summary of the state of security spring conference... · federal information security modernization...
TRANSCRIPT
![Page 1: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/1.jpg)
©2012 CliftonLarsonAllen LLP 1 1 1 1
©20
12 C
lifto
nLa
rso
nA
llen
LLP
Summary of the State of Security
Tram Jewett, CISA
CliftonLarsonAllen LLP
Virginia GFOA Annual Spring Conference, 2016
![Page 2: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/2.jpg)
©2012 CliftonLarsonAllen LLP 2
Summary of the State of Security
Tram Jewett, MS., CISA,
11 years IT audit and Cyber Security in the Federal and State government
• Pension
• Transportation
• Education
• Housing
![Page 3: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/3.jpg)
©2012 CliftonLarsonAllen LLP 3
What We Will Cover?
• Federal Information Security Modernization Act (FISMA) of 2014
• Cybersecurity Act of 2015
• Breaches
• Ransomware
• Other tools
• How to protect your self
• Cloud Computing
• IoT
![Page 4: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/4.jpg)
©2012 CliftonLarsonAllen LLP 4
Federal Information Security Modernization Act (FISMA) of 2014
• DHS to administer the FISMA
• DHS can issue “binding operational directives”
• OMB retains policy/procedure;
• Modifies reporting to Congress to be less policy, more threat and incident-oriented
• Focus on detecting, reporting and responding to security incidents
• Requires OMB to revise Circular A-130 to eliminate “wasteful/inefficient” reporting requirements
![Page 5: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/5.jpg)
©2012 CliftonLarsonAllen LLP 5
Cybersecurity Act of 2015
• Effective until September 30, 2025
• Voluntary sharing of cyber threat information
• Permits , Authorizations for Preventing, Detecting, Analyzing, and Mitigating Cybersecurity Threats
• Allows networks operators:
– Monitor
– Operate defensive measures
– Share information with others
![Page 6: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/6.jpg)
©2012 CliftonLarsonAllen LLP 6
Why were these Laws necessary?
JAN -- Xoom $31 million business email compromise
FEB -- Deep Panda Likely cause of breach with 80 million victims
MAR -- Premera Data breach affecting 11 million people
APR -- Great Cannon DDoS attacks on GitHub, GreatFire
MAY -- Healthcare Data breaches cause problems for insurance providers
JUN -- OPM breach 21 million victims
![Page 7: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/7.jpg)
©2012 CliftonLarsonAllen LLP 7
Why were these Laws necessary? cont
JUL -- Ashley Madison 100 GB of stolen data in high-profile compromise
AUG -- Ubiquity $47 million business email compromise
SEP -- Blue Termite Chinese cyber-espionage attack on Japanese companies
OCT -- Experion Breach affects 15 million customers
NOV -- Dridex Banking malwares shows up again
DEC -- BlackEnergy Malware causes power outages in Ukraine.
![Page 8: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/8.jpg)
©2012 CliftonLarsonAllen LLP 8
Who performs the Breaches?
Hackers: – They are not individual working alone – They are well funded Professionals – Foreign governments and organizations
(Chinese and ISIL)
Motivation Behind These Attacks
– Financial – Political – Espionage
![Page 9: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/9.jpg)
©2012 CliftonLarsonAllen LLP 9
What are the Hacker’s Tools?
Ransomware is a serious security threat that has data-kidnapping capabilities.
Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction.
![Page 10: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/10.jpg)
©2012 CliftonLarsonAllen LLP 10
How do you catch Ransomware?
• Viewing compromised websites
• Clicking on a Phishing email
• Other malware
![Page 11: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/11.jpg)
©2012 CliftonLarsonAllen LLP 11
How do you catch Ransomware? cont
![Page 12: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/12.jpg)
©2012 CliftonLarsonAllen LLP 12
How Ransomware Works
• Locks your screen.
• Call home to get encryption keys.
• Encrypting every file, both on the local device and on your network.
![Page 13: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/13.jpg)
©2012 CliftonLarsonAllen LLP 13
How Ransomware Works cont
![Page 14: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/14.jpg)
©2012 CliftonLarsonAllen LLP 14
Ransomware Note
Ransomware demands you to send money in Bitcoin.
![Page 15: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/15.jpg)
©2012 CliftonLarsonAllen LLP 15
Ransomware Note cont
• “Your computer has been infected with a virus. Click here to resolve the issue.”
• “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
• “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”
• Source: https://www.us-cert.gov/ncas/alerts/TA16-091A
![Page 16: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/16.jpg)
©2012 CliftonLarsonAllen LLP 16
CryptoLocker ransom demand
![Page 17: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/17.jpg)
©2012 CliftonLarsonAllen LLP 17
Jigsaw ransomware demand
![Page 18: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/18.jpg)
©2012 CliftonLarsonAllen LLP 18
Jigsaw ransomware demand cont
![Page 19: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/19.jpg)
©2012 CliftonLarsonAllen LLP 19
Ransomware Payment
After the attacker receive the Bitcoins and turns into Dollars, he may send you the key to decrypt your files.
