Friday, January 20, 2017

Watcher at the Gates: DHSEM Keeps Eye on Cyber threats

High-profile hacks have dominated headlines in recent weeks and months, including the hacks of the Democratic National Committee and Yahoo. Online breaches are far from harmless; as the Director of the FBI pointed out in 2015, the Internet is connected to every aspect of our lives: financial, civil, social, health and, yes, physical security. And the nature of the digital world puts tremendous reach, power and access in the hands of criminals.

“Dillinger [the famous gangster] could not do a thousand robberies in all 50 states all in the same day in his pajamas halfway around the world, moving at the speed of light. That is what we face today,” FBI Director James Comey said in a speech in November 2015. “This threat, moving at 186,000 miles per second…shrinks the world to the size of a dot, and poses enormous challenges for us.”

The Division of Homeland Security and Emergency Management (DHSEM) has an analyst dedicated solely to helping to protect Colorado’s critical infrastructure against the threat of cyber attack. Jerry Eastman is a Cyber Analyst within the Colorado Information Analysis Center (CIAC).

Working closely with Federal, State and Local experts including the FBI, CBI and OIT, Eastman keeps a close eye on current and potential cyber threats that could impact Colorado. He maintains situational awareness of global trends and current attacks, such as bad actors’ tactics, techniques and procedures. When a threat or breach could have implications here in Colorado, Eastman and other cybersecurity watchdogs partner to reach out and coordinate with the sectors that could be the target of an attack.

One of the most important recent projects that you never heard about was their role behind the scenes in the 2016 election. Leading up to the election, multiple agencies including DHSEM and CBI met with the Secretary of State’s office to make plans to protect the security of Colorado’s election process and establish contingency plans.

“We sat down with the Secretary of State’s office and said: Walk us through what you’re worried about and how the system is implemented in Colorado, so we can know what to watch for,” Eastman said. Local, State and Federal workers partnered before the election to share resources and plans, and then stayed connected throughout election day to quickly share information about potential threats and vulnerabilities.

Throughout the year, Eastman also works with community partners to proactively identify and address cyber vulnerabilities – “Something weak in our systems that could be exploited,” he explained.

For example, many industrial control systems such as city water systems or electrical grids are managed electronically. When the CIAC becomes aware of cyber vulnerabilities that could be exploited they will reach out to operators to alert them to patch their own potential weaknesses.
“It’s not just our governments, but utilities as well. We have been told thank you, you helped us stop that [threat],” said Jory Maes, Infrastructure Protection Program Manager.

Eastman focuses on protecting critical infrastructure across the state – which means sometimes the threat is tied to the everyday online behaviors of state employees. His recommendation to employees to make sure they are safe on their home and work networks.

Follow the advice of OIT: have strong, unique passwords.
“The training that OIT puts out is great. But we tend to leave it at the door.  People practice good cybersecurity at work but don’t realize that bad habits at home can make you vulnerable,” he said. For example: reusing the same password for multiple accounts makes you vulnerable to hacking if one of your accounts is phished or hacked. The details you provide about yourself and your habits, whether through over-sharing online or from having a personal account hacked, can empower bad actors to engage in “social engineering,” or using that information to trick you into revealing much more important information (passwords, etc.).

Spending an hour with Jory and Jerry will shake your complacent sense of safety – but they see that as a good thing.

“Just assume you’re exposed,” Maes concluded.

Top tips for CDPS employees:
Don’t reuse passwords.
Have strong and unique passwords (OIT training covers ideas and best practices)
Don’t click on attachments. Hover over them to see if the URL is trustworthy – and even then, sometimes it’s best to verbally ask the sender if they sent a link or attachment.
Only download mobile apps from iTunes or the Google Play store.
Tempted by clickbait in social media? Try Googling the topic or searching YouTube for the video instead of clicking on images and links embedded in social media. Malware can be attached to anything you click on your computer or mobile device.
Don’t trust public WiFi. The convenience comes at too high a cost.

1 comment:

  1. Nice blog... This blog provide valuable information on cyber attacks on critical infrastructure and shows why cyber security is so important. Thanks for sharing