Cyber Security & Intelligence Sharing in Our Schools By Steve - - PowerPoint PPT Presentation

Cyber Security & Intelligence Sharing in Our Schools

By Steve Palmer & Anthony Aukland

Today’s Topics

• Digital Citizenship
• EduTech O365 Security Pages
• Physical School Access
• Intelligence Sharing & North Dakota

North Dakota K-12 Schools

• 530 Schools
• 183 School Districts
• > 100,000 Students
• > 18,000 Teachers Faculty and Administrators

All connecting to one big network StageNet

Digital Citizenship

• Defined as the norms of appropriate, responsible technology use
• Helps teachers, technology leaders and parents understand what

students/children/technology users should know to use technology appropriately

• More than just a teaching tool; it is a way to prepare students/technology

users for a society full of technology.

• Too often we are seeing students as well as adults misusing and abusing

technology.

• The issue is more than what the users do not know but what is considered

appropriate technology usage.

Kids LEAD Digital Lives

• Kids ages 8-18 spend 7 hours and 38 minutes per day online
• If a child sleeps 8 hours per night, that means ONE HALF of the time that he or she

is awake is spent online § 33% Online § 33% Offline (awake) § 33% Asleep

• Some common online issues kids face include:

§ Cyber Predators § Cyber Bullying § Identity Theft

Students as Digital Citizens

World at their fingertips…

• Smart phones/tablets
• Social Media
• Online Games

§ Xbox, PlayStation, iOS

• Online Learning
• Technology Carts : Students

§ 1:1 in the schools § iPads, Chromebooks, Surfaces, Laptops

• Passwords

§ Complexity § Pass Phrases § Length § Password Storage

• Do’s and Don'ts?
• Accounts

§ User ID's / Multiple

• Cyberbullying

Digital Citizens Responsible Practices

Why we need Cybersecurity?

• Crimes that happen in real life – such as stealing – also happen on the

Internet.

• Just like you have to look both ways before crossing the street, you have to

be careful when using the Internet.

• The Department of Homeland Security helps you protect yourself from

dangers on the Internet by teaching you what to look out for online.

• Often, we might not realize that our actions online might hurt us, our

families, and even our country. Learning about the dangers online and taking action to protect ourselves is the first step in making the Internet a safer place.

World’s Biggest Data Breaches

EduTech O365 Security Pages

Security Advisories

Policy Templates

Security Awareness Information

Cyber Career Paths

• Are you Creative?

§ Keep people from becoming victims on online attacks § Find system weaknesses § Do you like to observing people and their behavior? § Are you a problem solver?

• Are you Analytical?

§ Make hardware hacker proof § Do you want to make sure phones, airplanes, cars and other equipment hacker-proof? § Make software hacker proof

• Are you Technical?

§ Hunt down bad guys on the Internet? § Oversee systems and everything connected to it? § Be an Internet first responder?

Physical School Access

• 65 School Districts visited…So far
• What I have seen

§ Visitor badges § Visitor Logs § No visitor logs

• Social Engineering

What is intelligence?

The collection of information and analysis to provide guidance through assessing data

Why is intelligence sharing important?

The 9/11 attacks were a mandate for change. The inability of the U.S. intelligence community to “connect the dots” due to inefficient information-sharing mechanisms and the gap in domestic intelligence led to improving the nation’s intelligence sharing. Reformation since 9/11 resulted in the creation of

• Department of Homeland Security
• Director for National Intelligence
• National Counter Terrorism Center
• Revamping Federal Bureau of Investigation capability
• State and Local Fusion Centers

• NDSLIC is owned and operated by North Dakota with support from Department
• f Homeland Security State and Local Program Office.
• Focused on Information Sharing: Gather, blend, analyze, and share information

with traditional and non-traditional partners.

• Collaborative: Work with multiple agencies to detect, prevent, apprehend, and

respond to criminal terrorist activity

• Flexible: All Crimes and All Hazards approach as most fusion centers.
• We are committed to protecting the civil rights and civil liberties of all

Americans

• NOT Focused Only on Terrorism: NDSLIC has broader Capabilities to assist in

counter-terrorism as well All Crimes and All Hazards Missions.

What is the NDSLIC?

Who is the NDSLIC

North Dakota State and Local Intelligence Center

• 1 BCI Special Agent (Director)
• 1 NDHP Sergeant
• 1 NDDES Civilian Analyst (Chief of

Operations)

• 1 Information Liaison Officer (ILO)
• 5 BCI Intelligence Analysts
• 1 DHS Intelligence Officer
• 1 Information Technology

Department Cyber Analyst

• 3 NG Counter-Drug Analysts
• 1 Critical Infrastructure Program

Manager

• 1 North Dakota Anti-Terrorism

Program Force Protection Officer

• 1 North Dakota Anti-Terrorism

Program Specialist

• 1 US Border Patrol Agent

NDSLIC links North Dakota Public & Private Sectors, National Network of Fusion Centers & Intelligence Community

