When Bad Things Happen

to Good Governments

Our Time Together

The Year of the Breach

The Cases: 2 You Know, 2 You Dont
What Have We Learned?
The 1 Thing You Must Do

Information Security

Cyber Security
Breach Malware Viruses
Hack Phishing Worms
DDoS Malware Botnets
Spyware
Ransom-ware

Public IT Priorities
STATE CIOs

COUNTY CIOs CITY CIOs

1.
2.
3.
4.
5.

1.
2.
3.
4.
5.

Cybersecurity
Shared Services
Cloud
Mobility
Staffing

Cybersecurity
Staffing
Shared Services
Mobility
Cost Control

1.
2.
3.
4.
5.

Open Gov/Data
Mobility
Cybersecurity
Staffing/Portal
DR/ COOP

Source: Center for Digital Government, Digital States, Counties, Cities, 2014.

Elected + Appointed Officials

What Respondents Want in a Network
Network
Security
Availability
Ease of Maintenance
Redundancy
0%

20% 40% 60% 80% 100%

Source: Center for Digital Government, 2015.

How Did We Get Here?

Ripped from the Headlines

Sources: ABC | KRON TV | WCPO TV | WWLP TV | WOCH TV |WTNH TV | KOIN TV | WSJ | AP | Sony | WH.gov

The Rise of Hacking Crews

Vikingdom2015: From Russia with Malice

Dj vu All Over Again

Here we are again, 50 years later

Dr. Strangelove or: How I Learned to Stop Worrying and Love the Bomb
Source: Universal Studios (1964)

Our Panel

How I Learned to Stop Worrying and

Love Cybersecurity

Career Defining Breaches

Managing the News Cycle

Managing the News Cycle

Michael Brown
August 9, 2014

Dateline: Ferguson

Flickr: Chuck Jines

Global-Local Hacktivism

August 9, 2014 January 7, 2015

Sources: Operation Ferguson/ Al Jazeera America

Meanwhile in the Capitol

125 miles away...

Google Maps

War Room 24/7

colorofchange.org

Can Anyone Be 100% Ready?

The one unfinished part of the

states cybersecurity program
and plan when the crisis hit:
Flickr: Steve Warren

DDoS

Dateline: Jefferson City

DAYS AS WORLDWIDE

Hacktivist Target:
Flickr: Steve Warren

123

Target: Governor Nixon

Flickr: Steve Warren

Target: Governor Nixon

colorofchange.org

The Grand Jury Decision

November 24, 2014

Attacks ramp up.

And fall short.
Scott Olson/ Getty Images

Key Learnings: Jefferson City

1
2
3
4
5
6
7
8
9
10

Understand Hacktivist Motives and Methods

Understand DDoS Attacks
Assess Your Network and Infrastructure
Prioritize Assets
Develop a Plan
Integrate Ops Centers (Network & Security)
Engage Partners Early (Public & Private)
Establish and Exercise a War Room
Monitor Social Media
Remain Nimble and Adaptable

Flickr: Steve Warren

[Someone elses] crisis is a

terrible thing to waste!

Flickr: Steve Warren

From the War Room

There is Something for

Everyone to Do

What Have We Learned?

The Little Red Breach Book

Elected and Appointed Officials

Cybersecurity = risk management.
Incidents are inevitable.
Prepare.
Fund and support.
Plan for PR.

What Have We Learned?

The Little Red Breach Book

Chief Information/ Technology Officers

Own the plan.
Keep stakeholders informed. No
surprises.
Champion a strong security
culture.

What Have We Learned?

The Little Red Breach Book

Chief Information Security Officers

Identify best practices.
Evaluate strategies, programs and
tools.
Monitor critical systems and
infrastructure.

What Have We Learned?

The Little Red Breach Book

Agency or Line of Business Managers

Take it seriously!
Scrutinize the delivery systems.
Rally agency resources.

What Have We Learned?

The Little Red Breach Book

Front Line Employees

Understand the importance of
their own roles.
Train.
See something, say something.
Dont click on it.

What Have We Learned?

The Little Red Breach Book

Service Delivery Partners

Private
Non Profit

Adopt best practices.

Adhere to requirements.
Share timely information.

What Have We Learned?

The Little Red Breach Book

General Public - Netizens

Encouraged through awareness campaigns to:

Do the basics.
Stay alert for common tricks.
Be a cybercrime-fighter.

The Exit Question

Thing

DOWNLOAD THE PRESENTATION AT

http://bit.ly/1D7wPuD

govtech.com/security