Cybersecurity
Our Shared Responsibility
Cybersecurity
Shared Responsibility
• You can build the Great Wall of China
– But it only takes one person to open the gate and
let the enemy in
The People and Process Gap
We are at war
Sun Tzu says, he will win:
1. Who prepares
2. Who knows when to fight and when not to fight
3. Who knows how to handle both superior forces
and inferior forces
4. Whose army is animated by the same spirit
throughout all its ranks
5. Who has military capacity and is not interfered
with by the sovereign
Preparing for Battle
• Start thinking now before an incident
• Preparation is not a one time thing
– Educate yourself
– Educate your employees
– Constant improvement to your defenses
• Education- The Price is Right!
– SANS “Securing the Human”
– NACO Cyber Guidebook
– DHS Stop.Think.Connect.
Preparing for Battle
• Ignoring Cyber Security is like never going to
the doctor so that he can never tell you that
you are sick.
Quick Training
• Don’t pick up random USB sticks and plug
them in to your computer
– You wouldn’t randomly eat gum off the street,
right?
– That’s how Stuxnet ruined 1/5th of Iran’s nuclear
centrifuges.
Preparing for Battle
• Identify your Cyber Security Team
– Not solely the IT person’s responsibility
• Confidence gap in protecting against threats
– National Association of State CIOs survey says
• 60% of State Officials are Extremely Confident
• 24% of State Security Officers are Extremely Confident
– Improve communication
• Utilize outside resources
– NACO, MS-ISAC, SANS, DHS
Preparing for Battle
State of Iowa provides SANS “Securing the Human”
program at no charge. This is an excellent self paced
training program comprised of 4 to 5 minute
training videos.
Contact Alison Radl with DAS at
Alison.radl@iowa.gov
Know When to Fight
• Resources are limited
– Time
– Money
• Easy to implement and highly effective security
– Center for Internet Security Cyber Hygiene Campaign
•
•
•
•
•
Know what is connected to your network
Implement key security settings (password policy)
Limit and manage admin privileges
Keep operating systems and applications up to date
Repeat!
• Find your most critical assets and protect them first
Know What to Fight
• What is valuable to the enemy?
• Not only can they try and steal your data but
they can encrypt your files so you lose your
data(Ransomware).
Know What to Fight
• Social Engineering Attacks
– Baiting-irritate or taunt someone into a response
– Phishing-trick you into giving up information
– Pretexting-a lie based on research to get data
from you
– Quid Pro Quo- a scam where the bad guy “helps”
you with an issue but gains access to your data
– Tailgating- Gaining physical access to an area by
following someone into the facility
How to Handle your (Inferior) Forces
• In the Cybersecurity war, we have inferior
forces
– No agency can protect at 100%
– Cyber criminals only need 1 win to get your data
• Requires everyone working together
• Requires everyone to stay safe online
• Criminals are usually lazy and attack the “low
hanging fruit”
Animated by the Same Spirit
Animated by the Same Spirit
• Elected Officials and Department Heads
– Set a good example
– Learn
– Educate
– Practice
– Promote
Provide Capacity and Don’t Interfere
• Internally
– Budget for Cybersecurity initiatives
– Listen to your Cybersecurity TEAM
– Follow the policies and procedures that have been
established to keep you safe
• Externally
– Be cautious with vendors
• Don’t give them anytime remote access with full admin
privileges for their convenience
• Demand better security from them
Thank you for attending!
Joel Rohne
IT/GIS Director
Worth County
Joel.rohne@worthcounty.org
(641) 324-3668
Micah Van Maanen
IT Director
Sioux County
micahvm@siouxcounty.org
(712) 737-6818