Cyber Security Symposium 2014
Today's cyber criminals morph their appearance and tactics before most organizations have even responded to the last attack. While defense-in-depth architecture has been the de-facto standard for fighting these attackers, their newfound speed has led to this architecture seeing 97% of "secure" organizations, including State, Local Government and Critical Infrastructures, breached within the last year. Diving into global attack data and his learnings from responding to decades of breaches, Kevin Mandia will provide a look at how the best answer to today's threats is about making security faster in responding to incidents. He will dissect recent campaigns that have seen even the "basic" cyber criminal adopting advanced attack techniques to bypass traditional defenses and present case studies that demonstrate how we need to rethink cyber security to make incident response a 10 minute, not 10 month, cycle.
Executive Leadership During a Cyber Attack " Lab-based Simulation Exercise (No video or presentation will be available)
In today's interconnected digital world, as an executive leader are you up-to-speed on cyber threat and what you would do if your agency or department was hit by a cyber-attack? Do you know who you would call? Do you have a response team identified and ready to deploy? Do you know the quick decisions that need to be made that may impact citizens, state employees and the Governor's office?
This simulation lab will consist of a simulated cyber-attack against the State of California and discussion about key topics that are relevant for executive leaders during a cyber-attack. At the end of this session you will walk away with key questions to ask your direct reports so that you better understand your agency/departments preparedness to deal with a cyber-attack and have a clear response plan and team in place to respond and limit the impact to citizens, state employees and the Governor's office. This simulation lab will also highlight other related cyber-attack/resiliency sessions at the 2014 Cyber Security Symposium that will be of interest to you and your direct reports.
Speaker: Kellman Meghu, Head of Security Engineering, Check Point Software Technologies Inc.
Description: Join me for a critique of the LucasFilm epic, from the perspective of a security audit. Let's review the security procedures and practices of the Galactic Empire, and see what they did well, but more importantly, learn from the mistakes they made. Prepare for a discussion on security policies and procedures, applied during the events that lead to the catastrophic business impact the Galactic Empire suffered as the result of data loss. This data was then turned against the Empire, with an advanced persistent threat that targeted, and eventually destroyed critical infrastructure. Then let us re-examine the situation with a proper security policy in place to understand how even the most basic policy approach, could have saved the Empires business, employee lives, and ultimately billions of dollars.
Alea Garbagnati , ERS Consultant, Deloitte
Laurie Rhea, Privacy & Disclosure Officer, CA Franchise Tax Board
Description: This presentation will focus on building a successful partnership between privacy and security teams. Presenters will provide effective models for state government and private industry, as well as best practices and tips for creating a collaborative environment between these distinct yet integral disciplines. Whether the role of privacy and security is unified in your organization or divided between separate offices, you'll gain insights into establishing a structure that will help your organization deal with issues, streamline operations, and improve productivity.
Speaker: Monzy Merza, Director of Security Markets, Splunk, Inc.
Continuous assessment and analysis of risk means selecting an approach or risk framework, gathering the structured and unstructured data you need from across the agency from security sensors, and viewing the data in the context of IT operations and applications data " all this while analyzing the data in a much broader context of the way people interact with the world around them. The smallest environmental factor can leave behind a digital bread crumb and can change the risk picture, potentially moving a risk score from very low to very high.
In this session we'll discuss:
" A step-by-step approach to selecting a risk framework " The data types you should be collecting from your security infrastructure " How a tiny bit of context creates a lot of understanding " Why employing a big data system can make implementation less painful
Speaker: Kelly Vance, Senior Director of Engineering and Education Services, McAfee. Part of Intel Security
Description: State government enterprises of all sizes need to protect their internal systems against both inbound and outbound attack vectors. When security considerations are absent from IT projects, there are significant risks. This session will discuss real world examples of how public sector departments can bake in security during the plan, design and operation phases of a project. This session will also discuss best practice approaches leading to successful collaboration between business and IT leads during phases of an IT project.
Nasser Azimi, Sr. Partner, Teranomic
Nick Degnan, Channel Manager, Pure Storage
Description: Cloud solutions require that Public and Private entities release physical control over their systems and data. This session will provide attendees with a presentation of how to plan and secure data running on Cloud solutions to avoid service and data risks while maintaining control at improved performance and cost! The presentation will provide evolving industry standards for Cloud solutions, identify best and worst practices, and lessons learned in recent years.
