The National Cybersecurity Preparedness Consortium Gregory White, Ph.D. UTSA/CIAS greg.white@utsa.edu 210-458-2166 October 2013

Similar documents
TEXAS BOARD OF NURSING 12/2015

TEXAS COMMISSION ON JAIL STANDARDS Incarceration Rate Report - Highest to Lowest July1, 2016

Fatal Crashes and Fatalities by County and Road Type

Texas Medicaid/CHIP Vendor Drug Program

Texas Managed Long Term Services and Supports. National Health Policy Forum Presentation

Keep Wilco Moving Presented by Cynthia Long County Commissioner, Williamson County, Texas September 21, 2015

Texas. Demographic Characteristics and Trends. House Committee on Redistricting and the House Committee on Judiciary and Civil Jurisprudence

Demographic Characteristics and Trends. Texas Mining and Reclamation Association October 26, 2010 Bastrop, TX

ICRC Study Hall Call: State Monitoring and Oversight of Managed Long- Term Services and Supports Care Programs

Employee Notice of. Network Requirements

Important Information From Your Liberty Health Care Network

Cervical Cancer in Texas: A Closer Look. (Incidence and Mortality Data by Councils of Government and County)

TRIAL COURTS AND JURISDICTION BY COUNTY

Important Information for Employees Regarding Medical Treatment for a Work-Related Injury or Illness

How To Improve Education In Texas

Zurich Services Corporation Health Care Network (HCN)

Zurich Services Corporation Health Care Network (HCN)

Professional Employee Salary Report

Texas Title Insurance Statistical Plan

Demographics in Texas: Changes in Household Characteristics and Changes in Family Structure of the Dallas Area

Texas Star Network Employee Notice of Network Requirements

Coventry Workers Comp Network. Employee Information Materials

COVENTRY WORKERS COMPENSATION NETWORK: KELLY SERVICES MATERIALS

STATE BAR OF TEXAS DEPARTMENT OF RESEARCH & ANALYSIS 2009 HOURLY FACT SHEET

STATE BAR OF TEXAS DEPARTMENT OF RESEARCH & ANALYSIS 2011 HOURLY FACT SHEET

Provider Network Contract and Credentialing Checklist for Ancillary and Facility Providers

*Upton -32 WET-DRY STATUS OF TEXAS COUNTIES AS OF DECEMBER, 31, 1. (Asterisk indicates counties wholly wet, all others dry in part)

STATE BAR OF TEXAS DEPARTMENT OF RESEARCH & ANALYSIS

2014 Paralegal Division Compensation Survey

Coventry Workers Compensation Network Employee Information Materials

Genworth 2015 Cost of Care Survey Texas

STATE BAR OF TEXAS DEPARTMENT OF RESEARCH & ANALYSIS 2013 HOURLY FACT SHEET

Humana Medicare Supplement Plan

Overview of the STAR+PLUS Program in Texas

EMPLOYEE NOTIFICATION OF NETWORK REQUIREMENTS IMPORTANT INFORMATION FROM YOUR LIBERTY HEALTH CARE NETWORK

Opportunities for Energy Efficiency and Renewable Energy in State Air Quality Planning

Table of Contents. Introduction Introduction Statement... i-ii Glossary of Terms... iii-v

Texas Star Network Texas Health Care Provider Network. Employee Information Materials

Texas Star Network Texas Health Care Provider Network. Employee Information Materials

Texas Board of Nursing 2013 Enrollment, Graduation, Admissions Vocational Nursing

How To Manage A Disaster

Important Information about Medical Care if you have a Work-Related Injury or Illness

Texas Department of Public Safety Texas Division of Emergency Management

Preservation Consultants

Pharmacy Provider Training

Comparing Texas HMOs 2014

AEP Texas North Company (AEP TNC) Residential Air Conditioning Distributor Market Transformation Pilot

APPENDIX A ACO Facilities

Texas State Expenditures by County

IMO MED-SELECT NETWORK A Certified Texas Workers Compensation Health Care Network

Texas Department of Public Safety Texas Division of Emergency Management

IMO MED-SELECT NETWORK A Certified Texas Workers Compensation Health Care Network

IMO MED-SELECT NETWORK A Certified Texas Workers Compensation Health Care Network

October 1, Kay Ghahremani State Medicaid Director Texas Health and Human Services Commission P.O. Box Austin, Texas 78711

Workers Compensation Health Care Network

Uninsured Children in Texas by County Texas House & Senate Districts. Texas State Demographer Karl Eschbach, PhD.

