Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Readiness for Manufacturing

Published byJulius Strickland Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Security Readiness for Manufacturing"— Presentation transcript:

1 Cyber Security Readiness for Manufacturing
Spencer Cobb- Cytellix Cybersecurity Manager Don Pital - GaMEP Growth Services Manager

2 A little about me… Spencer Cobb, 20 years experience in Cyber security. Various roles in multiple cutting edge start ups helping global organizations secure their networks and confidential information. Cytellix, is the commercial cyber security division of IMRI. IMRI, Delivering comprehensive IT and engineering solutions since 1992 Successfully delivered over $150 Million in technology contracts. Secure over 1500 networks with 7M endpoints. Army, DISA, Missile Defense Agency are customers. We are focused on helping small manufacturers meet new Federal Supply chain compliance guidelines around cyber security readiness. Partnered with Manufacturing Extension Partnerships around the U.S. About me.. Please see the conference guide. I’m with Cytellix security. We help companies secure their networks. We help manufacturers meet with the new NIST and DFARs for cyber security comp

3 Quick survey… Raise your hand if….(Keep them up please)
You or someone you know has had their personal credit card or identity stolen. Your company or a company you know has been hacked. Your company or a company you know has been hit with ransomware. Your company or a company you know has paid ransom ware… You are likely running out of hands and your arms are getting tired. *? Make each ‘choice’ fly in separately?

4 Cyber attacks on the rise!
If the show of hands wasn’t enough to demonstrate, let me point out… The simple fact is cyber attacks are now part of our lives. Attacks are becoming common place. Hacking is a fact of life. Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

5 Cyber attacks on the rise!
60% of SMB cybercrime victims go out of business within 6 months of attack (NCSA) 50% of all surveyed in 2014 reported being victims of cyber attacks. (National SBA) 70% of all targeted attacks struck small to mid-sized organizations in 2016.(SMB Group) 50% of small and midsized businesses have fallen victim to ransomware 48% of those paid a ransom,   (2017 Ponemon Institute) Attacks are happening more frequently and large portion are aimed at small businesses. Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

6 Not if but when? 79% percent of small businesses do not have an incident response plan. Without one, you may never be able to fully recover when a cybersecurity incident becomes a reality. 75% of spear-phishing attacks in 2015 targeted businesses less than 250 employees. 53% of small businesses reported they do not allocate budget for risk mitigation services because they do not store valuable data, yet the majority of respondents reported they store addresses (68%) and phone numbers (65%), along with other valuable Personal information.

7 Ok we get it… 56% of SMB’s are unprepared to identify and respond to a security event (EiQ Networks 2017) 75% of SMB’s admitted a small-to-nonexistent IT security staff, with zero to two employees dedicated to that role. (EiQ Networks 2017)

8 256 days Average time to detect malware*
Value at Risk 256 days Average time to detect malware* $5,850,000 / US Average total cost of a data breach** *Beyond Trust ** Ponemon Institute Costing a data breach: Brand value Intellectual property Customer relations Supplier relations Competitive information Information Recovery Systems Recovery Remediation Damage Control Downtime Legal costs Forensics 04:30 – 04:59 Brian Berger Value at Risk, Threat, Ability to Detect, Total Cost - determines what is reasonable.

9 Who is attacking? Nation states Hacktivists Organized Crime

10 Why are we being attacked?
Over $1B in rasomware has been paid out so far this year. Cyber espionage yields IP

11 Categories of attacks in SMB
                                                                                                                               2 Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

12 Root causes of attacks – ex.
Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

13 What is being stolen? Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

14 Common TTP’s Common Tools, Tactics & Procedures in manufacturing attacks Phishing, spear-phishing, SQLi, malvertising>>>account hijacking or malware infection, for data exfiltration or ransomware (encryption) Top techniques are phishing, spear-phishing which result in account hijacking or malware for data exfiltration or rasomware

15 Real world anecdotes Manufacturer in MI: Hit by ransomware 3 different times. Paid increasing amounts of ransom to decrypt files. Industrial Materials Manufacturer in PA: Hit by ransomware twice. Paid $10,000. Manufacturer in NJ: Put out RFP for components. Provided information about its products to bidders. Later found out it was being hacked. FBI found out that a Chinese company which had bid on the RFP had hacked the company and stolen IP, reproduced their product for sale on Chinese black market.

16 Security Challenges What do we know?
Constant system upgrades, moves and changes Resources in IT and Cyber are limited in most organizations Real time analysis across the entire enterprise or cloud is required Awareness of every computer, network, device (IoT) and route is required for true situational awareness We need to understand attack paths, risks and data leaks Increased requirements for Cyber Security Compliance and Policies Ok now that I’ve scared the heck out of you.. Lets continue with the challenges of SMB Mans.. Most SMB don’t have the personnel, tools or budget to keep up with the latest hacking techniques. Security is Dynamic. Remember 10 years ago before we had smartphones? Think of the next 10 years in terms of ioT , robotics, and AI? What will our challenges be then?