Speaker: Andrew Brandt, Director of Threat Research, Blue Coat Systems
Description: Advanced Persistent Threats: they are real and more prevalent than ever. The question is not if but when and how much damage will be done. Please join Andrew Brandt, Blue Coat Director of Threat Research, as he dissects a handful of significant and interesting attacks, based on in-depth research using real-world analytics gathered from Blue Coat's WebPulse Labs. Andrew will take us through a step-by-step journey into the world of cyber-crime, investigating today's prominent threat vectors. When it comes to the most dreaded CISO questions " Who did this? How? What systems were impacted? Is it over? Will it happen again? we will introduce a dynamic security defense that can keep up with the latest Web-based threats.
Education Session 6 " Jump Start Your Incident Response Plan (Room " 301)
Carl Neidhardt, Security Engineer, Check Point Software
Denise Mellor, AISO, GovOps & BCHS and CA Franchise Tax Board
Description: Have you been tasked with developing or revising your agency's cyber incident response plan? Or are you a leader that has been asked to sponsor or sign off on such a plan? Almost every organization is asked to comply with this requirement. But where do you actually start? Do you have to reinvent the wheel, or can you " steal with pride' from existing, proven plan components? In this session we will explore the many resources available to you in starting or improving your own plan, in accordance with guidelines from the state, from NIST, and from industry best practices.
Cyber-attacks threaten CA's roads, water and online services every minute of every day "
How agency and department executives can manage cyber risks to California
Speaker: Mike Wyatt,CISA, CIPP, Director " Cyber Risk Services Public Sector, Deloitte
Description: When the topic is a cyber-threat, most often, leadership (and the public) focus on the IT technology aspect of such an attack or the privacy implications as in the breach of credit card information or protected health information. However, the risks to public safety and the well-being of Californians due to cyber-attacks to the essential infrastructure, such as water resources, power plants, and online services are frightening and not well-understood by agency and department executives. The media places an overemphasis on the breach of personal information and protected health information but places little to no emphasis on the very real risks to public health and safety issues stemming from cyber-attacks. This session will paint three business scenarios involving hypothetical cyber-attacks against California's water system, surface transportation system and online services. It will highlight the all-too-real impact to agencies and departments, citizens, and the Governor's Office. At the end of the session you will be equipped with 2 " 3 practical risk management strategies to begin identifying and managing risks related to California's critical infrastructure and online services.
Glen Carson, Agency Information Security Officer, State of California Resources Agency
Gary Coverdale, Assistant Chief Information Officer and Chief Information Security Officer, County of Napa, CA
Bill Billings, CISO Federal HP Enterprise Security, CISSP, Hewlett-Packard Company
Mary DiPietro, Deputy Chief Information Security Officer, State of California
Description: We all know what happens when we assume that we can continue with " business as usual' during and after a major disruption. Our panel includes an Executive Leader, a Cyber Threat Expert, a state Agency Information Security Officer on a mission to create a cyber-continuity plan for the business " but they have to understand each other first! Delve into the definition of business continuity, what cyber threats mean to the business, and how an exploit can devastate the business in a millisecond. This session illuminates surprising perspectives about who needs to champion continuity planning and testing. Learn techniques to promote your business continuity program before you hear the words "this is not a drill" . Join us for an informative meeting of the minds.
C14_S8_Business Continuity (1503 KB)
Speaker Panel: Christian Turner, AISO Employment Development Department and LWDA Scott MacDonald, AISO, CA Dept of Corrections & Rehabilitation TBD, Verizon Robert Vescio, Global Director, Security Services Management Verizon Description: How do you explain to the business that just accepting the risk is NOT an okay way to mitigate risk? Are you prepared for a breach like the University of Maryland breach and the infamous Target breach? The threat landscape has changed from you MIGHT be attacked to you WILL be attacked. There are more ways than ever before for perpetrators to infiltrate your business and attackers have become more diverse, sophisticated and persistent. There is no doubt " you are a target! And the attackers are getting faster, while businesses are getting slower to react. But do not despair! Learn how you too can use evidence from confirmed breaches in the Verizon Data Breach Report to communicate risk to your executives and to build a focused security strategy. Also, learn specifics about breaches in the Public Sector and guidelines for defending against them.
