#Hacked How safe is your city? Mike Sturm, IT Director, City of San - - PDF document
2/28/2019 #Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS Manager, City of Frisco How frequently are local governments under cyberattack? 70 60 50 40 30 20 10 0 Hourly or more At least
2/28/2019 1
Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS Manager, City of Frisco
How frequently are local governments under cyberattack?
Source – 2016 Survey by International City/County Managers Association (ICMA) and University of Maryland, Baltimore County (UMBC) 10 20 30 40 50 60 70
Hourly or more At least once a day Less than daily Don't know
Attacks Incidents Breaches
2/28/2019 2
How well prepared are local governments to respond to cyberthreats?
20 40 60 80 100 120Detect attacks Detect incidents Prevent breaches Recover from breaches Detect exfiltration Prevent exfiltration Recover from exfiltration Recover from ransomware
Very Good / Excellent Good Poor / Fair Don't Know
Source – 2016 Survey by International City/County Managers Association (ICMA) and University of Maryland, Baltimore County (UMBC)
Are Cities Really a Target?
"Government organizations, in particular city governments, are prime targets; they not only process a lot
tighter budgets severely limit what IT updates they can carry
local governments across the country in their cross-hairs. It is just a matter of time before many of these governments realize they’ve been hacked.“
Mike Bittner, Digital Security & Operations manager at The Media Trust
2/28/2019 3
In the News
https://securitytoday.com/articles/2019/01/15/ransomware-attack-closes-down-texas-town.aspx
In the News
https://abc13.com/technology/houston-city-systems-were-hacked-twice/4925202/
2/28/2019 4
https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/In the News
https://www.nbcnews.com/news/us-news/baltimore-s-911-emergency-system-hit-cyberattack-n860876
In the News
2/28/2019 5
In the News
https://www.kbtx.com/content/news/City-of-Bryan--506137221.htmlIn the News
https://www.houstonchronicle.com/news/houston- texas/houston/article/Harris-County-looks-to-boost-cyber-security-after- 12524738.php
2/28/2019 6
https://www.nytimes.com/2017/04/08/us/dallas-emergency-sirens-hacking.html
In the News
https://www.denverpost.com/2018/04/05/samsam-ransomware-cdot-cost/
In the News
2/28/2019 7
This map issued by the Justice Department reveals the scope of the ransomware attack that struck the city of Atlanta government computers and more than 200 victims across the country, including hospitals, local governments and public institutions. SOURCE: U.S. Justice Department (The Atlanta Journal-Constitution)
https://patch.com/colorado/denver/feds-indict-iranian-hackers-samsam- ransomware-cdot-others
Two People Responsible for SamSam
2/28/2019 8
This map issued by the Justice Department reveals the scope of the ransomware attack that struck the city of Atlanta government computers and more than 200 victims across the country, including hospitals, local governments and public institutions. SOURCE: U.S. Justice Department (The Atlanta Journal-Constitution)
Common Threats
2/28/2019 9
Single Layer of Deterrents
2/28/2019 10
Unfortunately, hackers work fast, too. According to May 2017 research by the Federal Trade Commission, it took only nine minutes before the hackers tried to access the information from a fake data breach. –
Melanie Lockert , Credit Krama Inc
2/28/2019 11
According to industry analysts, cybercrimes are expected to cost $6 trillion annually worldwide by 2021... and 2019 could be the worst year yet for
2/28/2019 12
Strong Foundation
CJIS HIPAA SCADA PCI Financial Payroll Homeland Security State and Federal regulations
Crypto locker Financial Phishing Scams W-2 Phishing Scam Cloud Services – Denial of Services Financial Fraud
2/28/2019 13
Smart Initiatives Layered Defense
2/28/2019 14
What’s the current status of the cybersecurity program in your local government?
Developed security awareness training for workers and contractors
64%
Created a culture
security in your government
63%
Acquired and implemented continuous vulnerabilitymoni- toring capabilities
57%
Obtained cyber insurance
54%
Established trusted partnerships for information sharing and response
50%
Adopted a cybersecurity framework, based on national standards and guidelines
42%
Adopted a cybersecurity strategic plan
35%
Developed a cyber response plan
27%
Used metrics and testing to document program effectiveness
25%
In July-August 2018 PTI conducted a survey of local government I.T. executives representing cities and counties across the U.S.
How Safe is Your City?
Have your city adopted security policies that define acceptable behaviors and practices? Resources:
2/28/2019 15
How Safe is Your City?
Does your city provide regular security awareness training? Resources:
How Safe is Your City?
Does your city conduct regular security assessment or audits? Resources:
Security Services
2/28/2019 16
How Safe is Your City?
Does your city have Cyber Liability Insurance Coverage? Resources:
Additional coverage available for a modest additional fee.
It’s Not a Matter of If, but When
Technology (IT) staff to help protect you
services
2/28/2019 17
Additional Free Resources for IT Staff
Center for Information Security (CIS) https://www.cisecurity.org/
and software
Additional Free Resources for IT Staff
MS-ISAC: https://www.cisecurity.org/ms-isac/
2/28/2019 18
Additional Free Resources for IT Staff
environment-fedvte)
bersecurity)
cert.gov/sites/default/files/c3vp/sltt/SLTT_Hands_On_Support.pdf
Mike Sturm, IT Director, City of San Marcus Beth Ann Unger, IS Manager, City of Frisco