Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen
description
Transcript of Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen
![Page 1: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/1.jpg)
State of Michigan Cyber Disruption Response Plan
Chris Christensen, J.D.
Director, Infrastructure Protection
![Page 2: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/2.jpg)
A Comprehensive Shared Cybersecurity Plan for the State of Michigan
The Need – Why is the plan important?
The approach: Key drivers for the methodology adopted
Key outputs
Challenges encountered
Lessons learned
Looking forwards
![Page 3: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/3.jpg)
State of the Union – 2013“... our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.”
“... executive order... will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security...”
President Barack Obama
February 12, 2013
The Need… Federal Mandates
![Page 4: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/4.jpg)
Approach: Key Drivers for the Plan
Presidential Policy Directive-21: Critical Infrastructure Security and Resilience
Department of Homeland Security National Infrastructure Protection Plan 2013 (NIPP): Partnering for Critical Infrastructure Security and Resilience
Homeland Security Presidential Directive-5 (HSPD-5): Management of Domestic Incidents
Homeland Security Presidential Directive-7 (HSPD-7): Critical Infrastructure Identification, Prioritization and Protection
Homeland Security Exercise and Evaluation Program (HSEEP)
NIST Publication 800-55 Rev. 1, Security Measurement Plan
![Page 5: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/5.jpg)
National Governor’s Association – 2013
“Attacks on our personal safety and economic security through the Internet continue to grow and expand. Michigan is taking a leadership role with regard to protecting the vulnerable ecosystem in the cyber world, and in accelerating the economic development and growth of the cybersecurity industry.”
Governor Rick Snyder
September 26, 2013
The Need… State Mandates
![Page 6: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/6.jpg)
The Need… Being Prepared for the Worst
Proverb:
“By the time you hear thunder, its too late to build the Ark.”
“There are two kinds of big companies in the United States. There are those who have been hacked… and those who don’t know they’ve been hacked.”-James Comey, FBI Director
According to a report released by IBM and the Ponemon Institute, the per-record cost of a data breach reached $154 this year, up 12 percent from last year's $145. In addition, the average total cost of a single data breach rose 23 percent to $3.79 million.
May 27, 2015Ponemon: Data breach costs now average $154 per record...
www.csoonline.com/.../ponemon-data-breach-costs-now-average-154-per-r...
![Page 7: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/7.jpg)
CDRT MembershipThe CDRT internal structure follows ICS principles, with the Chair and Co-Chairs appointing a CDRT lead to act in the incident commander role. CDRT membership will fill Planning, Operations, Logistics, and Finance roles, as needed and as appointed by the CDRT Lead.
![Page 8: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/8.jpg)
The Need… Breach Frequency
Source: Symantec Internet Security Threat Report (ISTR), 2014
![Page 9: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/9.jpg)
Approach
4 month project to collect insights and process information from key stakeholders
Leveraged the experience of a large security company’s incident response personnel to aggregate data and write plan
Individual and joint meetings with stakeholders with iterative feedback points to ensure accuracy and practicality
Based on federal and state best practices and mandates fused with best practices in cybersecurity incident response
Tabletop exercise – simulation exercise to train and rehearse for real life scenarios
![Page 10: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/10.jpg)
Early Detection and Rapid Response
![Page 11: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/11.jpg)
Key Outputs
Comprehensive plan for coordinated response to a cyber incident
Coordination and communication annex for streamlined emergency communication between multiple agencies and public/private partners
Defined roles and responsibilities of entities
Preventative measures
Expedited detection and analysis of issue
“Play by Play” instructions on key tasks and actions required to mitigate damage, spread of incident and expedite remediation
Training plan
Risk assessment
Post-incident analysis
![Page 12: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/12.jpg)
Lessons Learned
Know and understand your cyber security ecosystem
Under-communication and assumptions are your enemy
Know and understand the formal (and informal) roles of those who need to be involved
Facilitate (and insist) on input upfront from stakeholders in the plan-creation process (as opposed to it coming at the 11th hour)
Assume unforeseen impediments and scope creep
Leverage collaborative document sharing tools
Once the tool is created, you have to implement it, practice it, validate it and continually improve it
![Page 13: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/13.jpg)
Response Levels and Anticipated Engagement Activities
![Page 14: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/14.jpg)
Coming soon!
![Page 15: Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen](https://reader030.fdocuments.net/reader030/viewer/2022032515/563db927550346aa9a9a8c7c/html5/thumbnails/15.jpg)
Michigan Cyber Disruption Plan
Chris Christensen, Infrastructure Protection
Questions…