Download Information Security - Georgia Libraries Tech Center

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
Document related concepts

Community informatics wikipedia , lookup

Information security wikipedia , lookup

Security printing wikipedia , lookup

Emerging adulthood and early adulthood wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
The State of Cybersecurity
Dr. W. Todd Watson, Sr.
Information Security Officer
Board of Regents of the University System of Georgia
GPLS Technology Bootcamp - April 28, 2016
Agenda
• Introduction
• Emerging Cybersecurity Trends
• Challenges and Opportunities
– People
– Technology
– Processes
• Questions
Dr. W. Todd Watson, Sr.
• Information Security Officer
Board of Regents of the
University System of Georgia
• 30+ year technology
veteran
•
•
•
•
Engineer
IT manager
Chief executive
Consultant
• Experience earned in both
Private and Public Sectors
Doctor
Public Policy and Administration
Master of Science
Computer Science, Information Assurance
Bachelor of Science
Computer Science
Adjunct Professor
Cybersecurity, Technology, and Public
Management
A short InfoSec story
• Engineer: Late 1970s - early1980s
– Hitachi Semiconductor – HM4716-AP3
•
•
•
•
•
16K x 1bit MOS DRAM
Kazumitsu Nakamura
Aha! Let’s bake in “sawdust.”
Pedigree circuits
Call for secure design
A shorter(?) InfoSec story
• Engineer: 1980s
– C-band (3.7GHz) satellite
communications
– I killed these. Almost.
– How?
• Symmetric-key encryption
• In continuous use until June 26, 2014
Current and Emerging Trends in
Cybersecurity
– Malware. And More Malware.
– Phishing, Spearphishing and Whaling
– Multifactor – Effective or Not?
– IoT
– SCADA
– UEFI vs. BIOS – Emerging root variant?
Current and Emerging Trends in
Cybersecurity
Source: TrendMicro
Current and Emerging Trends in
Cybersecurity
Current and Emerging Trends in
Cybersecurity
Source: TrendMicro
Current and Emerging Trends in
Cybersecurity
Ransomware in the news:
February 17, 2016: Presbyterian Medical Center, Los
Angeles: Ransom PAID: $17,000
March 8, 2016: Horry County Schools, South Carolina:
Ransom PAID: $10,000
March 9, 2016: Crawford County Library System,
Arkansas: PAID: Undisclosed
March 23, 2016: Kentucky Methodist Hospital: PAID: $0
March 25, 2016: Baltimore Union Memorial Hospital:
Ransom PAID: $18,500
April 18, 2016: Follett’s library management software
Open to Ransomware Attacks, via JBoss server
Malware rules
• 35% increase in RansomWare in 2016
– Windows, Mac, Linux, Mobile, Watches, TVs
– Why? Because it is profitable!
• Attacker-owned infrastructure
• “Service-oriented” organized crime
– Electronic payment: 1 = $400(+/-)
– Customer Service Help Desk
Phishing, Spearphishing, Whaling
• 400% increase in phishing attempts related to
the tax season in 2016
– Increases in quality of phish
– Seasonal during Thanksgiving, Christmas, Taxes
• Business Email Correspondence (BEC)
attempts - W-2s
– Primarily directed at HR departments
– Social engineering
• Whaling increases in 2015-2016
– Subpoenas
– Customer complaints
Multifactor: Panacea or Pandora?
•
•
•
•
•
Verification Code Forwarding Attack
Man-in-the-middle
Trojan
Segmentation is strength
Weaknesses
– Leverage of OS X Continuity
• synchronization of messages across platforms
– Leverage of Google Play’s remote app
The Internet of Things (IoT)
Cameras, cars, lights, medical devices, etc.
Mass produced
Widely available
Well-known default credentials
Built-in management services (web, ftp, SMTP)
Often constructed with little or no security
controls baked in
• Failure of device designers to recognize risk
•
•
•
•
•
•
The Internet of Things (IoT)
SCADA (Supervisory Control And Data
Acquisition)
•
•
•
•
•
Electrical Substations
Dam Controls
Building Lighting, Cooling
Security Lighting
Nuclear Power plants
UEFI (Unified Extensible Firmware
Interface)
• Replacement to traditional BIOS
• Rootkit deployable via USB drives
– Think about patron computers
• Extraordinarily difficult to expunge
• Emerging…
USG Cybersecurity Challenges and
Opportunities - People
• Challenges
– Training is not
keeping pace
with demand
• 8000 needed
• 54 supplied
– Public vs. Private
Compensation
– Management
recognition of
fulltime focus on
Cybersecurity
• Opportunities
– Increasing
Cybersecurity
education centers
– Increased
awareness of need
for security pros
– Emphasis on
training and skill
building
USG Cybersecurity Challenges and
Opportunities - Technology
• Challenges
– Technological
change is the
constant
– Complexity
increases risks
• Occam’s razor
– Interoperability
breeds
complexity
• Opportunities
– Some developers
are beginning to
understand the
problems
– Better tools and
improved
accuracy for
measuring threats
USG Cybersecurity Challenges and
Opportunities - Process
• Challenges
– Disjointed policies
standards
guidelines
– No clear
framework
– Conflicting
direction
• Opportunities
– New direction
– Adopting NIST
Cybersecurity
framework
– Significantly
increased budget
– Building a Security
Operations Center
– Threat Awareness
Thank You!
Todd Watson
[email protected]
Related documents
Cybersecurity of Medical Devices
Cybersecurity of Medical Devices
Interagency Cybersecurity Forum Launched; NRC Chairman Allison Macfarlane Chairs Inaugural Meeting
Interagency Cybersecurity Forum Launched; NRC Chairman Allison Macfarlane Chairs Inaugural Meeting
Cybersecurity and Information Assurance
Cybersecurity and Information Assurance
Framework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity
French cybersecurity firms increasingly successful in fast
French cybersecurity firms increasingly successful in fast
TODAY’S TECHNOLOGY CAN CHANGE IN THE BLINK OF AN EYE.
TODAY’S TECHNOLOGY CAN CHANGE IN THE BLINK OF AN EYE.
your cybersecurity solution must do
your cybersecurity solution must do
Saint Leo University Computer Science and Information Systems
Saint Leo University Computer Science and Information Systems
Applied Cybersecurity
Applied Cybersecurity
International Conference on Advanced Material - icamt-2016
International Conference on Advanced Material - icamt-2016
Green Wave Environmental Care Competition 2016
Green Wave Environmental Care Competition 2016
Call for paper/abstract/panel/workshop IACIS 2016 - 56 International Conference
Call for paper/abstract/panel/workshop IACIS 2016 - 56 International Conference