Embed Size (px)
Citation preview
CyberSecurity&
IntelligenceSharinginOurSchoolsByStevePalmer
&AnthonyAukland
Today’sTopics• DigitalCitizenship• EduTechO365SecurityPages• PhysicalSchoolAccess• IntelligenceSharing&NorthDakota
NorthDakotaK-12Schools• 530Schools• 183SchoolDistricts• >100,000Students• >18,000TeachersFacultyandAdministrators
AllconnectingtoonebignetworkStageNet
DigitalCitizenship• Definedasthenormsofappropriate,responsibletechnologyuse
• Helpsteachers,technologyleadersandparentsunderstandwhatstudents/children/technologyusersshouldknowtousetechnologyappropriately
• Morethanjustateachingtool;itisawaytopreparestudents/technologyusersforasocietyfulloftechnology.
• Toooftenweareseeingstudentsaswellasadultsmisusingandabusingtechnology.
• Theissueismorethanwhattheusersdonotknowbutwhatisconsideredappropriatetechnologyusage.
KidsLEAD DigitalLives• Kidsages8-18spend7hoursand38minutesperdayonline
• Ifachildsleeps8hourspernight,thatmeansONEHALFofthetimethatheorsheisawakeisspentonline§ 33%Online§ 33%Offline(awake)§ 33%Asleep
• Somecommononlineissueskidsfaceinclude:§ CyberPredators§ CyberBullying§ IdentityTheft
StudentsasDigitalCitizensWorldattheirfingertips…• Smartphones/tablets• SocialMedia• OnlineGames
§ Xbox,PlayStation,iOS• OnlineLearning• TechnologyCarts:Students
§ 1:1intheschools§ iPads,Chromebooks,Surfaces,Laptops
• Passwords§ Complexity§ PassPhrases§ Length§ PasswordStorage
o Do’sandDon'ts?• Accounts
§ UserID's/Multiple• Cyberbullying
DigitalCitizensResponsiblePractices
WhyweneedCybersecurity?• Crimesthathappeninreallife– suchasstealing– alsohappenonthe
Internet.
• Justlikeyouhavetolookbothwaysbeforecrossingthestreet,youhavetobecarefulwhenusingtheInternet.
• TheDepartmentofHomelandSecurityhelpsyouprotectyourselffromdangersontheInternetbyteachingyouwhattolookoutforonline.
• Often,wemightnotrealizethatouractionsonlinemighthurtus,ourfamilies,andevenourcountry.LearningaboutthedangersonlineandtakingactiontoprotectourselvesisthefirststepinmakingtheInternetasaferplace.
World’sBiggest
DataBreaches
EduTechO365SecurityPages
SecurityAdvisories
PolicyTemplates
SecurityAwarenessInformation
CyberCareerPaths• AreyouCreative?
§ Keeppeoplefrombecomingvictimsononlineattacks§ Findsystemweaknesses§ Doyouliketoobservingpeopleandtheirbehavior?§ Areyouaproblemsolver?
• AreyouAnalytical?§ Makehardwarehackerproof§ Doyouwanttomakesurephones,airplanes,carsandotherequipment
hacker-proof?§ Makesoftwarehackerproof
• AreyouTechnical?§ HuntdownbadguysontheInternet?§ Overseesystemsandeverythingconnectedtoit?§ BeanInternetfirstresponder?
PhysicalSchoolAccess
• 65SchoolDistrictsvisited…Sofar
• WhatIhaveseen§ Visitorbadges§ VisitorLogs§ Novisitorlogs
• SocialEngineering
Whatisintelligence?Thecollectionofinformationandanalysistoprovideguidancethroughassessingdata
Whyisintelligencesharingimportant?The9/11attackswereamandateforchange.TheinabilityoftheU.S.intelligencecommunityto“connectthedots”duetoinefficientinformation-sharingmechanismsandthegapindomesticintelligenceledtoimprovingthenation’sintelligencesharing.
Reformationsince9/11resultedinthecreationof• DepartmentofHomelandSecurity• DirectorforNationalIntelligence• NationalCounterTerrorismCenter• RevampingFederalBureauofInvestigationcapability• StateandLocalFusionCenters
• NDSLICisownedandoperatedbyNorthDakotawithsupportfromDepartmentofHomelandSecurityStateandLocalProgramOffice.
• FocusedonInformationSharing:Gather,blend,analyze,andshareinformationwithtraditionalandnon-traditionalpartners.
• Collaborative:Workwithmultipleagenciestodetect,prevent,apprehend,andrespondtocriminalterroristactivity
• Flexible:AllCrimesandAllHazardsapproachasmostfusioncenters.• Wearecommittedtoprotectingthecivilrightsandcivillibertiesofall
Americans• NOTFocusedOnlyonTerrorism:NDSLIChasbroaderCapabilitiestoassistin
counter-terrorismaswellAllCrimesandAllHazardsMissions.
WhatistheNDSLIC?
