Scribd Logo
Upload

Welcome to Scribd!

  • Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen

    Uploaded by

    e.Republic
    17 views15 pages
    Michigan DGS 2015 Presentation - You've Been Hacked Now What by Chris Christensen

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Michigan DGS 2015 Presentation - You've Been Hacked Now What by Chris Christensen

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views15 pages

    Michigan DGS 2015 Presentation - You've Been Hacked Now What - Chris Christensen

    Uploaded by

    e.Republic
    Michigan DGS 2015 Presentation - You've Been Hacked Now What by Chris Christensen

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    State of Michigan

    Cyber Disruption Response Plan


    Chris Christensen, J.D.
    Director, Infrastructure Protection

    A Comprehensive Shared Cybersecurity


    Plan for the State of Michigan

    The Need Why is the plan important?

    The approach: Key drivers for the methodology adopted

    Key outputs

    Challenges encountered

    Lessons learned

    Looking forwards

    The Need Federal Mandates


    State of the Union 2013
    ... our enemies are also seeking the ability to
    sabotage our power grid, our financial institutions,
    and our air traffic control systems.
    ... executive order... will strengthen our cyber
    defenses by increasing information sharing, and
    developing standards to protect our national
    security...
    President Barack Obama
    February 12, 2013

    Approach: Key Drivers for the Plan

    Presidential Policy Directive-21: Critical Infrastructure Security and


    Resilience

    Department of Homeland Security National Infrastructure Protection


    Plan 2013 (NIPP): Partnering for Critical Infrastructure Security and
    Resilience

    Homeland Security Presidential Directive-5 (HSPD-5): Management of


    Domestic Incidents

    Homeland Security Presidential Directive-7 (HSPD-7): Critical


    Infrastructure Identification, Prioritization and Protection

    Homeland Security Exercise and Evaluation Program (HSEEP)

    NIST Publication 800-55 Rev. 1, Security Measurement Plan

    The Need State Mandates


    National Governors Association 2013
    Attacks on our personal safety and economic
    security through the Internet continue to grow
    and expand. Michigan is taking a leadership
    role with regard to protecting the vulnerable
    ecosystem in the cyber world, and in
    accelerating the economic development and
    growth of the cybersecurity industry.
    Governor Rick Snyder
    September 26, 2013

    The Need Being Prepared for the Worst


    Proverb:
    By the time you hear thunder, its too late to build the Ark.
    There are two kinds of big companies in the United States. There
    are those who have been hacked and those who dont know
    theyve been hacked.
    -James Comey, FBI Director
    According to a report released by IBM and the Ponemon Institute, the
    per-record cost of a data breach reached $154 this year, up 12 percent
    from last year's $145. In addition, the average total cost of a single
    data breach rose 23 percent to $3.79 million.
    May 27, 2015
    Ponemon: Data breach costs now average $154 per record...
    www.csoonline.com/.../ponemon-data-breach-costs-now-average-154-per-r...

    CDRT Membership
    The CDRT internal structure follows
    ICS principles, with the Chair and
    Co-Chairs appointing a CDRT lead
    to act in the incident commander
    role. CDRT membership will fill
    Planning, Operations, Logistics,
    and Finance roles, as needed and
    as appointed by the CDRT Lead.

    The Need Breach Frequency

    Source: Symantec Internet Security


    Threat Report (ISTR), 2014

    Approach

    4 month project to collect insights and process information from key


    stakeholders

    Leveraged the experience of a large security companys incident response


    personnel to aggregate data and write plan

    Individual and joint meetings with stakeholders with iterative feedback points
    to ensure accuracy and practicality

    Based on federal and state best practices and mandates fused with best
    practices in cybersecurity incident response

    Tabletop exercise simulation exercise to train and rehearse for real life
    scenarios

    Early Detection and Rapid Response

    Key Outputs

    Comprehensive plan for coordinated response to a cyber incident

    Coordination and communication annex for streamlined emergency communication


    between multiple agencies and public/private partners

    Defined roles and responsibilities of entities

    Preventative measures

    Expedited detection and analysis of issue

    Play by Play instructions on key tasks and actions required to mitigate damage,
    spread of incident and expedite remediation

    Training plan

    Risk assessment

    Post-incident analysis

    Lessons Learned

    Know and understand your cyber security ecosystem

    Under-communication and assumptions are your enemy

    Know and understand the formal (and informal) roles of those who need to be
    involved

    Facilitate (and insist) on input upfront from stakeholders in the plan-creation


    process (as opposed to it coming at the 11th hour)

    Assume unforeseen impediments and scope creep

    Leverage collaborative document sharing tools

    Once the tool is created, you have to implement it, practice it, validate it and
    continually improve it

    Response Levels and Anticipated Engagement Activities

    Coming soon!

    Questions

    Michigan Cyber
    Disruption Plan
    Chris Christensen, Infrastructure Protection

    You might also like