EXECUTIVE GUIDE FOR LAW ENFORCEMENT 2014 CYBER THREATS

Transcription

1 EXECUTIVE GUIDE FOR LAW ENFORCEMENT 2014 CYBER THREATS

2 CONTENTS Introduction Targeted Attacks Perceived Risk Incident Response Call To Action 10 Questions For Your CISO

3 LETTER To the chief Throughout the 21st century, we ve seen giant leaps in scientific and technological advancements. Each step forward in innovation produces new tools for both law enforcement agencies and their foes. DNA testing, for example, aids police and federal agents in apprehending criminals and expediting prosecution. On the other side, the Internet makes a bank robber s job easier and more scalable. Over the Web, a criminal can rob multiple banks simultaneously, more stealthily and at less risk of bodily harm. Technology continues to advance, as does criminals ingenuity in exploiting or using it for malicious ends. Law enforcement must keep up. In pursuing cyber criminals and foiling their schemes, law enforcement must adapt to shifting attack vectors and new enemies. A number of incidents in 2013 show that attacks targeting law enforcement agencies are real and departments must take the threat seriously. To help law enforcement agencies prepare for and respond to the continually evolving cyber threat landscape, Trustwave presents its 2014 Executive Guide to Cyber Threats for Law Enforcement. Trustwave has conducted more than 1,500 data security breach investigations globally and last year trained more than 750 police detectives, federal agents and corporate incident responders on how to conduct cyber-crimes investigations. Each year, we also consult on scores of cases with law enforcement at the local, state, federal and international levels. For this year s guide, we ve incorporated data and expertise from our work, along with insights garnered from a 2013 survey fielded by the International Association of Chiefs of Police (IACP) and Canadian Association of Chiefs of Police (CACP) in 2013 regarding their memberships understanding of and readiness for cyber-attacks. We ve also built off of foundations set in our Cyber Threats 2011: Executive Guide for Law Enforcement distributed at the International Association of Chiefs of Police (IACP) annual meeting. Thank you for your hard work and dedication to public safety. Sincerely, Robert J. McCullen Chairman, CEO and President of Trustwave trustwave 1

4 Introduction In the past, law enforcement fought physical, tangible threats. Identifying and apprehending the perpetrator of a crime was a little less complicated and more direct than today. The Internet allows criminals to commit crimes from around the world in the blink of an eye. Stolen credit card numbers can be siphoned from a computer in the United States and sent to a computer in Eastern Europe in the time it takes to pour a cup of coffee. Crime is evolving. Criminals are getting smarter, more technical, more resourceful and more dangerous. Law enforcement is constantly playing catch-up with a well funded, organized and sophisticated cyber-criminal element. These criminals are turning technological advances against us, and they seem to enjoy the advantage at this point. Financially motivated cybercriminals target banks and businesses. Enemies abroad target our corporate intellectual property, federal agencies and government contractors. Now public safety departments, law enforcement agencies, individual police officers and even U.S. Congress members are being targeted by these groups: May 3, 2011 Hacking to own a Cop Car ComputerWorld June 24, 2011 Lulzsec Hacks Arizona Department of Public Safety azcentral.com October 21, 2011 Anonymous Hacks Police Websites and Data to Support Occupy Wall Street Gawker October 24, 2011 Police Websites Hacked, Including IACP Law Officer February 2, 2012 Dallas Police Department Website Hacked NBC 5 Dallas-Fort Worth May 15, 2012 Popular Surveillance Cameras Open to Hackers, Researcher Says WIRED Magazine February 28, 2013 Security Expert Warns Fire Department Lockboxes can be Hacked Reuters May 22, 2013 FBI Arrests NYPD Detective On Hacking Charges InformationWeek July 5, 2013 Anonymous Targets Hawthorne Police Department CBS 2 Los Angeles group-anonymous-targets-hawthorne-police-department-for-fatally-shooting-dog/ July 18, 2013 Anonymous Claims it Hacked Members of Congress The Huffington Post 2 cyber threats 2014

