cybersecurity services for the water sector · 2020. 6. 4. · cybersecurity services . for the...
TRANSCRIPT
![Page 1: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/1.jpg)
Cybersecurity Services for the Water Sector
Tony EnriquezCybersecurity AdvisorCybersecurity Advisor ProgramCybersecurity and Infrastructure Security Agency
June 23, 2020
![Page 2: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/2.jpg)
2
![Page 3: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/3.jpg)
3
CISACybersecurity Advisor Program
![Page 4: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/4.jpg)
4
CISA mission: Lead the Nation’s efforts to understand and manage risk to our critical infrastructure.
In support of that mission: Cybersecurity Advisors (CSAs):
• Assess: Evaluate critical infrastructure cyber risk.
• Promote: Encourage best practices and risk mitigation strategies.
• Build: Initiate, develop capacity, and support cyber communities-of-interest and working groups.
• Educate: Inform and raise awareness.
• Listen: Collect stakeholder requirements.
• Coordinate: Bring together incident support and lessons learned.
Cybersecurity Advisor Program
![Page 6: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/6.jpg)
6
Cybersecurity and Resilience
6
![Page 7: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/7.jpg)
7
Who is targeting you?
![Page 8: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/8.jpg)
8
Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.
What is Ransomware?
https://www.us-cert.gov/Ransomware
![Page 9: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/9.jpg)
9
Ransomware by the Numbers
![Page 10: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/10.jpg)
10
Evolution of Ransomware
![Page 11: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/11.jpg)
11
Ransomware Patterns of Behavior
![Page 12: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/12.jpg)
12
What can you do today to defend yourselves?
![Page 13: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/13.jpg)
13
What if become a victim?
![Page 14: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/14.jpg)
14
![Page 15: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/15.jpg)
15
https://www.us-cert.gov/Ransomware• Training (Webinar under Training)• Mitigations• Best Practices• Ransomware Alerts
“Don’t Wake Up to a Ransomware Attack” provides essential knowledge to prepare you and your organization to prevent, mitigate, and respond to the ever-growing threat of ransomware attacks. This course is specifically designed to be accessible to a non-technical
audience including managers and business leaders, as well as provide an organizational perspective and strategic overview useful to technical specialists.
Ransomware Resources
![Page 16: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/16.jpg)
16
Ransomware Resources
![Page 17: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/17.jpg)
17
• CISA Security Tip – Protecting Against Ransomware• https://www.us-cert.gov/ncas/tips/ST19-001
• CISA Webinar – Combating Ransomware• https://www.youtube.com/watch?v=D8kC07tu27A
• Joint Ransomware Statement• https://www.us-cert.gov/sites/default/files/2019-
07/Ransomware_Statement_S508C.pdf
Ransomware Resources
![Page 18: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/18.jpg)
18
Additional Resources
![Page 19: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/19.jpg)
19
Additional Resources
![Page 20: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/20.jpg)
20
Incident Reporting
Malware Submission Process:• Please send all submissions to the Advance Malware Analysis
Center (AMAC) at: [email protected]• Must be provided in password-protected zip files using
password “infected”• Web-submission:
https://malware.us-cert.gov
CISA provides real-time threat analysis and incident reporting capabilities• 24x7 contact number: 1-888-282-0870;
• [email protected]• WWW.CISA.GOV
When to Report:If there is a suspected or confirmed cyber attack or incident that: Affects core government or critical infrastructure functions; Results in the loss of data, system availability; or control of systems; Indicates malicious software is present on critical systems
![Page 21: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/21.jpg)
21
• Cyber Resilience Review (Strategic)
• External Dependencies Management (Strategic)
• Cyber Infrastructure Survey (Strategic)
• Cybersecurity Evaluations Tool (Strategic/Technical)
• Phishing Campaign Assessment (Technical)
• Vulnerability Scanning / Hygiene (Technical)
• Validated Architecture Design Review (Technical)
• Risk and Vulnerability Assessment (Technical)
Range of Cybersecurity Assessments
TECHNICAL(Network-Administrator Level)
STRATEGIC(C-Suite Level)
![Page 22: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/22.jpg)
22
Cyber Resource Hub
https://www.cisa.gov/cyber-resource-hub
![Page 23: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/23.jpg)
23
National Cyber Awareness System
https://www.us-cert.gov/ncas
![Page 24: Cybersecurity Services for the Water Sector · 2020. 6. 4. · Cybersecurity Services . for the Water Sector. Tony Enriquez. ... • Training (Webinar under Training) • Mitigations](https://reader031.vdocuments.us/reader031/viewer/2022011922/604cee37ae485a7e051f88dd/html5/thumbnails/24.jpg)
24
Contacts and Questions?
Tony EnriquezRegion V Cybersecurity [email protected]
For inquiries or further information, contact [email protected]