Friday, January 20, 2017

Watcher at the Gates: DHSEM Keeps Eye on Cyber threats

High-profile hacks have dominated headlines in recent weeks and months, including the hacks of the Democratic National Committee and Yahoo. Online breaches are far from harmless; as the Director of the FBI pointed out in 2015, the Internet is connected to every aspect of our lives: financial, civil, social, health and, yes, physical security. And the nature of the digital world puts tremendous reach, power and access in the hands of criminals.

“Dillinger [the famous gangster] could not do a thousand robberies in all 50 states all in the same day in his pajamas halfway around the world, moving at the speed of light. That is what we face today,” FBI Director James Comey said in a speech in November 2015. “This threat, moving at 186,000 miles per second…shrinks the world to the size of a dot, and poses enormous challenges for us.”

The Division of Homeland Security and Emergency Management (DHSEM) has an analyst dedicated solely to helping to protect Colorado’s critical infrastructure against the threat of cyber attack. Jerry Eastman is a Cyber Analyst within the Colorado Information Analysis Center (CIAC).

Working closely with Federal, State and Local experts including the FBI, CBI and OIT, Eastman keeps a close eye on current and potential cyber threats that could impact Colorado. He maintains situational awareness of global trends and current attacks, such as bad actors’ tactics, techniques and procedures. When a threat or breach could have implications here in Colorado, Eastman and other cybersecurity watchdogs partner to reach out and coordinate with the sectors that could be the target of an attack.

One of the most important recent projects that you never heard about was their role behind the scenes in the 2016 election. Leading up to the election, multiple agencies including DHSEM and CBI met with the Secretary of State’s office to make plans to protect the security of Colorado’s election process and establish contingency plans.

“We sat down with the Secretary of State’s office and said: Walk us through what you’re worried about and how the system is implemented in Colorado, so we can know what to watch for,” Eastman said. Local, State and Federal workers partnered before the election to share resources and plans, and then stayed connected throughout election day to quickly share information about potential threats and vulnerabilities.

Throughout the year, Eastman also works with community partners to proactively identify and address cyber vulnerabilities – “Something weak in our systems that could be exploited,” he explained.

For example, many industrial control systems such as city water systems or electrical grids are managed electronically. When the CIAC becomes aware of cyber vulnerabilities that could be exploited they will reach out to operators to alert them to patch their own potential weaknesses.
“It’s not just our governments, but utilities as well. We have been told thank you, you helped us stop that [threat],” said Jory Maes, Infrastructure Protection Program Manager.

Eastman focuses on protecting critical infrastructure across the state – which means sometimes the threat is tied to the everyday online behaviors of state employees. His recommendation to employees to make sure they are safe on their home and work networks.

Follow the advice of OIT: have strong, unique passwords.
“The training that OIT puts out is great. But we tend to leave it at the door.  People practice good cybersecurity at work but don’t realize that bad habits at home can make you vulnerable,” he said. For example: reusing the same password for multiple accounts makes you vulnerable to hacking if one of your accounts is phished or hacked. The details you provide about yourself and your habits, whether through over-sharing online or from having a personal account hacked, can empower bad actors to engage in “social engineering,” or using that information to trick you into revealing much more important information (passwords, etc.).

Spending an hour with Jory and Jerry will shake your complacent sense of safety – but they see that as a good thing.

“Just assume you’re exposed,” Maes concluded.

Top tips for CDPS employees:
Don’t reuse passwords.
Have strong and unique passwords (OIT training covers ideas and best practices)
Don’t click on attachments. Hover over them to see if the URL is trustworthy – and even then, sometimes it’s best to verbally ask the sender if they sent a link or attachment.
Only download mobile apps from iTunes or the Google Play store.
Tempted by clickbait in social media? Try Googling the topic or searching YouTube for the video instead of clicking on images and links embedded in social media. Malware can be attached to anything you click on your computer or mobile device.
Don’t trust public WiFi. The convenience comes at too high a cost.

Wednesday, January 18, 2017

Trooper's 'Secret to Winter Driving' Video Goes Viral


On Jan. 5, Colorado State Patrol Trooper Josh Lewis had had enough. With winter conditions rendering roads slippery across the state, CSP Troopers had spent all morning coming to the rescue of drivers who had slid off the road. The drivers were behind the wheel of every type of vehicle, from small sedans to trucks and large SUVs -- but they shared one thing in common: they were all driving too fast for the current conditions.

