What you gonna do when they come for you? Being Proactive rather - PowerPoint PPT Presentation

Tennessee Pollution Prevention Webinar What you gonna do when they come for you? Being Proactive rather than Reactive for CyberSecurity in the Manufacturing Industry October 23 rd , 2019

Ben Bolton Energy Programs Administrator for TDEC’s Office of Energy Programs Ben manages activities related to energy security planning, preparedness, and response, as well as the energy-water nexus. He currently serves as Co-Chair of the National Association of State Energy Officials’ Energy Security Committee and represents Tennessee on FEMA’s Mitigation Framework Leadership Group. Prior to joining the State, he was an environmental scientist providing technical support to public and private sector clients. He holds B.S. in Biology and a B.A. in English from Birmingham-Southern College.

James Cotter Special Agent, Cyber Operations Program Manager at the Tennessee Department of Safety and Homeland Security (TDSHS). Special Agent Cotter joined TDSHS in 2008 and was promoted in 2012 to Supervisory Intelligence Officer and Co-Director of the Tennessee Fusion Center. He is a graduate of the Naval Post Graduate School Fusion Center Leaders Program, the Southeastern Command and Leadership Academy, and holds a B.S. in Criminal Justice. Special Agent Cotter is a veteran of the U.S. Marine Corps .

Changing How We View Cybersecurity 4

WE DON’T HAVE A CHOICE TO DIGITALLY TRANSFORM THE CHOICE IS HOW WELL WE DO IT. Erik Qualman 5

Cybersecurity is our shared responsibility – everyone is part of the security team. 6

Areas of Change • Focus on prevention then mitigation • Organizational priority • Culture of security • Mobile workforce • Minimize internal threats ▫ Educate, Empower, Enforce 7

8

• Cyber issues are not theoretical – they are real! ▫ Cyber affects us all professionally and personally ▫ Interconnectivity – Vulnerability – Liability – Vehicles, Medical Devices, Appliances, Sensors, etc. ▫ Internet of Things (IoT) 9

10

Threat Landscape • Hacktivists – Manipulate cyberspace to achieve political goals and/or social change • Criminal – Makes up the bulk of threat activity, up to $1 trillion globally Phishing, 3 rd party hosting, fraud, money laundering – ebooks ▫ Insiders/ Us ers – Both malicious and unintentional; possibly biggest threat • ▫ National Insider Threat Task Force – The insider threat is a dynamic problem set, requiring resilient and adaptable programs to address an evolving threat landscape, advances in technology, and organizational change. Espionage/Spies – 2nd oldest profession known to man (friends and foes) • • Nation State Actors/Militaries – Espionage v. Warfare; very ambiguous and complex; requires highly adaptive and innovative approaches to maneuver and transition in this spectrum; world events • Terrorists – Receives a lot of attention, but not quite there yet • Natural, Accidental and Failure – Mother Nature & Manmade Events 11

Items of Interest • The most popular cyberattack methods according to study by Positive Technologies for 2018. • Malware - Common malware infection methods were compromising servers and workstations by accessing a targeted system using vulnerabilities , social engineering , or bruteforced passwords , planting malicious software on victims' devices via infected websites , and sending malicious attachments or links by email. • Social engineering : Cybercriminals continue develop new methods to manipulate users into believing a message, link, or attachment is from a trusted source, and then infecting targeted systems with malware, stealing money, or accessing confidential information. (Social Media and Deep Fake) • Hacking : Hacking is exploiting vulnerabilities in software and hardware. Hackers currently cause the most damage to governments, banks, and cryptocurrency platforms. 12

Items of Interest • Credential compromise : Usernames and Passwords A recent report by WhiteHat Security indicates that 85% of mobile apps violate recognized security • standards. Tested 15,000 apps and 85% contained at least one common security vulnerability that can be exploited. Takeaway – be mindful of what you are allowed to download on your devices, what kind of data the apps share, and restrict what apps can access on your devices. • Most Prevalent Phishing Subject Lines - Assist Urgently, Invoice, Bank of or New Notification, Verify Your Account, Copy or Document Copy, Action Required: Pay your seller account balance, AMAZON: Your Order no #812-4623 might ARRIVED. ***Be mindful of Current Events*** 13