5 Because law enforcement professionals find themselves in direct opposition to cyber criminals, those same professionals and their agencies become targets. While to date, attacks on law enforcement have focused on disrupting services or embarrassing the Chief of Police or mayor, attacks will increase in frequency, intensity and severity as they have in every other sector. We will see Records Management Systems (RMS), personnel and human resources (HR) systems, dispatch and internal affairs systems targeted. Malicious individuals will extract data and sell it to the highest bidder. It s no longer a question of if a law enforcement agency will encounter a data security incident, it s a question of when. According to a 2013 survey conducted by the IACP and delivered at the organization s 2013 semi-annual meeting in Scottsdale, AZ, a little more than half (53 percent) of the agencies that experienced a cyber security incident contacted their central Information Technology (IT) service provider. Just under half (45 percent) monitored the attack and took what they believed to be appropriate actions. Additionally, 35 percent took affected systems offline and 33 percent changed passwords and levels of security (note that percentages sum to more than 100 as multiple answers were permitted). Notified our central IT provider 53% Monitored the attack and took necessary actions 45% Took systems offline Changed passwords and levels of security 35% 33% Other Responses Attempts were successfully stopped by firewall Notified FBI Made reports to APCO, NENA, Homeland Security and FBI Figure 1 Agency Response to a Cyber Security Incident Other 0% 10% 16% 20% 30% 40% 50% The data shows that not a single respondent notified computer security experts or engaged a third-party incident response team about the security incident they experienced a disturbing fact. trustwave 3

6 Here s why it s disturbing: cyber attacks are carried out by highly skilled, trained, and motivated criminals using the most advanced attack methods available to accomplish their desired goal. An attack launched by such an enemy should be met with an equally formidable opponent a team of cyber security experts that understand the environment, are well versed in attack methods and strategies and are just as highly skilled, trained and motivated as the attackers. A data security or incident response team is an expert in data security threats and attacks and investigate hundreds each year. Yet not one department reached out to these types of experts. Why was that? We surmise that law enforcement is ill-prepared to deal with cyber attacks and relied on internal resources that were probably not trained and experienced in the latest methods of computer forensics investigations. If they were, they probably did not have adequate resources to properly respond to and investigate an attack on their own systems. According to IACP membership, roughly three-fourths of U.S. police departments have less than 25 officers and half of departments have fewer than 10 officers. Smaller departments may have one officer or detective who is capable of working computer-based crimes involving child pornography or fraud. Most of these departments, however, rely on either another police department or their state bureau of investigation. In any event, while some officers may be trained in conducting post-mortem investigations with a small set of digital evidence, it s highly unlikely that they are trained or prepared to respond to a cyber attack on their department. If a group such as Anonymous, Lulzsec or Malsec targets your department, it s unlikely that you are prepared to defend against or respond to the attack or that you have the technical resources or jurisdictional authority to investigate it. Smaller departments don t have the internal resources necessary to maintaining a dedicated cyber-defense and response initiative. Public-private partnerships between law enforcement agencies and companies that provide digital forensics and incident response services can help solve a law enforcement agency s lack-of-resources problem. Like any other critical data such as financial information, personally identifiable information, electronic personal health care information or intellectual property, the information retained by law enforcement agencies is at least of equal, if not greater, value. That data needs to be protected with the same levels of scrutiny, arguably greater, that a corporation would appy to protect it. In the same way, law enforcement agencies can benefit from partnering with an experienced incident response and investigation provider. 4 cyber threats 2014