Speaker: John Milburn, Executive Director, Product Management, Identity and Windows Management, Dell Security
Description: The need for increased visibility and controls over who has access to application data and unstructured data is becoming increasingly important to prevent breaches. And when there is a breach, how do we expedite decisions to resolve the breach? Data breaches underwent explosive growth in 2013: 740 million records were disclosed The average cost of one of these breaches was $214k 89% of these breaches were preventable 76% of these breaches were due to weak or stolen account credentials 31% of these breaches came from insiders with 84% of these inside attacks being motivated by revenge. During this session you will learn best practices for: Identifying Ownership of Data Securing Internal and Remote Access to Data Reporting Security Risks to Management
Nick Brandreth, AVP, Imperva
Doug Leone, AISO, CA Environmental Protection Agency
Robert Pittman, CISO- County of Los Angeles
Description: The technology landscape is continually evolving to the point where government entities must rethink their cybersecurity postures and adopt strategies, tactics, techniques and procedures to manage risk and protect their "crown jewels" (information assets) in the Networked Age. Now, more than ever, a holistic approach is necessary to secure sensitive data and deliver public service in a manner that meets the unique, mission critical needs of government. This session will discuss defense-in-depth layered approaches that enable entities to discover and classify their most important assets at the front end of project planning. By using such approaches, government entities can better determine dynamic technical solutions that meet cyber protection needs and proactively protect against cyber threats and not-yet-realized vulnerabilities.
C14_S11_Secure By Design-Imperva (2119 KB)
Speaker: Bill Harrod, Advisor, CA Technologies
Description: Almost every agency admits they need to do something about privileged user access (i.e., root access provided to system programmers, DBAs, etc.) within their environment, but usually don't understand all the associated risks. In this session, you'll better understand what privileged user management entails, your personal exposure, what recent breaches are attributable to a lack of proper privileged user management (can you say Target), and what simple steps you can take to address the situation.
Speaker: Bill Billings, CISO Federal HP Enterprise Security, CISSP, Hewlett Packard
Description: We all know that Cyber Attacks are on the rise. At some point every organization will go through defending and cleaning up after a successful attack. During this session I will walk through top infiltration techniques that I've encountered during the past year. Then I will discuss processes, technologies and minimum standards which will help during the remediation and cleanup efforts.
C14_S13_Back to Basics-BBillings (1015 KB)
Speaker: Dan Scali, Manager, Industrial Control Systems Security Consulting Services, Mandiant, a FireEye company
Description: Despite an increasing focus and investment in Industrial Control Systems (ICS) security, the ICS technology used to operate our society's critical infrastructure remains fundamentally flawed. Outdated operations and deployment models, a lack of appropriate security capabilities, and the extreme fragility of existing ICS technology all contribute to a reality where any anomaly in an ICS environment has the potential to disrupt operations or compromise critical ICS assets with implications for public welfare and national security.
At the same time, the "" air gap" " that engineers have traditionally relied on to protect industrial control systems (ICS) is quickly eroding. As we modernize and digitally connect the systems that govern our power grids, dams, sewage systems, water supply, traffic systems and other critical infrastructure, we also expose them to threat actors who can conduct attacks from anywhere in the world with little risk of attribution. Even as more robust and security-capable technology is deployed, "the defender's dilemma" makes it impossible to prevent a sufficiently-resourced, targeted cyber attack on ICS.
Although many organizations establish some form of security operations capability for their enterprise network, these benefits rarely extend directly to ICS. Instrumentation is usually deployed at the edge of the network rather than the core, where ICS typically resides. Logs are not often collected and forwarded to the Security Operations Center to enhance its visibility into ICS security. In cases where security operations capabilities are in place, the focus has been on finding evidence of compliance rather than indicators of intrusion or compromise.
This session presents an analysis of the ICS threat landscape followed by a high-level approach that asset owners can use to build effective capabilities for ICS network security monitoring.
