michigan dgs 2015 presentation - you've been hacked now what - chris christensen
DESCRIPTION
Michigan DGS 2015 Presentation - You've Been Hacked Now What by Chris ChristensenTRANSCRIPT
State of Michigan Cyber Disruption Response Plan
Chris Christensen, J.D.
Director, Infrastructure Protection
A Comprehensive Shared Cybersecurity Plan for the State of Michigan
The Need – Why is the plan important?
The approach: Key drivers for the methodology adopted
Key outputs
Challenges encountered
Lessons learned
Looking forwards
State of the Union – 2013“... our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.”
“... executive order... will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security...”
President Barack Obama
February 12, 2013
The Need… Federal Mandates
Approach: Key Drivers for the Plan
Presidential Policy Directive-21: Critical Infrastructure Security and Resilience
Department of Homeland Security National Infrastructure Protection Plan 2013 (NIPP): Partnering for Critical Infrastructure Security and Resilience
Homeland Security Presidential Directive-5 (HSPD-5): Management of Domestic Incidents
Homeland Security Presidential Directive-7 (HSPD-7): Critical Infrastructure Identification, Prioritization and Protection
Homeland Security Exercise and Evaluation Program (HSEEP)
NIST Publication 800-55 Rev. 1, Security Measurement Plan
National Governor’s Association – 2013
“Attacks on our personal safety and economic security through the Internet continue to grow and expand. Michigan is taking a leadership role with regard to protecting the vulnerable ecosystem in the cyber world, and in accelerating the economic development and growth of the cybersecurity industry.”
Governor Rick Snyder
September 26, 2013
The Need… State Mandates
The Need… Being Prepared for the Worst
Proverb:
“By the time you hear thunder, its too late to build the Ark.”
“There are two kinds of big companies in the United States. There are those who have been hacked… and those who don’t know they’ve been hacked.”-James Comey, FBI Director
According to a report released by IBM and the Ponemon Institute, the per-record cost of a data breach reached $154 this year, up 12 percent from last year's $145. In addition, the average total cost of a single data breach rose 23 percent to $3.79 million.
May 27, 2015Ponemon: Data breach costs now average $154 per record...
www.csoonline.com/.../ponemon-data-breach-costs-now-average-154-per-r...
CDRT MembershipThe CDRT internal structure follows ICS principles, with the Chair and Co-Chairs appointing a CDRT lead to act in the incident commander role. CDRT membership will fill Planning, Operations, Logistics, and Finance roles, as needed and as appointed by the CDRT Lead.
The Need… Breach Frequency
Source: Symantec Internet Security Threat Report (ISTR), 2014
Approach
4 month project to collect insights and process information from key stakeholders
Leveraged the experience of a large security company’s incident response personnel to aggregate data and write plan
Individual and joint meetings with stakeholders with iterative feedback points to ensure accuracy and practicality
Based on federal and state best practices and mandates fused with best practices in cybersecurity incident response
Tabletop exercise – simulation exercise to train and rehearse for real life scenarios
Early Detection and Rapid Response
Key Outputs
Comprehensive plan for coordinated response to a cyber incident
Coordination and communication annex for streamlined emergency communication between multiple agencies and public/private partners
Defined roles and responsibilities of entities
Preventative measures
Expedited detection and analysis of issue
“Play by Play” instructions on key tasks and actions required to mitigate damage, spread of incident and expedite remediation
Training plan
Risk assessment
Post-incident analysis
Lessons Learned
Know and understand your cyber security ecosystem
Under-communication and assumptions are your enemy
Know and understand the formal (and informal) roles of those who need to be involved
Facilitate (and insist) on input upfront from stakeholders in the plan-creation process (as opposed to it coming at the 11th hour)
Assume unforeseen impediments and scope creep
Leverage collaborative document sharing tools
Once the tool is created, you have to implement it, practice it, validate it and continually improve it
Response Levels and Anticipated Engagement Activities
Coming soon!
Michigan Cyber Disruption Plan
Chris Christensen, Infrastructure Protection
Questions…