Cyber Security for Non-Technical Managers Thursday, August 22, 2019 - - PDF document
8/22/2019 1 Cyber Security for Non-Technical Managers Thursday, August 22, 2019 1:00 2:30 PM ET 2 1 8/22/2019 How to Participate Today Audio Modes Listen using Mic & S peakers Or, select Use Telephone
S peakers
Telephone” and dial the conference (please remember long distance phone charges apply).
the Questions pane.
for replay shortly after this webcast.
computers from the Internet due to what officials said was a RobinHood ransomware infection, a duplicitous piece of malware that pretends to raise awareness and funds for the people of Y emen.
designed to target enterprise environments, forcing its website to go dark and causing some city systems to malfunction, including a number of departments’ phone lines.
tuart, Florida, was hit by Ryuk ransomware, forcing system shut-downs affecting payroll, utilities and other vital functions, including police and fire departments.
International airport, was struck by still-unspecified malware, causing the airport’s flight and baggage information boards to go dark, an
bitcoin to hackers after data and services were lost to a ransomware attack.
$500,000 after ransomware took down almost all of the city council's IT services and systems.
ransomware attack and officials paid $400,000 to regain access to IT systems.
Spartanburg, SC
Ransomware malware is a growing concern The greatest cybersecurity threats are posed by C-level executives
As technology improves, people are the low hanging fruit. S
takes advantage of the human weakness
design, construction, commissioning, maintenance and operation of water and power utilities.
Industrial control system (ICS ) is a general term that encompasses several types
control purposes. The larger systems are usually implemented by S upervisory Control and Data Acquisition (S CADA) systems, or distributed control systems (DCS ), and programmable logic controllers (PLCs), though S CADA and PLC systems are scalable down to small systems with few control loops.
It is all about Availabilit y (and Reliabilit y)
80’s PLCs become popular Proprietary networks Late 90’s Control systems start to move to IP based networks Early 2000’s first Windows based systems
Needs: update systems share information Virus are spread ! Now I need an up-t o-dat e AV , t his is get t ing complicat ed!
Policies & Procedures
Provisioning of access Periodic User access review
S yst em development life cycle Test ing S egregat ion of act ivit ies
Backup management Backup and recovery cont rols
S ecurit y Archit ect ure Device configurat ion
Ident ify weaknesses on t he design t hat may allow an int ernal at t acker t o compromise t he availabilit y, confident ialit y and availabilit y of t he net work.
There is a place for everyone Leverage skills sets Learning Curve O&M impact
Audits - DHS Training – S ans, IS A Emergency Response (What if? ) - Drills Resources
haring and Analysis Center (WaterIS AC)
Resilience/ Cybersecurity-Guidance
For further information, contact: Elkin Hernandez Elkin.Hernandez@ dcwater.com
ear IT professional
security certifications
ACA
C2
Metropolitan Water Reclamation District of Greater Chicago