17 What is NIST and why do I care?
NIST ( National Institute of Standards and Technology) is Part of US Department of Commerce. Founded in 1901, one of nations oldest physical science labs. Founded to promote U.S. innovation and industrial global competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life. NIST ITL ( Industrial Technology Lab) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. Developed a framework for best practices in cyber security.

18 NIST Cybersecurity Framework Characteristics
General Best Practices Summary of good cyber proactive and reactive steps Good for any manufacturer implementing basic cybersecurity measures BUT, framework also provides specific implementation compliance measures for companies supplying the federal government to be implemented by 12/31/2017 First, let’s look at the basic framework……… Do Show of hands for who has NIST requirements

19 5 Steps to Reduce Cyber Risk (NIST Cybersecurity Framework)
PROACTIVE REACTIVE

20 IDENTIFY your assets and risk
Know who has access to the network (secure logins) Control their access (including contractors,vendors, customers) Know your devices (what’s connected to the network) Know what is “mission-critical” data and where located Who has responsibility for cybersecurity (roles) Procedures/Training where needed Remote access usage and protocols

21 PROTECT your assets Limit employee access (downloads, admin. rights, uploads (USB) Keep software program revisions up to date Keep firmwear current (firmwear= software for the hardware) Install, Activate, Update software and hardware firewalls Secure wireless networks (password, turn off auto identifier feature) Setup effective website and filters (blocked sites/users) Securely dispose of used equipment (primarily hard drives)

22 DETECT vulnerabilities
Install and update anti-software (anti-spyware,anti-virus,anti-malware) Monitor autologging files for suspicious activity Consider 3rd party network penetration testing for problems Consider 3rd party network continuous monitoring

23 RESPOND to events Documented Disaster Recovery Plan (Who is responsible?, What to be done?) Who do you notify? What constitutes “an incident” What immediate actions are taken (shutdown, use backup site etc.)

24 RECOVER successfully from events
Restore/Reboot backed up data to appropriate devices Continue regular backups during recovery period Consider/ Utilize cyber insurance Notify affected groups as needed (i.e. customers, internal staff) Evaluate response for continual improvement

25 Hackers stealing IP from DoD and its suppliers
And Replicating our technology! These successful attacks have led to stricter guidelines for protecting information in DoD supply chain. Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

26 Compliance Specifics for Federal Supply Chain
NIST CSF  provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks. Known as a best practices guide for Computer Security. NIST security standards have been adopted by Federal and Commercial organizations. ALL commercial suppliers in the Federal supply chain must be NIST compliant by end of 2017 ( including automotive and aerospace): Cyber readiness and compliance.

27 Cybersecurity for Manufacturers
DoD contractors including small businesses must adhere to two basic cybersecurity requirements Must provide adequate security for information that resides in or transits through internal unclassified systems Must rapidly report cyber incidents and cooperate with the DoD to respond to security incidents Adequate security is defined as a minimum in NIST with the 14 controls ( to protect controlled, unclassified data) All contractors must implement full compliance no later than December 31, 2017 Contractors must notify the DoD, of any security gaps, within 30- days of any contract award I’d be remiss if I didn’t mention this… since I’m here at the request of the NIST MEP to discuss security…

28 What is NIST ? NIST SP Protecting Controlled Unclassified Information CUI Protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations. The requirements apply to all components of nonfederal information systems and organizations that process, store, or transmit CUI, or provide security protection for such components. The CUI requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations. NIST is the basis of the cyber requirement for DFARS DoD, GSA and NASA suppliers and subcontractors are affected.

29 What do I need to do? CSET completed – (DHS Self Assessment)
GAP analysis completed with a plan of action for remediation and priority list defined Have a continuous improvement and awareness program in place Prepare for notification to your contractor should you be hacked

30 Other questions What skills do I need to accomplish this?
Outsource or become an expert. Are there services that provide a complete documentation and improvement program? Yes, look for a single service provider that can take you through the entire process. What happens if I don’t do this? Your business will suffer in a couple ways You will be hacked, no question (not if but when) Your contractor is required to have proof of compliance to give you new contracts

31 Cytellix tips and tricks
Never open from unknown senders Set strong privacy setting on your devices – you don’t want to overshare Right click on addresses to verify sender’s domain is legitimate, prior to opening an message. Java script in your browser is insecure, disable it! Always ask yourself questions about communications sent to you, be suspicious is the best practice. When in doubt about an and its intentions, call the sender to verify. Use two step verification / authentications Use the best browser available from a security perspective, stay aware of exploits of browsers. If it’s being offered for free, it’s never free Patch, patch, patch! Use antimalware and antivirus products vs nothing Pay attention to mobile app permissions and access, some will access very private, personal and proprietary information you want to remain confidential. Always update security when requested by legitimate publishers Back-up your data, use multiple places/locations. Clean up (delete) apps you don’t use Back up your data offline when possible Use device passwords to lock and encrypt the data wherever possible – losing a device is painful enough! Do not download applications from unknown publishers or sites Never leave devices set to default Never share USB keys/drives Change Wi-Fi passwords often and never repeat them Do not open attachments in messages from suspicious senders – verify sender and intentions Don’t use names, birthdates, and phone numbers as passwords – be unique and complex Using mobile devices for browsing is just as risky as laptops for discovering malware and virus’s Social media has risks associated with personal information – don’t feed the bad guys information they can use against you. Check what ports are open on your network and their behaviors Inventory your devices and their IP addresses on your network Segment your network for guest and internal users Remove any devices that are end-of-life from their manufacturer from your network – they are attack points Public Wi-Fi networks are very risky for data protection on your devices – use a VPN Log-out of services like banking when your done with your business. Use a secure password manager for all your unique passwords Don’t store UID/PW in cookies on devices, just don’t do it Never us the same password 2x IoT is pretty cool, but, make sure you manage these IoT devices with the same care as your computer. Physical spying takes place as much as digital spying, watch who is looking over your shoulder. No one is protected from being hacked, you are, will and have been hacked!