7 Trustwave SpiderLabs has worked with police agencies through a number of public-private partnerships by providing agencies with on-demand cyber crime investigation support and expertise in a wide range of computer-based crimes including: Point of Sale Breaches Internal Affairs Investigations Mobile Device Forensics Malware Reverse Engineering Phishing Analysis Digital Evidence Acquisition and Chain of Custody Cyber Crimes and Investigation Training (CLEET and FLETA) This relationship provides Chiefs-of-Police with real-time intelligence on cyber threats and computer-based crime trends, as well as 24x7 access to a highly trained, mobile, agile and efficient incident response team. This enables those departments to not only properly identify and handle digital evidence but also maintain a higher level of preparedness against a cyber attack on their agency. TARGETED ATTACKS In the past, a law enforcement agency or police department may have depended upon a show of force and physical security to discourage a targeted attack on their facilities or systems. In most cases, only a mentally unstable individual would launch any sort of attack on a building filled with armed law enforcement officers. A police department s networked assets, however, are another matter. Domestic cyber criminals have stepped up their game against state and local law enforcement for various reasons, and the articles listed in the introduction shows such attacks are real. Even just an unpopular arrest could bring the attention of attackers to your local police department. The risk and reward of an attack against a law enforcement agency has shifted in the cyber criminals favor. In many cases these attackers will expose the personal information of police officers or steal investigatory information, and few are apprehended. In addition, a cumbersome U.S. legal system and lengthy Mutual Legal Assistance Treaty (MLAT) process make investigations into attacks originating from outside of the U.S. difficult for federal agencies and impossible for state and local departments. Cyber criminals, unlike their organized-crime counterparts of yester-year, no longer consider police or their departments off limits. trustwave 5

8 More police departments than ever are finding themselves targets of cyber attacks according to a 2013 survey conducted by the International and Canadian Associations of Chiefs of Police (IACP and CACP): 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 20% 68% 11% Total sample Unknown No Yes Overall 19% 73% 8% 31% 46% 23% U.S. U.S. Sheriff Municipal or county 29% 43% 29% U.S. State agency jurisdiction Figure 2 Prevalence of Cyber Attacks 29% 42% 29% Other U.S. or Canada 19% 74% 7% 21% 62% 17% employees employees agency SIZE 11% of responding agencies (which was extremely low) confirmed that they were the victim of a cyber attack 37% of attacks were Denial of Service (DoS) 25% of attacks involved unauthorized access of general information 12% of attacks involved access of information regarding investigations 12% of attacks were defacements of the agency s website 8% of attacks involved the destruction of information and resources 4% of attacks involved the collection of information regarding officers and staff 68% of responding agencies indicated that they were not targeted 20% of responding agencies did not know if they were targeted In those incidents, agencies reported that attackers targeted resources such as the agency website, records management systems, personnel and HR systems, financial data, computer-aided dispatch systems, Internal Affairs (IA) information and investigation systems and data. The agency identified the attacker or attacking group in only 49 percent of those attacks meaning the attacker was not identified in the majority of cases. 6 cyber threats 2014

9 The results of the survey along with forensics research conducted by Trustwave SpiderLabs bring to light three cyber security considerations relevant to law enforcement agencies: In the Cross Hairs A law enforcement agency possesses valuable data that can be sold on the black market. In addition, a law enforcement agency stands in direct opposition to the ideology of the thieves of that data. This makes a police department both a financial and a political target. Locations: Victims & Attackers VICTIM ATTACKER 450 Data breaches 19 COUNTRIES top victim locations: United States 73.0% Australia 7.0% Canada 3.0% United KingdoM 2.0% BRazil 1.2% top attacker locations: Romania 33.4% United States 29.0% Unknown 14.8% Ukraine 4.4% China 3.9% Many criminals attack from overseas or at least outside of the victim organization s jurisdiction. For example, in Trustwave s 2013 Global Security Report, the primary source of cyber attacks originated within the country of Romania. This fact, along with the challenges of interagency work and the complexities inherent in working trustwave 7

