When Bad Things Happento Good Governments
The Year of the Breach The Cases: 2 You Know, 2 You Dont What Have We Learned? The 1 Thing You Must Do
Our Time Together
Cyber Security
BreachHackDDoS
MalwarePhishingMalwareSpywareRansom-ware
VirusesWormsBotnets
Information Security
Source: Center for Digital Government, Digital States, Counties, Cities, 2014.
Public IT Priorities
1. Cybersecurity2. Shared Services3. Cloud4. Mobility5. Staffing
1. Cybersecurity2. Staffing3. Shared Services4. Mobility5. Cost Control
1. Open Gov/Data2. Mobility3. Cybersecurity4. Staffing/Portal5. DR/ COOP
STATE CIOs COUNTY CIOs CITY CIOs
Elected + Appointed Officials
What Respondents Want in a Network
0% 20% 40% 60% 80% 100%
Redundancy
Ease of Maintenance
Availability
Security
Network
Source: Center for Digital Government, 2015.
How Did We Get Here?
Sources: ABC | KRON TV | WCPO TV | WWLP TV | WOCH TV |WTNH TV | KOIN TV | WSJ | AP | Sony | WH.gov
Ripped from the Headlines
The Rise of Hacking CrewsVikingdom2015: From Russia with Malice
Dr. Strangelove or: How I Learned to Stop Worrying and Love the BombSource: Universal Studios (1964)
Dj vu All Over AgainHere we are again, 50 years later
How I Learned to Stop Worrying and Love Cybersecurity
Our Panel
Career Defining Breaches
Managing the News Cycle
Managing the News Cycle
Michael Brown
August 9, 2014
Dateline: Ferguson
Flickr: Chuck Jines
August 9, 2014 January 7, 2015Sources: Operation Ferguson/ Al Jazeera America
Global-Local Hacktivism
Meanwhile in the Capitol 125 miles away...
Google Maps
War Room 24/7
colorofchange.org
Can Anyone Be 100% Ready?
Flickr: Steve Warren
The one unfinished part of the states cybersecurity program and plan when the crisis hit: DDoS
Dateline: Jefferson City
Flickr: Steve Warren
DAYS AS WORLDWIDE
Hacktivist Target: 123
Target: Governor Nixon
Flickr: Steve Warren
Target: Governor Nixon
colorofchange.org
The Grand Jury Decision
Scott Olson/ Getty Images
November 24, 2014
Attacks ramp up.And fall short.
Key Learnings: Jefferson City
Flickr: Steve Warren
1 Understand Hacktivist Motives and Methods2 Understand DDoS Attacks3 Assess Your Network and Infrastructure4 Prioritize Assets5 Develop a Plan6 Integrate Ops Centers (Network & Security) 7 Engage Partners Early (Public & Private)8 Establish and Exercise a War Room9 Monitor Social Media10 Remain Nimble and Adaptable
Flickr: Steve Warren
[Someone elses] crisis is a
terrible thing to waste!
From the War Room
There is Something for Everyone to Do
Cybersecurity = risk management. Incidents are inevitable. Prepare. Fund and support. Plan for PR.
Elected and Appointed Officials
What Have We Learned?The Little Red Breach Book
What Have We Learned?The Little Red Breach Book
Chief Information/ Technology Officers
Own the plan.Keep stakeholders informed. No
surprises. Champion a strong security
culture.
Identify best practices. Evaluate strategies, programs and
tools. Monitor critical systems and
infrastructure.
Chief Information Security Officers
What Have We Learned?The Little Red Breach Book
Take it seriously! Scrutinize the delivery systems. Rally agency resources.
Agency or Line of Business Managers
What Have We Learned?The Little Red Breach Book
Understand the importance of their own roles.
Train. See something, say something.Dont click on it.
Front Line Employees
What Have We Learned?The Little Red Breach Book
Adopt best practices. Adhere to requirements. Share timely information.
Service Delivery Partners PrivateNon Profit
What Have We Learned?The Little Red Breach Book
Encouraged through awareness campaigns to:
Do the basics. Stay alert for common tricks. Be a cybercrime-fighter.
General Public - Netizens
What Have We Learned?The Little Red Breach Book
Thing
The Exit Question
DOWNLOAD THE PRESENTATION AT
govtech.com/security
http://bit.ly/1D7wPuD