![Page 20: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/20.jpg)
©2012 CliftonLarsonAllen LLP 20
Effect of Ransomware
• Ransomware infections can lead to:
– loss of your information,
– Disruption your operations,
– financial losses incurred to restore systems and files, and
– potential harm to an organization’s reputation.
![Page 21: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/21.jpg)
©2012 CliftonLarsonAllen LLP 21
Effect of Ransomware cont
• Paying the ransom does not guarantee the encrypted files will be released;
• In addition, decrypting files does not mean the malware infection itself has been removed.
![Page 22: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/22.jpg)
©2012 CliftonLarsonAllen LLP 22
Ransomware in the news
• Hollywood Presbyterian Medical Center
• MedStar Health in the Washington, D.C. area
• Methodist Hospital in Henderson, KY
• Chino Valley Medical Center in Chino, CA
• Desert Valley Hospital in Victorville, CA
![Page 23: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/23.jpg)
©2012 CliftonLarsonAllen LLP 23
Popularity of Ransomware
• Ransomware exists because it is:
– Profitable
– Low-budget
– Low stakes
– Does not require much skill to pull off
![Page 24: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/24.jpg)
©2012 CliftonLarsonAllen LLP 24
Ransomware Preventative Measures
• Data backup and recovery plan for all critical information.
• Use application whitelisting
• Keep your operating system and software up-to-date with the latest patches.
• Maintain up-to-date anti-virus software
![Page 25: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/25.jpg)
©2012 CliftonLarsonAllen LLP 25
Ransomware Preventative Measures cont
• Restrict users’ ability (permissions) to install and run their own software.
• Principle of “Least Privilege” to all systems and services.
• Avoid enabling macros from email attachments.
![Page 26: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/26.jpg)
©2012 CliftonLarsonAllen LLP 26
Ransomware Preventative Measures cont
• Train users:
– How to safely handle email attachments, see Recognizing and Avoiding Email Scams (https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf).
– Do not follow unsolicited Web links in emails. Refer to the US-CERT Security Tip on Avoiding Social Engineering and Phishing Attacks (https://www.us-cert.gov/ncas/tips/ST04-014) for more information.
– Follow safe practices when browsing the Web. See Good Security Habits (https://www.us-cert.gov/ncas/tips/ST04-003) and Safeguarding Your Data (https://www.us-cert.gov/ncas/tips/ST06-008) for additional details.
![Page 27: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/27.jpg)
©2012 CliftonLarsonAllen LLP 27
Other Hacker’s tool
Root kit
• The Dark Web is like a candy store for hackers
• Exploits vulnerabilities for:
– Microsoft – 2002 servers…
– Oracle …
– Adobe …
– Java ….
![Page 28: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/28.jpg)
©2012 CliftonLarsonAllen LLP 28
Other Hacker’s tool cont
![Page 29: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/29.jpg)
©2012 CliftonLarsonAllen LLP 29
Things you can do to prevent on getting Hacked
• No passwords or blank passwords
• Username is the same as the password
• The username or the username concatenated with itself
• Passwords such as “password,”“passcode,” “admin”
• Service or vendor accounts (backups)
• Built your servers securely from the start
![Page 30: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/30.jpg)
©2012 CliftonLarsonAllen LLP 30
Cloud Computing
– Data Breaches
– Compromised credentials and broken authentication
– Hacked interfaces and APIs
– Exploited system vulnerabilities
– Account hijacking
– Malicious insiders
– APT parasite
– Permanent data loss
– Inadequate diligence
– Cloud service abuses
– DoS attacks
– Shared technology, shared dangers
Cloud Security Alliance (CSA) Treacherous 12
![Page 31: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/31.jpg)
©2012 CliftonLarsonAllen LLP 31
2015 IoT Vulnerabilities
![Page 32: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/32.jpg)
©2012 CliftonLarsonAllen LLP 32
2015 IoT Vulnerabilities cont
![Page 33: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/33.jpg)
©2012 CliftonLarsonAllen LLP 33
2015 IoT Vulnerabilities cont
![Page 34: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/34.jpg)
©2012 CliftonLarsonAllen LLP 34
2015 IoT Vulnerabilities cont
![Page 35: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/35.jpg)
©2012 CliftonLarsonAllen LLP 35
2015 IoT Vulnerabilities cont
![Page 36: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/36.jpg)
©2012 CliftonLarsonAllen LLP 36
2015 IoT Vulnerabilities cont
![Page 37: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/37.jpg)
©2012 CliftonLarsonAllen LLP 37
2015 IoT Vulnerabilities cont
![Page 38: Summary of the State of Security Spring Conference... · Federal Information Security Modernization Act (FISMA) of 2014 • DHS to administer the FISMA • DHS can issue “binding](https://reader034.vdocuments.us/reader034/viewer/2022042712/5f994678d786012d205a0a20/html5/thumbnails/38.jpg)
©2012 CliftonLarsonAllen LLP 38
Questions?