First Attempt Pass Rate 3 Year Summary (FY07 FY09)

Texas Electric Cooperatives

Trends, Profile and Policy Issues Related to Felony Probation Revocations in Texas

Texas Board of Nursing 2013 Enrollment, Graduation, and Admissions Professional Nursing Programs

THE DEBATE OVER DROPOUTS: HOW MANY ARE THERE? Released: February 22, 1999

Financial Models to Support State Efforts to Coordinate Care for Medicare-Medicaid Enrollees. Demonstration Proposal. Texas

AEP Texas Central Company (AEP TCC) Residential Air Conditioning Distributor Market Transformation Pilot

An applicant agency must not provide home health, hospice or personal assistance services until it receives the HCSSA license.

Texas. Population Estimates and Projections ERCOT Long-Term System Assessment (LTSA) Stakeholder Workshop. January 13, 2014 Austin, TX DRAFT

Overview of the Criminal Justice Policy Council Criminal Justice Information System Audit

Community Cyber Security. Center for Infrastructure Assurance and Security

C R I M E V I C T I M S E R V I C E S D I V I S I O N

Texas Relocation Report

Aetna Advantage Plans for Individuals, Families and the Self-Employed

062010_tblAccreditedTCRLabs

Texas Relocation Report

Access to Health Care in South Texas

RECOVERY ACT LOCAL JAG AWARDS. Texas

VENDOR GUIDE How to Do Business with the State of Texas

Landowner s Guide to Plugging Abandoned Water Wells

TEXAS PEST CONTROL ASSOCIATION, INC. BYLAWS As amended November 2010

TEXAS AUTOMOBILE INSURANCE PLAN ASSOCIATION RULES AND RATING MANUAL. Revision Number 1 Effective September 1, 2005

International Registration Plan Texas Apportioned Registration Information Packet

TAIPA Rules and Rating Manual

DIRECTORY (REVISED 08/30/2011)

Well Owner s Guide to Water Supply

Texas Conference of Urban Counties. Request for Qualifications IT Staffing Services

Population Change in Texas and The Dallas-Fort Worth Area: Implications for Education, the Labor Force and Economic Development

TEXAS COURT SECURITY INCIDENTS REPORT

CHALLENGES OF RURAL PROVIDER EHR ADOPTION

Texas Department of Insurance MEDICAL MALPRACTICE INSURANCE: Overview and Discussion

If applicable: Servicer Loan Number MCC Number

Texas Sales and Use Tax Rates

Well Owner s Guide to Water Supply

Contents. Tax Incentives for Texas Employers: Work Opportunity Tax Credit...1 State Tax Refund...2

ProDoc efiling A Guide to Registering for efiling in Texas State Courts

Demographic Characteristics and Trends in Texas and North Texas: Population and Infrastructure

Cyber Security Training and Exercise Program State of Nevada

Accounting for Energy Efficiency & Renewable Energy for the Texas State Implementation Plans (SIP)

GEOGRAPHIC BOUNDARIES AND SERVICE AREAS (EXHIBIT)

COLONIAL LLOYDS. Underwriting Guidelines

TDI. TITLE DATA Excellence by Design. Customer List (By County) 1 As of February 1, 2016

Hill Country and South Texas Therapy Providers

Annual and Expenditure Report. w w w. t x c o u r t s. g o v / t i d c

Transcription:

The National Cybersecurity Preparedness Consortium Gregory White, Ph.D. UTSA/CIAS greg.white@utsa.edu 210-458-2166 October 2013

Center for Infrastructure Assurance and Security Center at The University of Texas at San Antonio Small, agile and non-profit, founded in 2001 Focus areas Cyber Security Training Cyber Defense Competition Programs Infrastructure Assurance Programs Resources Primarily funded (DHS, UTSA is angrant NSA / DHS National CenterDoD) of Academic Excellence in Information Assurance Education with security programs and courses in the colleges of Business, Science, and Engineering. 2013

What s the issue? Cybersecurity is a growing concern for the nation. Increased number of attacks Potential for cyber terrorist attacks growing Incidents at the state and local levels on the rise Similar to physical attacks, when an event occurs, while it may be viewed as a national incident, individuals at the state and local levels need to be prepared to respond. States and local communities are NOT prepared with viable and sustainable cyber security programs.

