2/28/2019

1

#HackedHow safe is your city?

Mike Sturm, IT Director, City of San Marcos

Beth Ann Unger, IS Manager, City of Frisco

How frequently are local governments under cyberattack?

Source – 2016 Survey by International City/County Managers Association (ICMA) and University of Maryland, Baltimore County (UMBC)

0

10

20

30

40

50

60

70

Hourly or more At least once a day Less than daily Don't know

Attacks Incidents Breaches

2/28/2019

2

How well prepared are local governments to respond to cyberthreats?

0 20 40 60 80 100 120

Detect attacksDetect incidents

Prevent breachesRecover from breaches

Detect exfiltrationPrevent exfiltration

Recover from exfiltrationRecover from ransomware

Very Good / Excellent Good Poor / Fair Don't KnowSource – 2016 Survey by International City/County Managers Association (ICMA) and University of Maryland, Baltimore County (UMBC)

Are Cities Really a Target?

"Government organizations, in particular city governments, are prime targets; they not only process a lot of citizen and business data, but are also less secure as tighter budgets severely limit what IT updates they can carry out," Bittner said. "Bad actors have no doubt put the 89,000 local governments across the country in their cross-hairs. It is just a matter of time before many of these governments realize they’ve been hacked.“Mike Bittner, Digital Security & Operations manager at The Media Trust

2/28/2019

3

In the News

https://securitytoday.com/articles/2019/01/15/ransomware-attack-closes-down-texas-town.aspx

In the News

https://abc13.com/technology/houston-city-systems-were-hacked-twice/4925202/

2/28/2019

4

https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/

In the News

https://www.nbcnews.com/news/us-news/baltimore-s-911-emergency-system-hit-cyberattack-n860876

In the News

2/28/2019

5

In the News

https://www.kbtx.com/content/news/City-of-Bryan--506137221.html

In the News

https://www.houstonchronicle.com/news/houston-texas/houston/article/Harris-County-looks-to-boost-cyber-security-after-

12524738.php

2/28/2019

6

https://www.nytimes.com/2017/04/08/us/dallas-emergency-sirens-hacking.html

In the News

https://www.denverpost.com/2018/04/05/samsam-ransomware-cdot-cost/

In the News

2/28/2019

7

This map issued by the Justice Department reveals the scope of the ransomware attack that struck the city of Atlanta government computers and more than 200 victims across the country, including hospitals, local governments and public institutions. SOURCE: U.S. Justice Department (The Atlanta Journal-Constitution)

https://patch.com/colorado/denver/feds-indict-iranian-hackers-samsam-ransomware-cdot-others

Two People Responsible for SamSam

2/28/2019

8

This map issued by the Justice Department reveals the scope of the ransomware attack that struck the city of Atlanta government computers and more than 200 victims across the country, including hospitals, local governments and public institutions. SOURCE: U.S. Justice Department (The Atlanta Journal-Constitution)

Common Threats

2/28/2019

9

Single Layer of Deterrents

Invaders

2/28/2019

10

14 BillionSpam messages aresent on a daily basis

Hackers Work FastUnfortunately, hackers work fast, too. According to May 2017 research by the Federal Trade Commission,it took only nine minutes before the hackers tried to access the information from a fake data breach. –Melanie Lockert , Credit Krama Inc

2/28/2019

11

According to industry analysts, cybercrimes are expected to cost $6 trillion annually worldwide by

2021... and 2019 could be the worst year yet for cyberbreaches. - Texas Government Insider, Strategic Partnerships, Inc.

Categories of Phishing Messages

Vishing

Smishing

Search Engine PhishingSpear Phishing

Whaling

PHARMING

2/28/2019

12

Strong Foundation

CJIS

HIPAA

SCADAPCI

FinancialPayroll

Homeland Security

State and Federal regulations

Human FactorCrypto locker

Financial Phishing Scams

W-2 Phishing Scam

Cloud Services – Denial of Services

Financial Fraud

2/28/2019

13

Smart Initiatives

Layered Defense

2/28/2019

14

What’s the current status of the cybersecurity program in your local government?

Developed security awareness training

for workers and contractors

64%

Created a cultureof information

security in yourgovernment

63%

Acquired and implemented continuous

vulnerability moni-toring capabilities

57%

Obtainedcyber

insurance

54%

Established trusted partnerships for

information sharing and response

50%

Adopted a cybersecurity

framework, based on national standards

and guidelines

42%

Adopted a cybersecurity strategic plan

35%Developed a

cyberresponse plan

27%

Used metrics and testing to

documentprogram

effectiveness

25%In July-August 2018 PTI conducted a survey of local government I.T. executives representing cities and counties across the U.S.

How Safe is Your City?

Have your city adopted security policies that define acceptable behaviors and practices?

Resources:• TML Risk Pool – city login required to access eRiskHub

• https://www.sans.org/security-resources/policies/general

2/28/2019

15

How Safe is Your City?

Does your city provide regular security awareness training?

Resources:• www.knowbe4.com

• www.sans.org

• TML Risk Pool – city login required to access eRiskHub

How Safe is Your City?

Does your city conduct regular security assessment or audits?

Resources:• Department of Homeland Security Services Catalog

• Texas Department of Information Resources Managed Security Services

2/28/2019

16

How Safe is Your City?

Does your city have Cyber Liability Insurance Coverage?

Resources:• TML Risk Pool – provides coverage to Risk Pool members.

Additional coverage available for a modest additional fee.

It’s Not a Matter of If, but When

• Security Can be Inconvenient - Empower your Information Technology (IT) staff to help protect you

• If you don’t have internal IT resources, procure managed security services

• Department of Homeland Security Services Catalog

• Texas Department of Information Resources Managed Security Services

• No amount of money or resources will guarantee your security

• Identify your resources and have a plan before an incident occurs

2/28/2019

17

Additional Free Resources for IT Staff

Center for Information Security (CIS) https://www.cisecurity.org/

• CIS 20 Critical Controls: https://www.cisecurity.org/controls/

• Benchmarks: Secure Configurations for 100+ Operating Systems and software

• Hardened Images: https://www.cisecurity.org/hardened-images/

• CIS SecureSuite: https://www.cisecurity.org/cis-securesuite/

• Free Tools and Resources

•CIS-CAT Pro – Vulnerability & Benchmark scanning tool

Additional Free Resources for IT Staff

MS-ISAC: https://www.cisecurity.org/ms-isac/

• 24/7 Security Operation Center

• Incident Response Services

• Cybersecurity Advisories and Notifications

• Malicious Code Analysis Platform (MCAP)

• Access to Cybersecurity Table-top Exercises

• Vulnerability Management Program

• Nationwide Cyber Security Review (NCSR)

• Awareness and Education Materials

2/28/2019

18

Additional Free Resources for IT Staff• Cyber Training

• Federal Virtual Training Environment (FedVTE)

• (https://niccs.us-cert.gov/training/federal-virtual-training-environment-fedvte)

• Texas Engineering Extension Service (TEEX)

• (https://teex.org/Pages/Program.aspx?catID=607&courseTitle=Cybersecurity)

• DHS Catalog of free services: https://www.us-cert.gov/sites/default/files/c3vp/sltt/SLTT_Hands_On_Support.pdf

#HackedHow safe is your city?

Mike Sturm, IT Director, City of San Marcus

Beth Ann Unger, IS Manager, City of Frisco