C14_S14_Look, Don't Touch-FireEye (1761 KB)
Education Session 15 " Be Unafraid: Compliance doesn't have to be so scary! (Room " 311)
Joseph McClosky, IT Security Specialist, DuPont
Paul Haugan, CIO, Johnson County, Kansas
Johan Hybinette, CISM, CISSP, ISSAP, ISSMP, NSA-IEM, NSA-IAM CISO, HOSTING.com
John Stubbs, VP-Sales Global Software Channels, Stealth by Unisys
Panel Moderator " Jill Walsh, Unisys Stealth Strategic Solutions
Description: Shared access to data resources among employees, agencies, customers, and supply chain partners is must-have, and checking that compliance box is a must-do. But what you really want is to be more secure than check box requirements, and safeguard citizen privacy, intellectual property and other sensitive resources in a proactive, cost-effective and convenient way in this cyber-crazy era. Whether it's PCI, HIPAA, NIST, CJIS or others, compliance requirements are forcing organizations to re-think their security posture, and driving them to leverage breakthrough technologies to protect privacy, mitigate risk, reduce costs, and improve agility " all at the same. Listen how government and commercial representatives are tackling these challenges"_.and succeeding.
Speaker: Michael F. Angelo, Chief Security Architect, NetIQ Corporation
Description: We all know how to deal with traditional disaster & recovery scenarios but like everything else in IT, traditional wisdom may no longer be enough. Power, air conditioning, fire, flood and all other potential physical disasters are no longer the biggest problem facing your critical services and systems. We now need to worry about cyber-disaster recovery too.
This session will cover the impact of cyber threats on the disaster recovery process. It will provide guidance and insight beyond current reactive and preventative approaches. This guidance can reduce the risk of a cyber disaster and help you recover quicker in the event of a cyber disaster.
C14_S16_Disaster Recovery Planning-NetIQ (3119 KB)
Speaker: Terry Ray, Chief Product Strategist, Imperva
Learning From the Data Threat Landscape: Industrialization of Hacking and Sensitive Data Theft
Description: Advanced hackers are organized, armed and after the most prized commodity " your data. Data theft occurs daily and for various reasons, almost always with sensitive or confidential information. Terry Ray will explore the different types of threats in today's cyber security landscape " who they are, what they're after, how they attack, and the potential impact to your organization. Most importantly, he will outline how to prevent and combat these threats.
Speakers: Renault Ross, SLED Enterprise Architect, Symantec
Description: There are many models for managing data privacy in state government. In California, agencies have privacy coordinators who coordinate the impleentation of a privacy program based on law and on the privacy policies issued by the California Information Security Office. Some states have a Chief Privacy Officer(CPO) for the State, setting policy and providing oversight for individual agencies. Ohio created one of the first statewide CPO positions in 2007. This session will describe the different roles of the state CPO in the privacy programs of Ohio and West Virginia. You will learn how the CPO collaborates with the state CISO, how privacy compliance is ensured, and how Privacy Impact Assessments are used to manage privacy risk along with various governance and risk management tools.
Speaker: Diana Kelley, Executive Security Advisor, IBM Security Division
Description: The targeted attacks of today are perpetrated by sophisticated threat actors" including cyber-criminals, terrorists and nation states" who will gather their own intelligence about the intended target to develop custom strikes that improve the success of their campaigns. Once inside an organization, they are able to maintain persistence for longer periods of time in order to identify the data they wish to steal, and conceal their presence. In this session, you will learn why traditional approaches to security are being penetrated, and how organizations can redesign their security model to minimize the risk of attack. IBM will share how, by leveraging existing investments and integrating technologies, organizations can effectively communicate timely information and visibility into what is transpiring across all layers of the network. This access to data coupled with deep forensic capabilities allows organizations in turn to build a complete cyber security solution that protects critical Web applications, data and processes throughout their entire life cycle.
Education Session 19 " Web Application Security: Challenges, Remediation and Prevention (Room " 304/305)
Speaker: Ronald Hamilton, VP Security Solutions Division, Performance Technology Partners, LLC.
Description: Now, more than ever, government agencies are expected to provide effective web applications to deliver public services. Adoption of e-business methods has brought and will continue to create efficiencies, enhance service provision, and result in cost savings for hundreds of functions, including submission of tax returns and purchasing of health insurance. In this session, we will present the basic web application concepts, reactive techniques for remediating existing vulnerabilities, and proactive methods for building security into future web applications. Specific techniques, as applied to real world situations, to be discussed include penetration testing, digital incident investigation and leading edge methods for improving cyber offense capabilities.