32 Thank you Spencer Cobb Cytellix Director, Strategy & Business Dev.
(404) Thank you Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

33 Ransomware… more info Malware provisioned on your network that encrypts all of your organization’s files and demands a payment to for a decryption key. The infection typically happens in one of two ways: by clicking on a link or attachment in an or via an exploit kit released by a compromised website. Ransomware authors will often leverage slight modifications, process injection, and other techniques to make their programs slip past antivirus security undetected. Once on a machine, ransomware searches the system for files to encrypt. Some ransomware target specific file types (for example: .docx, .xlsx, etc.). In many cases, encryption can occur in minutes or even seconds e.g. Chimera encrypted an entire network in 18 seconds. Files are rendered inaccessible and typically renamed with a new file extension that can sometimes signal which type of ransomware you’re dealing with. Once encryption is complete, a ransom or lock screen is displayed informing the user they have X amount of time to pay a fine (typically in the form of Bitcoin) in exchange for a decryption key. After that deadline the ransom will go up or the files will be destroyed.

34 Ransomware risk mitigation TIPS:
Establish a third-party user education program on how to identify a phishing . Shut down the ability for user terminals to share resources peer-to-peer. Implement a back-up strategy for personal data on external drives or virtual drives. Install a reputable antivirus program that will block a majority of known ransomware attacks. Never host an external-facing server on the same hardware as a database or data store. Ensure proper segmentation between web servers and database servers.  Track vulnerability patch status of critical data servers and file shares. Make sure IT staff has a data back-up strategy for databases and file shares, Consider using secure third-party cloud or virtualized services for critical data storage and files shares offsite.

35 Cytellix outsourced Cyber
Cytellix provides a turnkey, affordable, comprehensive solution to help the small and medium business meet Cyber requirements CSET Assessment management & report Network scan and real-time assessment & report Gap Analysis & Assessment of 14 controls & report Continuous network asset monitoring Remediation and compliance service – best practices & practical implementation

36 Cytellix – Trusted Leader in Managed Cyber Security
IMRI, Delivering comprehensive IT and engineering solutions since 1992 Successfully delivered over $150 Million in technology contracts Computer Operations: Manages over $300 million Cybersecurity: Over 1500 networks, 7 million devices; Engaged with U.S Army Network Enterprise Technology Command; Missile Defense Agency; U.S Army Corps of Engineers; DISA Data Center/Cloud Computing: 15 facilities, 4 million users, 2800 applications Data Center Consolidation: 22 operations with merger of $2 billion in assets Software Development: Application modernization and software development planning and implementation Certifications: ISO 9001 / AS9100; CMMI compliant; industry and professional certifications So we have a lot of experience in security and IT in general. Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

37 Industry averages While many small businesses are concerned about cyber attacks (58 percent), more than half (51 percent) are not allocating any budget at all to risk mitigation. Dangerous disconnect: one of the more popular responses as to small businesses they don’t allocate budget to risk mitigation was that they, “feel they don’t store any valuable data.” Yet a good number report that they in fact DO store pieces of customer information that are of significant value to cyber criminals: 68 percent store addresses; 64 percent store phone numbers; and 54 percent store billing addresses. Small businesses reported that only: 38 percent regularly upgrade software solutions; 31 percent monitor business credit reports; and 22 percent encrypt databases. If a company has a password policy, 65 percent report they do not strictly enforce it. 16 percent report that they had only reviewed their cybersecurity posture after they were hit by an attack. 75 percent of small businesses have no cyber risk insurance. Confidential & Proprietary © 2017 IMRI Translating business needs into technology solutions

38 Recommendations CSET Assessment management & report
Network scan and real-time assessment & report Gap Analysis / Assessment of 14 controls & report Continuous network asset monitoring (to show continuous cyber readiness improvement) Remediation and compliance – best practices & practical implementation for continuous improvement (Follows NIST guidelines for cyber security readiness)

Download ppt "Cyber Security Readiness for Manufacturing"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Network security policy: best practices

Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Agenda Do You Need to Be Concerned? Information Risk at Nationwide

Agenda Do You Need to Be Concerned? Information Risk at Nationwide
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!

Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!
Payment Card Industry (PCI) Rules and Standards

Payment Card Industry (PCI) Rules and Standards
Proactive Incident Response

Proactive Incident Response

Similar presentations

Ads by Google