CSP facebook post goes "After spending hours on I-70 that morning, and seeing firsthand how many people could have avoided crashing or sliding off the road by simply slowing down, it came to mind that a simple reminder might be effective in helping people get to their destinations safely," Trooper Lewis said. "CSP has always been a leader of education before enforcement. Basically: if we can teach people how to avoid crashing versus responding when they do, it is time well spent."

 Trooper Lewis grabbed his phone and shot a quick selfie-video that he posted to the State Patrol's Facebook page.

In the video, he tantalizes the viewer with an offer to teach them the super secret way to stay safe on winter roads. After a short build-up in which he adds that this information is also the secret to avoiding "cranky troopers" having to pull people out of trouble in freezing cold temps, Trooper Lewis reveals the secret: "SLOW DOWN."

The slightly snarky video was an immediate hit. It struck a chord with drivers all across the world. The video quickly surpassed 1 million views and was featured on numerous local media outlets.

As of mid-January, the video had:
  • Been viewed more than 3 million times
  • Reached more 10 million people (thanks to sharing on TV and other channels)
  •  Resulted in a spike of about 10,000 "likes" for the CSP Facebook page, driving the total "likes" from about 45,000 to more than 55,000 within a week.
Trooper Lewis said CSP social media posts have achieved the million-plus viewership range before, but nothing has attained the numbers in the short timespan that this video did.

"Our most popular social media posts involve either animals, tragedy, or sarcasm.  I figured some people would respond to a little 'tough love,' but not to the degree of how far reaching it went!" He said. 

As for why he thinks the video was so successful, Trooper Lewis surmised it was a combination of the message's simplicity and its delivery. "Nobody responded with 'this is for me, I am a bad driver.' They always think it will happen to someone else, and so with a little bit of snark that makes it funny enough to get a chuckle, they shared it, thinking 'other people need this- but not me!'" Lewis said. He added: "It helped that it was timely, right at the end of a snow storm, so people literally just saw (or experienced!) what I was talking about." 

As for his brief moment of internet fame, he's taking the glory with a good dose of humility: "As for fame, well, if I had to be a police officer famous for a video on the internet, I think this may be a 'best case' scenario!"

Watch the video by clicking on the image below.
 Secret to winter driving video

Tuesday, January 17, 2017

DCJ Sends Message of Appreciation to Brothers and Sisters in Uniform

DCJ staff filled these 18 boxes with goodies to
thank State Patrol members for their service and sacrifice.
In early January, members of the Division of Criminal Justice (DCJ) baked, bought, prepared and packed in a sign of solidarity for their teammates in the Colorado State Patrol.


The DCJ team wanted to show their support for their brothers and sisters in uniform after a 2016 that was difficult for the State Patrol, including the tragic on-duty death of Trooper Donahue.


“We wanted a simple way to express that we recognize and appreciate how challenging the day-to-day work of the State Patrol is, and to thank all of them for their service and sacrifice,” said DCJ Director Jeanne Smith.


DCJ members prepared 18 boxes of treats for delivery to 18 regional CSP offices. The boxes were full of cookies, popcorn, pretzels, nuts, and other goodies.  

“The staff members in DCJ wanted to find a way to let troopers know that we appreciate the risks they take in helping us all be safer,” Jeanne said. Andi Martin, Jill Nore and the Office for Victims Programs coordinated the project.

Learn About Using Unmanned Aircraft Systems in PublicSafety at 2017 Summit

Unmanned Aircraft Systems (UAS) are already being used to assist emergency agencies with responses to structure fires, wildland fires, traffic accidents, and crime scene investigations all over the world.

Would you like to learn more about the benefits and challenges of standing up a UAS program in your public safety agency?

The Colorado Division of Fire Prevention and Control's Center of Excellence is partnering with Chaffee County to host a summit on Small Unmanned Aircraft Systems in Public Safety:

Unmanned Aircraft Systems in Public Safety Summit

WHAT:    The summit will feature demonstrations from vendors as well as practical information on standing up a UAS program. Learn more about this emerging technology and see it in action!

WHEN:    March 15-16, 2017

WHERE:  Mount Princeton Hot Springs Resort, Nathrop, CO.

COST:      FREE for public safety practitioners

REGISTER: Register online via this link: https://docs.google.com/forms/d/e/1FAIpQLSctm5yEfAg9vDUVb9VCrMG4kwheulMmHOgo81zs8Re_4EQcWg/viewform?c=0&w=1

MORE INFORMATION: For more information, contact Garrett Seddon  AT garrett.seddon@state.co.us .