The U.S. Is Vulnerable And Has Been For A While Power grid vulnerable to attack, report warns; Experts: U.S. needs to act now to protect infrastructure USA Today; McLean, Va.; Tim Friend Jun 25, 2002 Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system Electricity Grid in U.S. Penetrated by Spies, Siobhan Gorman, Wall Street Journal, April 8, 2009 talented hackers in many parts of the world are willing to peddle their expertise for the right price or political cause... We have evidence of Russian hackers selling their skills to radical Islamic groups The Battle Against Cyber Terror, Network World, 29 November 2004 2013

Attacks are Not Limited to Attacks on the Nation

Incidents Impacting States and Communities 2009 Virus hit Houston, shut down court system Christian Navarrette, an art teacher, left his job early to get down to the courthouse to pay a speeding ticket. He said he was turned away when he tried to pay the ticket, which is due by Monday. They told me if I pay it now, it may not post by Monday because of the computer problem, he said. They told [me] that I could face more fines if I pay it today, or I can just come back to pay it Monday. I guess I ll have to leave work early Monday, too. 2009 Fiber Optic Cable cut in Silicon Valley 2013 The The University University ofoftexas San Antonio All Rights Reserved 2012 Texasatat San Antonio All Rights Reserved

Incidents Impacting States and Communities 2009 State of Virginia, extortion attempt In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :( For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I ll go ahead and put this baby out on the market and accept the highest bid. The University ofsan Texas Antonio 2013 The University University ofoftexas San Antonio atallsan Reserved 2012 The Texasatat Antonio Rights All Rights Reserved

Incidents Impacting States and Communities The University ofsan Texas Antonio 2013 The University University ofoftexas San Antonio atallsan Reserved 2012 The Texasatat Antonio Rights All Rights Reserved

Incidents Impacting States and Communities Anonymous attack on the City of Orlando (June 2011) The computer hacker group Anonymous credited with crashing the websites of Visa and MasterCard in support of Wikileaks launched what it called "Operation Orlando" on Tuesday, disabling a tourism website and the mayor's own campaign site. In news releases and emails to the Orlando Sentinel, the loose-knit group issued a "declaration of war" and promised to bring down a different Orlando-related website every day. One hacker told the Orlando Sentinel the group may target Orlando police officers, state lawmakers and the Florida Democratic Party. http://articles.orlandosentinel.com/2011-06-28/news/os-hackers-attack-orlando20110628_1_hackers-attack-website-lake-eola-park

Incidents Impacting States and Communities 2012 Data Breach in South Carolina Data breach at the South Carolina Department of Revenue exposed millions of state taxpayers to identity theft. 3.8 million Social Security numbers, 3.3 million bank account numbers and information for nearly 700,000 businesses stolen Occurred after a Department of Revenue employee opened a phishing email giving the hacker access to the department's data system During a period of weeks hacker scoured the department's system by remote access then, over a two-day period zipped 74.7 gigabytes of data which was then downloaded. State officials learned of the breach Oct. 10, 2012 from the U.S. Secret Service Cost so far is $25 million, including $12 million going to Experian to cover a year of state-paid credit monitoring.

But Why is Cyber security a Community Issue? Would your community s LE and Emergency Management personnel know the significance of these images?

