ut dgs 15 presentation - breach - friedman

8/9/2019 UT DGS 15 Presentation - Breach - Friedman

1/33

When Bad Things Happen

to Good Governments


2/33

First Second

Third

Our Panel Members:


3/33

Cyber Security

Breach

Hack

DDoS

Malware

Phishing

MalwareSpyware

Ransom-ware

Viruses

Worms

Botnets

Information Security


4/33

Source: Center for Digital Government, Digital States, Counties, Cities, 2014.

Public IT Priorities

1. Cybersecurity

2. Shared Services3. Cloud

4. Mobility

5. Staffing

1. Cybersecurity

2. Staffing3. Shared Services

4. Mobility

5. Cost Control

1. Open Gov/Data

2. Mobility3. Cybersecurity

4. Staffing/Portal

5. DR/ COOP

STATE CIOs COUNTY CIOs CITY CIOs


5/33

Elected & Appointed Officials

What they want in a network:

0% 20% 40% 60% 80% 100%

Redundancy

Ease of Maintenance

Availability

Security

Source: Center for Digital Government, 2015.


6/33

How Did We Get Here?


8/33

Career-defining Breaches


9/33

The Rise of Hacking CrewsVikingdom2015: From Russia with Malice


10/33

Missouri Severely Tested


11/33

Michael Brown

August 9, 2014


12/33

Dateline: Ferguson

Flickr: Chuck Jines


13/33


14/33

Sources: Operation Ferguson/ Al Jazeera America

Global-Local Hacktivism


15/33

Meanwhile in the Capitol…

Google Maps


16/33

War Room – 24/7

colorofchange.org


17/33

Launch and Learn

Flickr: Steve Warren

The one unfinished part of the

state’s cybersecurity program

and plan when crisis hit: DDoS


18/33

Dateline: Jefferson City


DAYS AS WORLDWIDE

Hacktivist Target: 123


19/33

Target: Governor Nixon



20/33

Target: Governor Nixon

colorofchange.org


21/33

The Grand Jury Decision

Scott Olson/ Getty Images

November 24, 2014


22/33


23/33

What Have We Learned?


1 Understand attacker motives and methods.

2 Assess your network and infrastructure.

3 Integrate ops centers (network & security).

4 Prioritize assets.5 Develop a plan.

6 Establish and exercise a war room.

7 Engage partners early (public & private).

8 Monitor social media.9 Remain nimble and adaptable.

10 Everyone has a role.


24/33

Slides available atwww.govtech.com/events

(“Past Events” tab)

govtech.com/security


25/33

From the War Room

There is Something forEveryone to Do

To paraphrase a classic film title:

Dr. Strangelove: How I Learned to Stop Worrying and Love Cybersecurity


26/33

Cybersecurity = risk management.

Incidents are inevitable.

Prepare.

Fund and support.

Plan for PR.

Elected and Appointed Officials

What Have We Learned?The Little Red Breach Book


27/33


Chief Information/ Technology Officers

Own the plan.

Keep stakeholders informed. No

surprises.

Champion a strong security

culture.


28/33

Identify best practices.

Evaluate strategies, programs and

tools.

Monitor critical systems and

infrastructure.

Chief Information Security Officers



29/33

Take it seriously!

Scrutinize the delivery systems.

Rally agency resources.

Agency or Line of Business Managers



30/33

Understand the importance of

their own roles. Train.

See something, say something.

Don’t click on it.

Front Line Employees



31/33

Adopt best practices.

Adhere to requirements.

Share timely information.

Service Delivery Partners PrivateNon Profit



32/33

Encouraged through awareness campaigns to:

Do the basics.

Stay alert for common tricks.

Be a cybercrime-fighter.

General Public - Netizens



33/33

ut dgs 15 presentation - breach - friedman

Documents