MS-ISAC, E-ISAC, F-ISAC, Infragard, Cyber Intelligence Network, Center for Internet Security Includes Higher Education, K-12 Schools, Energy and Financial Industries

NDSLIC Support and Products

• Weekly Intelligence Summary

§ Critical Infrastructure and Key Resources § Cybersecurity Bi-Weekly

• Cybersecurity Alert
• Site Assistance Visits
• Public Advisories
• Security / Safety Training
• Threat Assessments
• Various Analytical Charts

• Cyber Criminals

§ Organized Crime (US, Russia/Ukraine, etc…) § Malware / Phishing / Ransomware / Social Networking

• Hacktivists

§ Ideologically Motivated = political issues § Website Defacements / DDoS / Doxing

• Terrorist Groups / Extremists

§ Propaganda / Fundraising/Recruitment § Youth targeting

• 3 British teenage girls travelling to Syria to join ISIS
• http://www.cnn.com/2015/02/25/middleeast/isis-kids-propaganda/
• Nation States / Advanced Persistent Threat

§ Foreign Governments § Capability & Intent § https://www.technologyreview.com/s/603262/ukraines-power-grid-gets- hacked-again-a-worrying-sign-for-infrastructure-attacks/

Who is attacking us?

Tech Coordinators Name, On DAY, MONTH, YEAR we were notified about the following device that generated a WildFire alert. Name: k12.nd.us Address: 10.XXX.XXX.XXX The alert was caused by a WildFire submission that came back as malicious. What does that mean? 1.It was a file that was not seen by our PA WildFire service 2.It was uploaded to the cloud to be analyzed 3.The file was actually downloaded by the device 4.WildFire determined it was bad and is now blocking 5.The filename of the identified file was "Malicious Code file name from e-mail XXXXXX.EXE " The device should be investigated for any signs of compromise and a full AV scan should be run. I have attached the wildfire report

• n the characteristics of the malware.

EduTech Ticket # H2HXXXXXXXX When you find the devices and remedy the situation, please provide me a resolution. Thank you.

Intelligence Sharing with EduTech

Wildfire Reports

• Spring Lake Park Schools Michigan (December 2016)

§ http://abcnewspapers.com/2016/12/07/ransomware-virus-attacks-slp-schools-technology/ § Backups had them up and running in two days without paying a dime

• Cloquet Minnesota Schools (March 2016)

§ http://www.duluthnewstribune.com/news/crime/3989320-cloquet-schools-suffer-ransomware-attack § $6000 ransom § Did not pay ransom § School cancelled for 1 day § Phishing / Spam Email

• Bigfork Montana (November 2016)

§ http://www.edweek.org/ew/articles/2017/01/11/ransomware-attacks-force-school-districts-to.html § Phishing / Spam Email § Did not pay ransom

• Cockrell Hill Police Department (January 2017)

§ http://www.csoonline.com/article/3163045/security/ransomware-steals-8-years-of-data-from-texas- police-department.html § $4000 ransom § Files affected went back to 2009, 8 years of data gone § Spam Email

National Cases

• Targeted & Untargeted
• Phishing Email
• Personal Email
• Phone Calls
• Financial Gain
• 6 cases identified
• Some companies had no backup or discovered backups were not

working and forced to pay ransom

• Lost 4 years worth of data

Agencies, Healthcare, Retirement

North Dakota Cases

Is it really ANONYMOUS? Be vigilant anyway

• Stolen during work
• Called me “as soon as she knew”
• Logged in to iCloud and put device in Lost mode
• Put my phone number and name on the message
• Must have still had wireless or found a known wireless network to receive the message
• NON-CELLULAR iPad

Daughter’s Stolen iPad

• 3 months later phone call from Kansas gas station manager
• Customer used it as collateral for gas
• Station Manager’s father plugged it into a PC
• Lost iPad Message appeared
• Gave it to local Police who shipped it to Bismarck PD

Daughter’s Stolen iPad

• National Cyber Security Alliance - helps all digital citizens stay safer and more secure online

§ https://staysafeonline.org § https://www.stopthinkconnect.org/

• NetSmartz.org – developed by National Center for Missing & Exploited Children, their

mission is to serve as the nation’s resource on issues of missing and sexually exploited children.

§ http://www.netsmartz.org/Parents

• Common Sense Media = helping kids thrive in a world of media and technology by helping

families make smart media choices.

§ https://www.commonsensemedia.org/

Resources

• Department of Homeland Security - https://www.dhs.gov/
• Federal Trade Commission

§ Reporting Identity Theft = https://www.identitytheft.gov § Protecting America’s Consumers = https://www.ftc.gov/datasecurity

• NDSLIC – https://www.nd.gov/des/homeland/fusion-center/
• Infragard
• Partnership between the FBI and private sector dedicated to sharing information and intelligence
• https://www.infragard.org/

Resources

Steve Palmer

Office: (701) 328-4272 steven.palmer@k12.nd.us Anthony Aukland Office: (701) 328-3245 aaukland@nd.gov