Would Local LE Forward this to Anyone? Friday, 14 April 2006, 2:40 p.m. (Tyler Police Department) Possible War Driving During a routine stop for speeding, a police officer notices the occupants of a truck that was stopped have laptops and what appears to be oversized antennas mounted on the vehicle and connected to the laptops. When questioned about the equipment, the occupants (two males in their mid 20s) reply that the equipment is just computer stuff. The occupants agree to let the officer search the vehicle, but the officer does not find anything illegal just handheld global positioning systems and maps of the community and surrounding area. They were driving around facilities owned by the local power company. Click to edit Master text styles Second level Third level Fourth level Fifth level Click to edit Master text styles Second level Third level Fourth level Fifth level Would the State EOC want to know about this? 2013

What about now? Saturday, 15 April 2006, 1:40 p.m. (Dallas Police Department) Possible War Driving During a routine stop for speeding, a police officer notices the occupants of a truck that was stopped have laptops and what appears to be oversized antennas mounted on the vehicle and connected to the laptops. When questioned about the equipment, the occupants (two males in their mid 20s) reply that the equipment is just computer stuff. The occupants agree to let the officer search the vehicle, but the officer does not find anything illegal just handheld global positioning systems and maps of the community and surrounding area. They were driving around facilities owned by the local power company. Click to edit Master text styles Second level Third level Fourth level Fifth level Click to edit Master text styles Second level Third level Fourth level Fifth level Would the State EOC want to know about this? 2013

Or now? Saturday, 15 April 2006, 1:40 p.m. (Plano Police Department) Possible War Driving During a routine stop for speeding, a police officer notices the occupants of a truck that was stopped have laptops and what appears to be oversized antennas mounted on the vehicle and connected to the laptops. When questioned about the equipment, the occupants (two males in their mid 20s) reply that the equipment is just computer stuff. The occupants agree to let the officer search the vehicle, but the officer does not find anything illegal just handheld global positioning systems and maps of the community and surrounding area. They were driving around facilities owned by the local power company. Click to edit Master text styles Second level Third level Fourth level Fifth level Click to edit Master text styles Second level Third level Fourth level Fifth level Would the State EOC want to know about this? 2013

Dallam ShermanHansford Ochiltree Lipscomb Hartle y Moor RobertsHemphill e Hutchinson Oldham Potte r Deaf Smith Carso n 5B RandallArmstrongDonle Collingswort y h Parmer Castro Swisher Briscoe Hall Bailey Lamb Hale DawsonBorden Archer Knox Baylo r Young Kent Stonew Haskel all l Throckmorton Scurry Fisher Clay Montagu Cook e e Su b Jack 5A Shackelford Palo Jones Stephens Pinto 4B Eastland Martin Howard Mitchell Nolan Taylor Callahan Wise Grayso Fannin n Su b Denton 1A Parker Tarrant 1A Collin Hunt Hopkins Rockwall Rains Dallas Kaufman Van Zandt Hood Johnson Ellis ErathSomervell Lama r Delta Red Rive r Titus Camp Bowie Morris Andrews Garza King Frankli n Gaines El Paso 5A Lynn Terry Childres s Hardeman Floyd Motley Cottle Foard Wilbarge Wichit r a Cochra HockleLubbock CrosbyDicken y s n Yoaku m If you could step back and view what is occurring around the state would you be interested if you suddenly could plot all of these and similar occurrences? Gray Wheeler Cass Mario n Harriso Gregg n Wood Upshu r 1B Smit Henderso h Navarro n Panola Rus Hill k Glasscock Colema Comanche Bosque Cheroke Coke Ecto Midland Loving Winkle Anderson Sterlin Shelb Brown Runnels n e r r g Freeston Hamilton Nacogdoch y McLennan San Augustine e Limestone Mills Ward es Culberso Crane Tom Upton Reagan n Coryel Houston Green Concho Leon Angelina Sabine Irion Falls l Reeves McCulloch San Lampasas Trinit Saba Bell Jasper RobertsonMadison y Newton Schleicher Menard Pecos Burnet Polk Mila Tyler Walke Mason Crockett Jeff Williamso Llan m Brazo San r Davis n o s Grimes Jacinto Sutton Burleson Kimble Hardi Blanco Travis Montgomery Lee Gillespi n Terrell Washington Orange Liberty e Bastro Hays Kerr Presidio Waller p Edwards Val Kendall Austin Jefferson Harris Fayett Real Verde Brewster Coma Caldwell Chambers Bander e l Colorado a Guadalup Fort e Gonzales Bend Bexar Galveston Lavaca Kinney Uvald Medin Wilson e a Wharto Brazoria n DeWit Jackson Matagord t Frio Atascosa Karnes Maverick Zavala a Victori Goliad a Calhoun Dimmit La Salle Bee Refugi McMullen Liv o e Aransas San Oa Patricio k Jim Webb Nuece Duval Well s s Kleber g 6A Hudspet h 6C Sub 2B Sub 4B Sub 4A 4A 6B 2C 2B Su b 8A Sub 2C 3B 2A 3A Does this now paint a picture that you d be interested in seeing? Sub 8A Zapata Jim BrooksKenedy Hogg Starr 8A Hidalgo Willacy Cameron 2013 Friday, 14 April Saturday, 15 April Monday, 17 April