10 with the Department of Justice International Affairs Section and the U.S. State Department, makes attribution, pursuit, and apprehension difficult, if not impossible, in most instances. Criminals know this and are emboldened by it and by the ease of foreign police corruption. Self Detection and Indicators of Compromise Trustwave SpiderLabs Digital Forensics and Incident Response team has worked more than 1,500 unique cases of data compromise over the past five years. In less than 25 percent of those cases, was the victim themselves able to identify that a breach of their system or data had occurred. SpiderLabs investigations in a multitude of environments give us a solid understanding of what are commonly known as, Indicators of Compromise. The indicators tell a story about what took place including when, where and how. Unless you are an expert in identifying, analyzing, and explaining these digital indicators, you will not know whether or not you have been a victim of a compromise. This begs the question: of the 68 percent of reporting agencies that indicated they were not victims of a cyber attack, did they have the appropriate resources and experience to identify and analyze the indicators? We think not because we know law enforcement is constrained by budgets, and their mission of protecting the public takes priority over protecting computer systems. Data Protection Method of detection 1% Public Detection 2% Third Party 24% Self-Detection 25% Law Enforcement 48% Regulatory Detection Police agencies have a vast array of critical data elements: investigative information; the names and addresses of undercover officers and confidential informants; general Personally Identifiable Information (PII) and Card-Holder Data (CHD). Is that data protected against compromise? If so, by whom and how? Is the network segregated to separate sensitive information from non-sensitive information? Do data access policies prevent unauthorized personnel from accessing data for which they have no legitimate reason to access? Are firewalls in place and configured properly so as to prevent data exfiltration to unknown or unauthorized locations? Chiefs-of-Police should ask these questions, and many more, of their Information Technology (IT) staff or third-party contractors. 8 cyber threats 2014

11 Protecting data should be approached in the same manner as securing an agency s weapons room or the evidence locker. What measures ensure that the right people have access and the wrong people are denied? Is there an audit trail in place to determine who accessed what, when and for what reason? In essence, with the addition of a few technical components, data security is no different than its physical counterpart. However, without the proper protection of data with the same intensity and vigor as an agency s physical assets, an agency can find itself dealing with significant data loss issues of an extremely sensitive nature. The cyber attacks will continue to escalate and law enforcement agencies are no longer immune. All intelligence, both inside the law enforcement community and outside, indicate cyber crime is on the rise and is a serious threat to public safety. Are you prepared to identify and defend against an unseen enemy? PERCEIVED RISK Having established that cyber attacks are increasing in frequency, severity, and complexity and that police agencies are no longer off limits, the perceived risk of such an attack should logically increase proportionally. The results of the survey conducted by the IACP and CACP revealed that 82% of responding Chiefs-of-Police thought that a cyber attack posed a risk to their organization, albeit to different degrees: risk to your organization 8% 10% 82% Unknown No Yes Very 5 serious Moderately serious Not at all serious 2 How serious? n=373 14% 15% 18% 3% 50% 0% 20% 40% Figure 3 Perceived Risk of Cyber Attack trustwave 9

12 Stating these statistics another way, close to two thirds of responding agencies believe that a cyber attack poses a moderate to very serious threat, half of which are moderately serious. In addition, according to the survey, Larger agencies are more likely than smaller agencies to view cyber attacks as a very serious threat. Smaller agencies are more likely to believe that there is no perceived risk, or do not know whether there is a risk. To fully understand the nature of the threat, it is important to convey gathered intelligence as it pertains to breach investigations and penetration tests. In 2012, Trustwave conducted more than 3,000 manual penetration tests and more than 450 incident response investigations. In doing so, several common characteristics emerged amongst the victim/target organizations: 1 The 2 Nobody level of confidence by the victim/target organization s IT staff was found to be directly related to the number of findings identified by the attackers/penetration testers. From post-incident and/or -penetration test discussions, it was found that the more confident an organization s IT staff was regarding their security controls, the more successful the breach or penetration test. It is uncertain if this is a result of arrogance, being over-confident in the security solutions that were deployed or a lack of understanding as to what a skilled attacker/ penetration tester could actually do on a system. Whatever the case may be, it was certainly present in the majority of engagements. thinks it will happen to them. Like with most crimes, victims don t usually say, I knew this was going to happen to me, or Yes, I saw this one coming. Regardless of the lifestyle they are living, the choices they make, or the situations they put themselves in, the perception still exists that this sort of thing only happens to other people. Unfortunately, the same thought process seems to permeate the world of cyber crime. No victim ever says, I knew this was going to happen. Cyber attacks generate the same questions to law enforcement that they have been hearing for years, Why me?, Why was I chosen?, What do I have that an attacker in Eastern Europe or China would want?. 10 cyber threats 2014

