330 likes | 646 Views
Property Records Industry Association Conference Tacoma, WA September 10, 2019 Ronald D Watters Jr M.Ed GSLC Cybersecurity Advisor CISA Region X. Critical Infrastructure (CI) Sectors. What Is Cyber Resilience?.
E N D
Property Records Industry Association ConferenceTacoma, WA September 10, 2019Ronald D Watters Jr M.Ed GSLCCybersecurity Advisor CISA Region X
What Is Cyber Resilience? “… the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents…” - Presidential Policy Directive – PPD 21February 12, 2013
Cybersecurity Advisor Program CISA mission: Lead the collaborative national effort to strengthen the security and resilience of America’s critical infrastructure In support of that mission: Cybersecurity Advisors (CSAs): • Assess: Evaluate critical infrastructure cyber risk. • Promote: Encourage best practices and risk mitigation strategies. • Build: Initiate, develop capacity, and support cyber communities-of-interest and working groups. • Educate: Inform and raise awareness. • Listen: Collect stakeholder requirements. • Coordinate: Bring together incident support and lessons learned.
CSA Deployed Personnel TonyEnriquez Chicago,IL HarleyRinerson Denver,CO Central U.S. Supervisory CSA RonFord Boston,MA RegionVIII RegionV RegionI RonWatters Seattle,WA RegionX RegionVII RichRichard New York,NY RegionII RickGardner Salt Lake City,UT David Sonheim Denver, CO JennineGilbeau San Francisco,CA BenGilbert Richmond,VA Geoffrey Jenista Kansas City, MO Joseph Henry St. Louis, MO RegionIX Franco Cappa Philadelphia, PA RegionIII Giovanni Williams Honolulu, HI SeanMcCloskey Washington, D.C. Metro Eastern U.S. Supervisory CSA Chad Adams Dallas, TX Mike Lettman Phoenix, AZ RegionIV RegionVI DeronMcElroy Los Angeles,CA Western U.S. SupervisoryCSA KlintWalker Atlanta,GA George Reeves Houston, TX RegionIV Region VI – HoustonDistrict CSA’sOffice
Best Practices A strong password is your strongest defense. Passwords should be unique for every account. Use a password manager to help you maintain multiple complex passwords for your many accounts. Privacy and security settings exist for a reason. Use these settings on social networks and remember that you may not want to overshare details online with your digital network of friends. Personal information is like money—value it. Protect it. Be thoughtful about what you post online. Update your technology and the applications you use. Updates exist to patch known vulnerabilities. Don’t get left behind with outdated, risky software that cyber criminals can exploit. Stay protected while connected digitally. Before you connect to any public wireless hotspot – like on an airplane or in an airport, hotel, or café – be sure to confirm the name of the network and login procedures with appropriate staff. This will help to ensure that the network is legitimate. For more useful tips about secure Wi-Fi, visit https://www.dhs.gov/stopthinkconnect. Play hard to get with strangers. Cyber criminals will often offer a financial reward, threaten you if you don’t engage, or claim that someone is in need of help. Don’t fall for it! Keep your personal information as private as possible. Cyber criminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols. For more information, please visit https://www.dhs.gov/be-cyber-smart. Use the National Initiative for Cybersecurity Careers and Studies (NICCS) website, an online national resource for cybersecurity education, careers, and training. Visit https://niccs.us-cert.gov/ for more information today.
Strong Password What makes a strong password? Should be at least 12 characters Should include Caps Should Include Lower Case Should include Numbers Should Include Special Characters Should not be associative to user Should not be a derivative of “Password” P@$$W0rd Password1
Strong Password Recent Findings by Microsoft of Passwords in the PNW Recent Strength Findings in study by CMU
Privacy and Security Settings Don’t allow web sites to collect any more information than necessary to conduct business Make sure your eFootprint is minimal OPSEC, OPSEC,OPSEC The world looks at Social Media
Update your technology and applications you use Update your O/S Regularly Set to do Window's update automatically Update Adobe regularly Update Firefox Regularly Control your own system YOUR RISK IS MY RISK!!
Stay protected while connected digitally Be careful on what access point you connect to. Utilize VPN technology Never use “Open” Access Points without VPN You connect to the WORLD
Play hard to get with strangers Remember the following: Microsoft is not going to call you to tell you that there is a virus on your system The IRS is not going to call you to tell you that you cheated on your taxes and there is a warrant for your arrest Don’t ever give your CC number to phone solicitors File a complaint at the IC3 website (Internet Crime Complaint Center)(Http://www.ic3.gov)
Some Critical Cybersecurity Questions: How do you measure if your cybersecurity efforts are going well?
Some Critical Cybersecurity Questions: How do you measure if your cybersecurity efforts are going well? Do you plan your cybersecurity activities?
Some Critical Cybersecurity Questions: How do you measure if your cybersecurity efforts are going well? Do you plan your cybersecurity activities? Do you adhere to a cybersecurity standard of practice? Is your system accredited? Is the Accreditation reviewed regularly?
Some Critical Cybersecurity Questions: How do you measure if your cybersecurity efforts are going well? Do you plan your cybersecurity activities? Do you adhere to a cybersecurity standard of practice? Is your system accredited? Is the Accreditation reviewed regularly? Who is responsible and accountable for cybersecurity? Are they measuring and managing the effort?
Some Critical Cybersecurity Questions: What’s at risk? Have you identified the potential consequences if your systems are compromised? Is your system scalable?
Some Critical Cybersecurity Questions: What’s at risk? Have you identified the potential consequences if your systems are compromised? Is your system scalable? Have you planned for cyber incident management and exercised that plan?
Some Critical Cybersecurity Questions: What’s at risk? Have you identified the potential consequences if your systems are compromised? Is your system scalable? Have you planned for cyber incident management and exercised that plan? Can you sustain operations of critical processes following a significant cyber incident?
DHS Offers a Wide Range of Cyber Resources for Critical Infrastructure • Preparedness Activities • National Cyber Awareness System • Vulnerability Notes Database • Security Publications • Technical Threat Indicators • Cybersecurity Training • Information Products and Recommended Practices • Control Systems Evaluations • Cyber Security Evaluation Tool • ICS Design Architecture Reviews / Network Architecture Analysis • Other Cyber Security Evaluations • Cyber Resilience Review • Cyber Infrastructure Survey Tool • Cyber Hygiene service • Risk and Vulnerability Assessment (aka “Pen” Test) • National Cybersecurity and Communications Integration Center (NCCIC) • US-CERT Operations Center • Remote / On-Site Assistance • Malware Analysis • Incident Response Teams • ICS-CERT Operations Center • ICS-CERT Malware Lab • Incident Response Teams • Cyber Exercise Program • Cyber Security Advisors • Protective Security Advisors
If a question and answer session follows the presentation, this slide can be projected during this time.