A Cyber Security Consortium The National Cybersecurity Preparedness Consortium (NCPC) has been funded by the Department of Homeland Security under a Competitive Training Grant. It will address cyber security issues in states and communities. It is designed to be a Grass Roots program that will link with and assist in national cyber security programs. It will coordinate with efforts in other disaster fields with the National Domestic Preparedness Consortium and the Rural Domestic Preparedness Consortium. The goal is to help states and communities establish viable and sustainable cyber security programs.

Who is Part of the Consortium? Initial membership includes universities with existing cyber security exercise/training relationships with DHS Proven track records and existing programs Work already underway, no long lead time needed to get started Initially, the Universities included are: The University of Texas at San Antonio Texas A&M University System (TEEX) The University of Arkansas System Criminal Justice Institute The University of Memphis Norwich University Additional interested universities may be added to provide additional capabilities needed by the consortium.

The Community Cyber Security Maturity Model (CCSMM) Consortium organized around the CCSMM. Based on 11 years of working with states, communities, and sectors to build cyber security programs. The model is designed to: Provide a yardstick to measure a community s current cyber security status; Provide a roadmap for states and communities to improve their current cyber security status; Serve as a common point of reference for individuals in different states and communities to discuss ongoing efforts to improve their cyber security status.

Adding to the Model All of the resources needed to implement the CCSMM have not yet been developed. The consortium will look for existing programs and resources that can become part of the solution. The cyber security problem is huge, as is illustrated by the size of the CCSMM. When appropriate, the consortium can be expanded to incorporate entities with unique capabilities that supply a solution to some aspect of the model. Partnerships can be established with organizations that have an answer to some aspect of the model and that have resources that can assist states and communities. A good example of a potential partner is the MS-ISAC

Goal for the Nation To bring states, territories and communities to a minimally acceptable level of cyber security preparedness. This equates to Level 4 of the Community Cyber Security Maturity Model This will be accomplished through a coordinated effort between states, communities, and the NCPC. The NCPC will become a source of training, exercises, tools, and resources that states, territories, and communities need.

Why Level 4? Level 4 is the point at which communities and states / Territories have established a program to actively assess their on-going cyber security status and have integrated cyber security with other emergency operations. A community at level 4 has the following characteristics Leaders and organizations promote awareness; citizens are aware of cyber security issues. A formal info sharing and analysis, internal and external to the community exists; A formal local fusion and metrics program established. Autonomous cyber exercises with assessments of formal info sharing/local fusion are conducted involving live play/assessments. Cyber is integrated in COOP; mentor externals on COOP integration; formal blended incident response and recovery program exists.

Cyberterrorism Defense Initiative (CDI) Participants Trained Click icon to add table WA 160 MA 94 MT 40 OR 107 NY 367 WI 30 MI 34 IA 38 IN 105 NV 54 CO 110 CA 533 AZ 71 NM 49 OH 142 DE 52 WV 45 MO 28 OK 95 M D 97 SC 32 AR 202 MS 40 TX 509 CT 39 PA 67 AL 133 GA 122 LA 29 FL 258 HI 69 Puerto Rico 52

Questions? The National Cybersecurity Preparedness Consortium Gregory B. White, Ph.D. Director Center for Infrastructure Assurance and Security (CIAS) The University of Texas at San Antonio greg.white@utsa.edu 210-458-2166

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information