved? Do they know what to do?

- 27 -Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Other questions

• What skills are need to accomplish this?

Outsource or become an expert.

• Are there services that provide a complete documentation and improvement program?

Yes, look for a single service provider that can take you through the entire process.

• What happens if a manufacturer doesn’t do this?

Business will suffer in a couple ways

• Likelihood of a successful attack against your network is HIGH.

• For Dod suppliers, your contractor is required to have proof of compliance (within 24 hours of contract award) to give you new contracts

- 28 -

CYTELLIX – Trusted Leader in Managed Cyber Security

- 29 -

IMRI, Delivering comprehensive IT and engineering solutions since 1992

Successfully delivered over $150 Million in technology contracts

Computer Operations:

Manages over $300 million

Cybersecurity:

Over 1500 networks, 7 million devices;

Engaged with U.S Army Network Enterprise

Technology Command; Missile Defense

Agency; U.S Army Corps of Engineers; DISA

Data Center/Cloud Computing:

15 facilities, 4 million users, 2800 applications

Data Center Consolidation:

22 operations with merger of $2 billion

in assets

Software Development:

Application modernization and software

development planning and implementation

Certifications:

ISO 9001 / AS9100; CMMI compliant;

industry and professional certifications

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

CYTELLIX Solution –Network Situational Awareness

- 30 -

Network behavioral analytics

Performs real-time

continuous monitoring

Discovers every device

connected to the network

(Physical, Virtual, Cloud, Wireless)

Proactive threat identification

Identify

Protect

Detect

Respond

Recover

Monitor

Security

Strategy

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Cyber Ready Environment

Identify your Network Topology

Network maps identify

Segmentation

Device Connections

Inventory of connected

Device Types

Provides your organization with “privilege” from a legal context

- 32 -Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Cytellix outsourced Cyber

Cytellix provides a turnkey, affordable, comprehensive solution to help the small and medium business meet Cyber requirements

1. CSET Assessment management & report

2. Network scan and real-time assessment & report

3. Gap Analysis & Assessment of 14 controls & report with Security Plan and POAM.

4. Continuous network asset monitoring with threat detection

5. Remediation and compliance service – best practices & practical implementation

- 33 -Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Cytellix Service Package Options

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Cytellix, the Cybersecurity Division of Information Management Resources, Inc. partners with Manufacturing Extension Partners (MEPs) to provide an affordable managed cybersecurity service to small manufacturing companies.

- 34 -

Managed Cybersecurity Services "Snap Shot" (Under 20 employees)

Turnkey Compliance

Service Summaries One-time Yearly

Consulting Interview

NIST 800-171, CSET Assessment, Documentation

Vulnerability Assessment, Review, Documentation

Network Situational Awareness Scan, Report

Gap Analysis, Top Vulnerabilities, Recommendations

Cytellix Customer Portal and Stored Documentation

Cytellix Continuous Monitoring (CCM) with Real-time

Alerts

Periodic Vulnerability Scans

Best Practices for Proper Cyber Posture

Updated CSET and Gap Analysis Post Remediation

Cytellix – Additional Services

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Cytellix’ managed security operation center (SOC) is an upgrade to the turnkey package which allows customers to completely outsource the Cytellix cyber readiness service, including remediation, mitigations and reporting.

- 35 -

Optional Services Provided: Security Operations Center (less than 50 employees)

Yearly

24x7 Outsourced Continuous Monitoring

Investigation, Mitigation, and Intelligence Analytics

Monitoring of Open/Closed Sources

Professional Services

Cytellix Cybersecurity Tips and Tricks

• Never open email from unknown senders

• Right click on email addresses to verify sender’s domain is

legitimate, prior to opening an email message.

• When in doubt about an email and its intentions, call the sender

to verify.

• Use two step verification / authentications

• If it’s being offered for free, it’s never free

• Use antimalware and antivirus products vs nothing

• Always update security when requested by legitimate publishers

• Back-up your data, use multiple places/locations.

• Back up your data offline when possible

• Do not download applications from unknown publishers or sites

• Never share USB keys/drives

• Do not open attachments in email messages from suspicious

senders – verify sender and intentions

• Using mobile devices for browsing is just as risky as laptops for

discovering malware and virus’s

• Check what ports are open on your network and their behaviors

• Segment your network for guest and internal users

• Public Wi-Fi networks are very risky for data protection on your

devices – use a VPN

• Use a secure password manager for all your unique passwords

• Never us the same password 2x

• Physical spying takes place as much as digital spying, watch

who is looking over your shoulder.

• No one is protected from being hacked, you are, will and have

been hacked!

• Set strong privacy setting on your devices – you don’t want to

overshare

• Java script in your browser is insecure, disable it!

• Always ask yourself questions about communications sent to

you, be suspicious is the best practice.

• Use the best browser available from a security perspective, stay

aware of exploits of browsers.

• Patch, patch, patch!

• Pay attention to mobile app permissions and access, some will

access very private, personal and proprietary information you

want to remain confidential.

• Clean up (delete) apps you don’t use

• Use device passwords to lock and encrypt the data wherever

possible – losing a device is painful enough!

• Never leave devices set to default

• Change Wi-Fi passwords often and never repeat them

• Don’t use names, birthdates, and phone numbers as passwords

– be unique and complex

• Social media has risks associated with personal information –

don’t feed the bad guys information they can use against you.

• Inventory your devices and their IP addresses on your network

• Remove any devices that are end-of-life from their manufacturer

from your network – they are attack points

• Log-out of services like banking when your done with your

business.

• Don’t store UID/PW in cookies on devices, just don’t do it

• IoT is pretty cool, but, make sure you manage these IoT devices

with the same care as your computer.

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Cytellix News & Awards

News Updates – Click here

Awards – Click here

Social Media Pages

Facebook – Click here

Twitter – Click here

LinkedIn – Click here

- 37 -Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Thank you

Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

Spencer CobbCytellixDirector, Strategy & Business Dev.(404)-844-7444scobb@Cytellix.com