C14_S19_Web Application Security (1189 KB)
Education Session 20 - Leveraging SAML to Enable Departmental Collaboration, Federation & Cloud Svcs
Speakers: Megha Tamvada, Sr. Product Manager, F5 Networks
Kala Kinyon Solutions Deployment Specialist, The SCE Group
Description: Organizations are deploying distributed, hybrid architectures that can span multiple security domains. At any moment, a user could be accessing the corporate data center, the organization's cloud infrastructure, or even a third party, SaaS web application. Also with the ever-increasing number of Web applications being accessed from a variety of devices, providing users with simple and secure single sign-on (SSO) is more critical than ever. SAML and identity federation solve these challenges by enabling a secure enterprise-wide single sign-on (SSO) solution and delivering the level of security that enterprises need to ensure their user identities are protected while providing federation. In this session you'll discover how to achieve departmental collaboration and cloud services leveraging identity federation with Security Assertion Markup Language (SAML)
Speaker: Raleigh Rhodes, Sr. Manager, Cyber Security Division, CenturyLink Government Services
Description: Discussion and presentation will provide an overview/update on the Department of Homeland Security Enhanced Cybersecurity Services (ECS) program that was expanded in February of 2013 by Presidential Executive Order (PPD-21). ECS is a voluntary information sharing program that assists critical infrastructure owners and operators as they improve the protection of their systems from unauthorized access, exploitation, or data exfiltration. DHS works with cyber security organizations from across the federal government to gain access to a broad range of sensitive and classified cyber threat information.
Speaker: Raj Shah, Director of Cyber Security, Palo Alto Networks
Description: With all the negative press about how weak the collective good-guy cyber defenses are, there is reason to hope. This presentation discusses four cyber security innovations that not only work but will fundamentally change how we will all do our jobs in the future. Some of our community are leaning forward with these ideas and showing us the way. They are teaching us how to transform our tactical Incident Response teams into strategic intelligence organizations. They are changing our old-school thinking of deploying tactical signature defenses into the more modern Kill-Chain and Indicators-of-Compromise methodology. They are breaking new ground on how to share threat indicator information between peers. Finally, they are adopting next-generation firewall technology to replace the very old last generation technology.
Devin Cambridge, Global Managing Director, FirstData Enterprise Security, Risk & Compliance, First Data
Carla Zuehlke, Statewide Technology Recovery Program Manager, CA Information Security Office
Description: With both the move to mobile and to the cloud, the challenge of protecting sensitive data as it flows from point can be daunting. The first step is to classify the data, as required by the State Administrative Manual, and that can be a difficult step to take. At this session,you will receive pointers on some simple classifications to use at smaller agencies as well as learn about new tool sets and techniques utilized in the private sector to classify information so that you can protect it as it moves from point to point and lands on various devices.
Speaker: John Ode, Field Product Manager, Americas, Sourcefire/Cisco
Description:Cyber Security Incident Response. Notes from the field. In this session the audience will learn how to plan, prepare, and partner to facilitate a Cyber Security Incident response.
C14_S24_Cyber Security Incident Response (1885 KB)
Speaker: Coy Thorp, Systems Engineer Aruba Networks
Description: We are living in an exciting era. Distributive technologies, such as social and mobile, have changed how we fundamentally work as a society. But our policy structure needs to keep pace with these changes. Typically, organizations do not have policy structures based on dated data access archetypes, and this policy structure is lagging behind the rate of innovation, aw well as the inherent security challenges that have resulted from an increasingly mobile workforce and contituency. This session will discuss how we adapt to these changes. In order to stay ahead of this wave, we have to create a policy structure that is 1. Flexible and adaptable to changing organizational needs. 2. Enables Security as a core function of the business and 3. Simple to understand, implement and revise. We will explore these challenges during this session. We will look at policy as a basic structure of security, and how we can create a policy that is not just a paper tiger, but a fundamental part of business and enables better security, visibility and control of the Internet of Things.
