Cyber Security Defense Services Portfolio Development Status. February 2016

Cyber Security Defense Services Portfolio Development Status February 2016 1

Agenda Merit s Six Strategic Thrusts Merit s current security offerings Member feedback Mission and vision statement for this initiative New cyber security service categories New services under consideration as the portfolio develops 2

Merit s Six Strategic Thrusts 1. Network: The highest-performing and most-adopted statewide network in the U.S., connecting diverse communities 2. Security: Security and information privacy defender 3. Community: Merit providing a digital commons for continuous statewide IT community collaboration 4. Diversification: Select portfolio of financially strong services 5. Workforce: Staffing shared services 6. Business: Merit as a pre-approved Michigan service provider to streamline business with customers

Merit s Current Security Offerings Cyber security training and certifications Michigan Cyber Range exercises and testing in a preconfigured environment Secure Sandbox custom testing environment Enabling services QuadMetrics cyber risk posture assessment Duo Security AT&T Managed Firewall Service Defense services Above Security Managed Services 4

Current Hidden Value-Add in Merit Services Peak flow reports BGP black hole services 24x7 Merit Support Center and easy access to real engineering talent Coming: statewide cyber security information sharing via our new Merit Commons, private social network 5

CEO Findings Member Organizations Trust in Merit Community Network Merit Support Center Responsiveness and flexibility Professional development, training & events Cyber security needs Staffing needs

Encouraging Progress Pell Center for Interna-onal Rela-ons and Public Policy, State of the States on Cybersecurity : (h7p://pellcenter.org/wp- content/uploads/2015/11/pell- Center- State- of- the- States- Report.pdf). The State of Michigan has established itself as a leader among states in implemenjng state government cybersecurity measures and in promojng cyber industry growth. The cornerstone of Michigan s strategy to enhance cybersecurity has been its collaborajve and inclusive nature and an enterprise approach to informajon security that allows state agencies and private and public sector organizajons to work in a highly coordinated and efficient manner with recogni-on of Merit s work 7

The Vision of Merit Cybersecurity The Merit security portfolio is designed to be member-focused and member-driven, providing best-in-class services at lower costs. Through the use of these services, the security posture of our membership will increase, making the state of Michigan the security leader. 8

The Mission of Merit Cybersecurity Merit's cybersecurity mission is to lead and defend the research, education and public sector communities. Merit will raise the security posture of our community in Michigan and beyond through training, knowledge-sharing, and delivering valuable security services. 9

New Cyber Security Categories 1. Proactive 2. Active 3. Reactive 10

New Services Under Consideration 1. Proactive QuadMetrics report and analysis services CISO professional services Critical infrastructure assessment and recommendations Pen testing End user education 2. Active Open source embedded/managed firewall (pfsense) SOC 3. Reactive DDoS Forensics (with 3 rd -party expertise) 11

Merit-Managed Firewall High demand / good alignment with network services Lower cost option to Premium managed firewall option E-Rate eligible Evaluating technology options pfsense open source is a strong contender Staff training required 12

DDoS Threat

Higher Ed DDoS Incidents University of Alaska August 2014 ~500,000 sessions debilitating their border firewall Arizona State University April 2015 Attacks directory toward login systems Rutgers University April, March & Dec. 2015 Six attacks in one year March attack last entire weekend December attack lasted four days

Merit Network Targeted RADb DDoS attack Several day sustained attack Attack coupled with normal traffic congested Internet flow Last day 25Gbps Visualization 1 Visualization 2

Cyber Defense - DDoS No solution is perfect or 100% DDoS detection and mitigation Service provider approach Appliance at border (Chicago and Southfield) Protect the whole network including members Provide a mechanism for members to view events via a portal Will not mitigate member to member Uniformed policies Increase mitigation response Economies of scale Develop and implement SOC Fully managed 24/7 Will need to add staff and staff training Use cloud service when events exhaust border appliances Option of additional appliance at member site 16

Cyber Defense - DDoS Solution: Implementing an Arbor Networks TMS 2800 ( Threat Management System) to be installed in Chicago 40 Gbps of inspected throughput TMS 2310 to be installed in data center 10Gbps of inspected throughput Atlas Intelligence Feed with automatic content updates across the TMS deployment Arbor Cloud for Service Providers Large tier protection of 2Gbps of clean traffic diverted using BGP System Admin, DDoS User/Admin training Configure and perform ongoing SP administration functions Administration and support of mitigation of DDoS attacks 10 seats available 17

CISO Professional Services (CaaS) High demand / trust in Merit Scalable Affordable Value to wide array of Membership: security architecture, security assessment, pen test interpretation, etc. Use QuadMetrics reports as conversation starters Aligned with overall portfolio offerings: Proactive Active Reactive 18