13 Based on our intelligence gathering, attackers go after targets of opportunity because of identified weaknesses. Once an organization has been found to have remotely exploitable weaknesses, the attacker zeros-in and focuses on breaching the system(s). Upon gaining access into the target environment, the high value data is identified, aggregated and extracted for later monetization on the black market. PROPAGATION Infiltration The Breach quadrilateral Exfiltration AGGREGATION 3 This In addition, many attackers are motivated by geo-political or social drivers. These types of attacks are less about what you have that s worth taking and more about who you are or what you represent. Likewise, the desired outcome of the breach is different. Criminals are less focused on what they can steal and more focused on disrupting services and causing embarrassment. type of attack is not possible in my environment. We are too tightly secured. Really? The modern cyber criminal is an expert, not the stereotypical 35-year-old living in his mom s basement. They are professional hackers who make a living compromising targets and stealing data. They are absolutely dedicated to their mission, and are highly paid for their services. As such, it is naive to think that the half-hearted efforts of an IT staff can keep them out without penetration testing and with security PPGs (Policies, Procedures, and Guidelines) or TTPs (Tactics, Techniques, and Procedures) that are several years old. Security controls and protocols must be state of art, battle tested, and combat ready. No enemy is going to wait until you are prepared before they attack you! trustwave 11

14 Incident Response Most law enforcement agencies have some type of tactical response team in place to handle rapidly evolving physical threats. These officers are specially trained and equipped to address a multitude of scenarios quickly, and effectively. So the concept of providing incident response is one that Police Agencies have been actively participating in for a long time. Having cyber threat response teams, commonly referred to as Computer Incident Response Teams or CIRTs, is very similar with the only real main difference being the threat. According to the statistics gathered in the IACP/CACP Cyber Security Survey, only 10 percent of Police Departments are both participating in a Cyber Security Task Force such as the FBI InfraGard, or US Secret Service Electronic Crimes Task Force (ECTF), or have worked with such an agency in the past. The remaining 90 percent in both categories (participation and work) either were not participating, or had participated sometime in the past or simply didn t know. Based upon the global increase in cyber threats, these numbers are both staggering and alarming. With cyber crime clearly on the rise and the vast majority of law enforcement agencies are admittedly unprepared to address this new, high tech threat, the solution is clear public-private partnerships. Additionally, computer forensics is arguably the most difficult of the forensic sciences, yet many agencies believe that they need to be the ones to perform any requisite analysis of digital evidence. This is not the case in any other forensic discipline forensic pathology is performed by doctors, forensic accounting is performed by accountants, forensic dentistry is performed by dentists. It then stands to reason to have a computer-based forensics examination performed by individuals of a commiserate level of technical expertise. Many Chiefs concede that cyber crime investigations are growing in complexity at such a high rate that even the most seasoned experts are having challenges in trying to keep up with the well funded high tech criminal. The police departments cannot afford to train and retain their best cyber investigators who can often bring in three-to-four times the salary in the private sector. So the question of trust is often the biggest issue. In essence, information pursuant to a criminal investigation is being given to an individual who is not sworn, does not carry a badge (and may have never done so) and may not be aware of the sensitive nature of the information he/she is being given access to. This makes outside vendor 12 cyber threats 2014