WhoistheNDSLICNorthDakotaStateandLocalIntelligenceCenter
• 1BCISpecialAgent(Director)• 1NDHPSergeant• 1NDDESCivilianAnalyst(Chiefof
Operations)• 1InformationLiaisonOfficer(ILO)• 5BCIIntelligenceAnalysts• 1DHSIntelligenceOfficer• 1InformationTechnology
DepartmentCyberAnalyst
• 3NGCounter-DrugAnalysts• 1CriticalInfrastructureProgram
Manager• 1NorthDakotaAnti-Terrorism
ProgramForceProtectionOfficer• 1NorthDakotaAnti-Terrorism
ProgramSpecialist• 1USBorderPatrolAgent
NDSLIClinksNorthDakotaPublic&PrivateSectors,NationalNetworkofFusionCenters&IntelligenceCommunity
MS-ISAC,E-ISAC,F-ISAC,Infragard,CyberIntelligenceNetwork,CenterforInternetSecurity
IncludesHigherEducation,K-12Schools,EnergyandFinancialIndustries
NDSLICSupportandProducts
• WeeklyIntelligenceSummary§ CriticalInfrastructureandKeyResources§ CybersecurityBi-Weekly
• CybersecurityAlert• SiteAssistanceVisits• PublicAdvisories• Security/SafetyTraining• ThreatAssessments• VariousAnalyticalCharts
• CyberCriminals§ OrganizedCrime(US,Russia/Ukraine,etc…)§ Malware/Phishing/Ransomware/SocialNetworking
• Hacktivists§ IdeologicallyMotivated=politicalissues§ WebsiteDefacements/DDoS/Doxing
• TerroristGroups/Extremists§ Propaganda/Fundraising/Recruitment§ Youthtargeting
o 3BritishteenagegirlstravellingtoSyriatojoinISISo http://www.cnn.com/2015/02/25/middleeast/isis-kids-propaganda/
• NationStates/AdvancedPersistentThreat§ ForeignGovernments§ Capability&Intent§ https://www.technologyreview.com/s/603262/ukraines-power-grid-gets-
hacked-again-a-worrying-sign-for-infrastructure-attacks/
Whoisattackingus?
TechCoordinatorsName,
OnDAY,MONTH,YEARwewerenotifiedaboutthefollowingdevicethatgeneratedaWildFirealert.
Name: k12.nd.us
Address: 10.XXX.XXX.XXX
ThealertwascausedbyaWildFiresubmissionthatcamebackasmalicious. Whatdoesthatmean?
1.ItwasafilethatwasnotseenbyourPAWildFireservice2.Itwasuploadedtothecloudtobeanalyzed3.Thefilewasactuallydownloadedbythedevice4.WildFiredetermineditwasbadandisnowblocking5.Thefilenameoftheidentifiedfilewas"MaliciousCodefilenamefrome-mailXXXXXX.EXE"
ThedeviceshouldbeinvestigatedforanysignsofcompromiseandafullAVscanshouldberun. Ihaveattachedthewildfirereportonthecharacteristicsofthemalware.
EduTechTicket# H2HXXXXXXXX
When you find the devices and remedy the situation, please provide me a resolution.
Thank you.
IntelligenceSharingwithEduTechWildfireReports
• SpringLakeParkSchoolsMichigan(December2016)§ http://abcnewspapers.com/2016/12/07/ransomware-virus-attacks-slp-schools-technology/§ Backupshadthemupandrunningintwodayswithoutpayingadime
• CloquetMinnesotaSchools(March2016)§ http://www.duluthnewstribune.com/news/crime/3989320-cloquet-schools-suffer-ransomware-attack§ $6000ransom§ Didnotpayransom§ Schoolcancelledfor1day§ Phishing/SpamEmail
• BigforkMontana(November2016)§ http://www.edweek.org/ew/articles/2017/01/11/ransomware-attacks-force-school-districts-to.html§ Phishing/SpamEmail§ Didnotpayransom
• CockrellHillPoliceDepartment(January2017)§ http://www.csoonline.com/article/3163045/security/ransomware-steals-8-years-of-data-from-texas-
police-department.html§ $4000ransom§ Filesaffectedwentbackto2009,8yearsofdatagone§ SpamEmail
NationalCases
• Targeted&Untargeted• PhishingEmail• PersonalEmail• PhoneCalls• FinancialGain• 6 casesidentified• Somecompanieshadnobackupordiscoveredbackupswerenot
workingandforcedtopayransom• Lost4yearsworthofdata
Agencies,Healthcare,Retirement
NorthDakotaCases
IsitreallyANONYMOUS?Bevigilantanyway
• Stolenduringwork• Calledme“assoonassheknew”• LoggedintoiCloudandputdeviceinLostmode• Putmyphonenumberandnameonthemessage• Musthavestillhadwirelessorfoundaknownwirelessnetworktoreceivethemessage
• NON-CELLULARiPad
Daughter’sStoleniPad
• 3monthslaterphonecallfromKansasgasstationmanager
• Customeruseditascollateralforgas
• StationManager’sfatherpluggeditintoaPC
• LostiPadMessageappeared
• GaveittolocalPolicewhoshippedittoBismarckPD
Daughter’sStoleniPad
• NationalCyberSecurityAlliance- helpsalldigitalcitizensstaysaferandmoresecureonline§ https://staysafeonline.org§ https://www.stopthinkconnect.org/
• NetSmartz.org– developedbyNationalCenterforMissing&ExploitedChildren,theirmissionistoserveasthenation’sresourceonissuesofmissingandsexuallyexploitedchildren.§ http://www.netsmartz.org/Parents
• CommonSenseMedia=helpingkidsthriveinaworldofmediaandtechnologybyhelpingfamiliesmakesmartmediachoices.§ https://www.commonsensemedia.org/
Resources
• DepartmentofHomelandSecurity- https://www.dhs.gov/• FederalTradeCommission
§ ReportingIdentityTheft=https://www.identitytheft.gov§ ProtectingAmerica’sConsumers=https://www.ftc.gov/datasecurity
• NDSLIC– https://www.nd.gov/des/homeland/fusion-center/• Infragard
• PartnershipbetweentheFBIandprivatesectordedicatedtosharinginformationandintelligence• https://www.infragard.org/
Resources