14

15

16

17

Some Do’s • DO - Perform updates or use site for downloads if unsure • DO - Passwords (complex – more than 8) ▫ 80% of all confirmed breaches had weak, default, or stolen PWs* • DO – The principle of least privilege – only what is necessary • DO – Completely disconnect from networks/Apps/clear caches • DO – Monitor logs (incoming and outgoing) • DO - Minimize footprint, do not link accounts – SM especially ▫ 43% of breaches started on social media* • DO – Check yourself https://haveibeenpwned.com/ and Shodan for devices https://www.shodan.io/ • DO – Join information and intelligence sharing networks • DO – Think like a hacker or use/hire/train one 18 * Verizon 2018 Data Breach Report

Some Don’ts • DON’T - Open E-Mail from unknown senders – use preview option – review before opening attachments – beware macros • DON’T – Use free or unsecured WiFi – use VPN or Cellular • DON’T – Share credentials or use on multiple platforms • If it seems too good to be true, it probably is!! Don’t be afraid to question. 19

Cybersecurity is our shared responsibility Question and report Nothing is too outlandish to attempt 20

THANK YOU 21

James Cotter TN Department of Safety & Homeland Security James.cotter@tn.gov 22

Tennessee Pollution Prevention Webinar Questions? October 23 rd , 2019

Eric Brown Assistant Director Cybersecurity Education, Research, and Outreach Center Tennessee Tech University Eric currently serves as Assistant Director for the Cybersecurity Education, Research and Outreach Center at Tennessee Tech University. Among other duties, Eric leads the cyber risk assessment program conducted in cooperation with the Tennessee 3-Star Industrial Assessment Center at Tennessee Tech University. CEROC focuses on extra-curricular training opportunities in cybersecurity, research across multiple cyber domains, and outreach to K20 students and stakeholders with an overarching goal of workforce pipeline development.

“What ya gonna do when the come for you?” Being Proactive Rather than Reactive for CyberSecurity in the Manufacturing Industry https://www.tntech.edu/ceroc / @TNTechCEROC / ceroc@tntech.edu

CEROC Quick Facts ● Founded in January 2016 ● NSA/DHS designated Center of Academic Excellence in Cyber Defense Education (1 of 200+) https://www.caecommunity.org/content/cae-institution-map ● First and Largest CyberCorps SFS Program in the State of Tennessee (1 of 70) https://www.cybersecuritymastersdegree.org/cybercorps/ - Community College Pathway (1 of 10 in nation) ● Only Cybersecurity Scholarship Program (CySP, formerly DoD IASP ) in the State of Tennessee ● Only NSA GenCyber Program in Tennessee ● Partner ■ Tennessee 3-Star Industrial Assessment Center providing cyber risk assessment services for power assessment clients ■ Academic Alliance Partner with DHS in the STOP. THINK. CONNECT! Initiative ● Founder of the Women in Cybersecurity https://www.tntech.edu/ceroc / @TNTechCEROC / ceroc@tntech.edu

CEROC at a Glance Active Cybersecurity Central Region Host Club with 3 skill of Collegiate training groups in Penetration Testing offense, defense, and Competition CTF Only NSA-Designated Center of Academic Only DoD Cyber Excellence in Cyber Scholarship Program Defense Education in Tennessee Four-Year Program in Tennessee K12 Outreach Events supporting cybersecurity awareness and competition opportunities Only Program in Tennessee to Offer First and Largest CyberSecurity CyberCorps SFS Specialization at the Scholarship Program Bachelor, Masters in Tennessee and Ph.D. levels Research areas in cyber physical systems, smart grid, Only GenCyber vehicular networks, Student summer formal methods, Program in graph-based Tennessee anomalies, risk assessment https://www.tntech.edu/ceroc / @TNTechCEROC / ceroc@tntech.edu

National Cybersecurity Awareness Month (NCSAM) 2019 Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. More information can be found at https://niccs.us-cert.gov/national- cybersecurity-awareness-month- 2019. This year’s message is “Own IT. Secure IT. Protect IT. https://www.tntech.edu/ceroc / @TNTechCEROC / ceroc@tntech.edu

Background Information for Today’s Talk The following information is provided by the 2019 Data Breach Investigations Report from Verizon (https://enterprise.verizon.com/resources/reports/dbir/). Consider the following. https://www.tntech.edu/ceroc / @TNTechCEROC / ceroc@tntech.edu