15 selection both daunting and risky. However, non-sworn experts have been part of the criminal investigation process for many years. This is not a new concept, simply a new application of an existing standard. And like the individuals who are currently chosen to work alongside Police Agencies, cyber investigative experts must be thoroughly screened and carefully and thoughtfully selected. Many such teams are staffed with former military and/or law enforcement officers, investigators and prosecutors. They are experts in the field of cyber crime, understand chain-of-custody and the rules of digital evidence handling, are expert witnesses in both civil and criminal litigation and possess U.S. Government Top Secret security clearances. They have written text books on digital forensics, won awards for their blogs on digital forensics and incident response, and in the case of the team at Trustwave, have trained more than 750 federal agents and police detectives in cyber crime investigations. An area of special interest and sensitivity to Police Agencies is that of Internal Affairs (IA) investigations. Research with the officers whose job it is to investigate their fellow officers has revealed that IA is one of the most difficult jobs for a career officer. The level of scrutiny paid to the evidence and the investigation is among the highest in the Law Enforcement community, and for good reason. Like in cyber crime, IA investigations contain an increasing number of digital elements such as mobile phones, laptops and tablets. These investigations are also ones where an outside digital forensics team can help. They have no personal relationships at stake, they do not know the officer being investigated, and there are no political pressures from unions. It s simply a matter of getting the necessary information from the systems or device that will help the IA investigator gather the evidence that provides the ability to either bring action or not. The unique aspect of a Police Agency data breach is the loss of public confidence in the Chief and local political leaders, the loss of confidence of the officers in their senior management and the impact on criminal evidence for prosecutions. When a bank or commercial organization suffers a data breach, there is always a loss of customer confidence, lawsuits and a decrease in the stock price. A law enforcement agency is a steward of the people s money, their mission is to protect the public safety and, If they cannot protect their own computer systems, how can they protect me and my family? A data security incident could put your officers and their families lives in jeopardy, put confidential informants at risk, and disrupt crime investigations which may let criminals off the hook and return them to the streets. This emboldens criminals in stepping-up attacks if they are arrested, similar to witness intimidation. trustwave 13

16 Cyber threats are real. They are increasing daily and they are not going away. Police agencies need to prepare themselves by forming strong public-private partnerships with capable firms staffed with cyber crime experts that are former military and law enforcement who understand the sensitive nature of the problems and who are capable of detecting, investigating and preventing attacks. Law enforcement agencies, at a minimum, need to: 1 Have 2 Have 3 Have a Computer Information Security Policy that addresses security awareness training, mobile devices management and use, personal mobile device usage and social media usage; a written and actionable Cyber Incident Response Plan that is relevant and tested; either the internal expertise or contracted expertise vetted and available to respond to a cyber attack and contain the issue and remediate the vulnerabilities Call to Action This guide is meant to identify and discuss, the many challenges faced by Police Departments when dealing with Cyber threats. These challenges are further substantiated by the survey results conducted by the IACP and CACP. There is a known and evolving threat, yet according to the survey results, a large number of agencies are ill-equipped to confront it and according to all current intelligence feeds, it s only going to get worse. So now what? First, the threat needs to be better understood both in terms of attack vectors, as well as, the location of the high value data that will be targeted. Thus, Police 14 cyber threats 2014

17 Agencies need to get a realistic view of the department s cyber security posture. Conducting network penetration tests of externally facing IP addresses, internal network segments and critical applications are vital to this process. Trustwave s SpiderLabs are experts at emulating attackers from multiple threat vectors and can provide you with an unmatched view into how your department s security would measure up to an actual attack. The outcome of these tests will likely leave even the most prepared department with some areas for improvement. These weaknesses can be mitigated with either technology, appropriate policies and procedures or some combination thereof. Technical solutions such as Web Application Firewalls (WAFs), Unified Threat Management (UTMs) devices and Software Web Gateways (SWGs) can keep attackers away from department resources while ensuring critical data does not inadvertently leave the network bound for an undesired location. A thorough review of existing policies and procedures can help identify weaknesses in access to critical systems and data and how that data is stored. While seemingly basic, if policies such as password complexity and expiration, data access, and remote access are not properly written and updated, they can have a substantial impact on an organization s security. Trustwave has reviewed thousands of polices and our experts can quickly identify and rectify these issues that have caused some of the largest data breaches ever perpetrated by hackers. Another area department s need to focus on is the implementation of mobile computing devices. Many departments issue devices such as ipads, tablets and smart phones. If your department has not, then we are certain it s only a matter of time until younger officers demand it. As with the other technical assets, these devices contain sensitive law enforcement data and provide a connection to critical department resources. If not properly tested and secured, these devices can pose a considerable threat to a department that could easily be overlooked. Many private corporations are just now seeing the results of the mismanagement of mobile technology and have turned to Trustwave for assistance. The knowledge and experience gained from working with these partners provides our experts with a view into this threat vector that is on the very bleeding edge of risk management. This dual pronged approach will help prepare an agency for the unique threat posed by today s most sophisticated cyber criminals. However, as with any conflict preparation, the hardware and the battle plan must be load-tested before it can be deemed effective. Many professional security organizations can conduct holistic attack simulation exercises against your department that employs all of the cunning and determination of a real world threat. From social engineering (including the use of social media) and spear-phishing attempts, to attacks against the perimeter firewall, and externally trustwave 15