Dr. Harsh Verma, Vice-President, Global Innovative Research, R Systems
Bill Svien,Vice President of Corporate Strategy, 911 ETC
Ashok Bhatia, Vice President, R Systems
Karen Wong, CIO, CalOES
Daniel Quach, CIO, CPUC
Description: The Internet of Things (IoT) is fast becoming a reality " connecting People and Things to create a fully connected lifestyle. IoT will help government to accelerate the improvement of public services wherein Agencies can use data feeds from various monitoring sources and connected devices like grid and environmental sensors, cameras and building data to improve their performance. It is predicted that there will be over 50 billion devices and objects connected by 2020. Cyber Attacks in the forthcoming age of IoT can however create major disruption. Consequences of cyber-attacks leading to Traffic Lights possibly turning all green at the same time, in cities and towns, can create havoc and lead to disastrous accidents. Similarly, such attacks on Water Treatment System can lead to poisoning of water system supplies for citizens and the failure of Power Grid Systems resulting into failure of transit system, transportation & utilities. This will cause chief information security officers (CISOs) to reassess the scope of their security responsibilities, like an increased use of Enhanced 911 location co-ordinates and in such situations, it will be critical, for continuous risk analysis and assessment, to have detailed record on Location Info at the site of Incident where a Cyber Attack is reported or could potentially occur. This session will discuss the unique issues and challenges of IoT and provide an introduction and framework to blend e911 processes with Cyber-Security for effective continuous risk management.
Speaker: Arya Barirani, Vice President, Product Marketing, Infoblox, Inc.
Description: The DNS is a key building block of the Internet which is fast becoming one of the top-rated vectors for external ("outside-in" ) attacks on the infrastructure and internal ("inside out" ) attacks from malware. Most IT professionals know very little about the DNS and, subsequently, have done little to protect this critical asset. This session will discuss common vulnerabilities and attack surfaces, different types of DNS threat vectors, and security strategies/techniques to mitigate for this oft ignored security threat to network architecture. If built into a project plan from inception, the right network architecture can be designed to protect against the multitude of DNS attack vectors.
C14_S27_Domain Name System-Infloblox (2419 KB)
Speaker: James Christiansen, CISO, Accuvant
Description: An incident response plan allows or your organization to launch a mitigation effort against a cyber attack, but it opens a door that leads to a landscape of land mines. Being successful at managing an incident requires knowing exactly where the land mines are hidden so you can avoid making a career-ending mistake that can also cause severe damage to your agency. This is a critical survival skill for those who manage an incident response team and communications. Unfortunately, until now this skill was learned only through experience. Too often agencies have been blind sided by events during the incident response that they never expected. As a result response takes longer, cost more, and can make the situation even more unstable. Executive teams want complete answers quickly, yet communicating inaccurate information or taking the wrong step could result in lawsuits and regulatory fines. In the middle of a cyber attack, the incident response manager is faced with making many decision even when the information is incomplete. By making the wrong decision, you can give the advantage to the hackers. This session explores the most common issues encountered during an incident response effort and actions incident response teams can take in advance to prepare and avoid a challenging situation. The session will include case scenarios, details on what to expect and how to react, and best practices learned from combating attackers during the attack.
Speaker: Lamont Orange, CISO, Websense, Inc.
Description: The most secure organizations are not those with the latest defensive solutions or utilities on the market. They are those who employ broad defensive strategies. This is more than the 2014 model for "Defense in Depth" or "Layered defenses" . They are prepared for today's advanced threats because of the well-orchestrated application of both common and innovative defensive solutions, processes, and policies. This session will use the threat " kill chain' as a framework to discuss this highly effective approach.
Glenn Brunette, Senior Director, Cybersecurity, Oracle Public Sector Oracle
Joanne McNabb, Director of Privacy Education & Policy, CA Attorney General's Office
Description: Cheaper storage, pervasive imbedded sensors and sophisticated analytics are enabling the collection of larger and larger troves of data. Big Data offers the promise of new discoveries, new economic opportunities and solutions to seemingly intractable problems. Big Data also implicates privacy, for individuals, for government and for society as a whole. In this session, you will learn about privacy concerns related to Big Data, including how they might come up for state government, along with an overview of some approaches to addressing such concerns.
Awards were presented to those individuals that have had the greatest impact on the security and privacy in government and education sectors.
A total of five awards were presented in the following categories:
Security Leadership (3)
Security Leadership State Government
Security Leadership Local Government (City or County)
Security Leadership in Education
Privacy Leadership (1)
Security Operations Leadership (1)