18 facing applications, our experts will evaluate your newly formed defenses. Should your organization successfully defend a frontal assault, the attack vector will shift to the internal network, where your internal defenses will be tested in an effort to determine whether your user and data access control policies are sufficient. The exercise will also identify whether or not your department can adequately respond to and defend against an attack. Do you have a Computer Incident Response Team (CIRT) that can react quickly and efficiently to stop the attack and get rid of the intruders from department resources? Much like the network penetration tests, the goal is to alert you to areas where additional focus and training may be necessary. Trustwave s Digital Forensics and Incident Response team (DFIR) has trained more than 750 federal agents, detectives, and corporate incident responders on how to most effectively and efficiently respond to cyber threats. Courses run anywhere from two days to five weeks and can be taught either in-person or online. Our instructors are the experts from our DFIR team not professional teachers. They are former law enforcement and military investigators with more than 1,500 collective cases worked, with a deep understanding of the threat actors and cyber criminal organizations that is unmatched by any other civilian organization. Utilizing the collective expertise of the SpiderLabs, our classes teach incident response and forensic investigations through the application of the most modern and successful methodology anywhere in the world, Sniper Forensics. Steeped in scientific methodology and logic, Sniper Forensics teaches investigators how to find answers, not simply go after data. It is vendor agnostic, with the overwhelming majority of tools used in the course being free or under $100/USD. Our courses focus on how to tie data elements together to tell the story of what took place. We will not push vendors, we do not re-sell any software, and we do not teach investigators how to just click buttons on a software program. By conducting penetration tests against the network, software applications, mobile devices, and training officers and technicians on the most modern defense and response techniques, your department can make great strides in defending your department against cyber threats. Cyber criminals are targeting police agencies, so prepare now, while it s still considered preparation and not response. LEARN MORE AT TRuSTWAVE.COM 16 cyber threats 2014

19 Ten Questions to Ask Your CHIEF INFORMATION SECURITY OFFICER (CISO) Bring your Command Staff together along with your IT Leadership and ask these questions! 1. What measures are in place to ensure that data security best practices are implemented throughout the department? When was the last time these measures were tested? 2. Where is our most sensitive data? Is it being properly protected? How? By whom? Have those security controls ever been tested? 3. Rate the following on a scale of 1-3 with 3 being the highest level: a. What system is critical to data integrity? b. What technology system is critical to data availability? c. What system is of the highest critically of confidentiality? 4. Is it possible that we have suffered a breach and don t know it? When was the last time our systems underwent a security audit by a third party? 5. Do we undergo annual penetration testing? Do we have a trusted partner to help us understand what our threat vectors are? 6. When a breach happens, who is retained to help us? Who do we call? 7. Do we have a trained CIRT team? When was the last preparedness exercise? Where is the copy of the written recommendations for improvement? Were they ever implemented? 8. What can we learn from recent data breaches at other Police Agencies? Do we have any of the same vulnerabilities that allowed them to be breached? 9. Are we participating in programs designed for local and state agencies to liaise with federal agencies? If so, which one(s). If not, why not? 10. Who is our point of contact with Federal Law Enforcement who works cybercrime if we were to be breached?

20 Trustwave helps businesses and law enforcement agencies fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of consultants, ethical hackers, security researchers, and incident responders, Trustwave enables organizations to transform the way they plan, prepare, integrate and manage their information security and compliance programs. Trustwave delivers automated, sustainable and cost-effective data protection, risk management and threat intelligence to more than two million businesses and merchants. Trustwave is a privately held company headquartered in Chicago. Learn more at: 70 W. Madison St. Suite 1050 Chicago, IL 60602