Cybersecurity Quarterly Stopping Cybercriminals from Exploiting Government Domains with DMARC Evaluating the Malware Traits that Dominated 2018
Spring 2019
A Publication from
Answering the Tough Question: "How Secure are We?" Making Cybersecurity an Attainable Goal for Any Organization — No Matter Their Size
Tools of the Trade An in-depth look at our suite of tools — CIS CSAT, CIS RAM, and CIS-CAT Pro — that make implementing the CIS Controls in your organization and improving your cyber defenses easier than ever before
The Most Trusted Source for Information Security Training, Certification, and Research The Most Trusted Source for Information Security Training, Certification, and Research
CIS & SANS Institute
Information Security Training Partnership
CIS CIS&&SANS SANS Institute Institute
Information TrainingPartnership Partnership InformationSecurity Security Training
SANS Institute partners with the Center for Internet Security to provide its top-rated information security training and awareness programs to State, Local, Tribal, and Territorial Government organizations at significantly reduced costs. SANS Institute partners withthe theCenter Center for Internet Security totoprovide top-rated information SANS Institute partners with for Internet Security provide its top-rated information Leverage this special partnership to ensure that your employees haveits the skills and experience security training and awareness programs to State, Local, Tribal, and Territorial Government security training and your awareness to State, and Territorial Government necessary to protect criticalprograms organization fromLocal, cyber Tribal, threats. Program participants may purchase: organizations at significantly reduced costs. organizations at significantly reduced costs. Leverage this special partnership to ensure that your employees have the skills and experience
Leverage this special partnership to ensure that your employees have the skills and experience necessary to protect your critical organization from cyber threats. Program participants may purchase: necessary to protect your critical organization from cyber threats. Program participants may purchase:
Use SANS Security Awareness to More than 35 of SANS most popular train and test non-technical staff hands-on courses are available on email, file storage, digital access, OnDemand, or live, online in the Use Security More than 35 of SANS most popular andSANS general dataAwareness security. to evenings via vLive. train and test non-technical staffto hands-on courses are available Use SANS Security Awareness More than 35 of SANS most popular on email, fi le storage, digital access, OnDemand, or live, online in the train and test non-technical staff hands-on courses are available and general data security. evenings via vLive. on email, file storage, digital access, OnDemand, or live, online in the and general data security. evenings via vLive. Purchase training during the Winter Aggregate Buy window to receive the best pricing of the year. Discounts are available now through January 31, 2019. Purchase training during the Winter Aggregate Buy window to receive the best pricing of the year.training Discounts are available nowAggregate through January 31, 2019. Purchase during the Winter Buy window to receive the best pricing of
the year. Discounts are available nowpartnership@sans.org, through January 31, 2019. Contact or visit www.sans.org/partnership/cis Contact for partnership@sans.org, more information. or visit www.sans.org/partnership/cis Contact partnership@sans.org, for more information.
or visit www.sans.org/partnership/cis for more information.
Cybersecurity Quarterly
Contents
Featured Articles
Quarterly Regulars
Spring 2019
New Tools for Assessing Your Implementation of the CIS Controls Exploring our innovative new tools to make utilizing the CIS Controls easier than ever
8
Protecting State & Local Domains from Fraudulent Use with DMARC Stopping spoofing, phishing, and other fraudulent domain uses with the key email authentication protocol
16
Small Business, Big Impact — Making Cybersecurity Accessible to All A new toolkit, based on the CIS Controls, to help educate and guide smaller organizations to a more secure future
18
Quarterly Update with John Gilligan
4
News Bits & Bytes
6
Threat of the Quarter
12
Cyber Tips & Tricks
20
ISAC Update
22
Cyberside Chat
23
Calendar
24
Confidence in the Connected World Spring 2019 Volume 3 Issue 1 Founded MMXVII Editor-in-Chief Michael Mineconzo Copy Editor Shannon McClain
Staff Contributors Sean Atkinson Paul Hoffman Maureen Kunac Philippe Langlois Joshua Palsgraf Ryan Spelman Jessica Williams
Cybersecurity Quarterly is published and distributed in March, June, September, and December. Published by Center for Internet Security 31 Tech Valley Drive East Greenbush, New York 12061 For questions or information concerning this publication, contact CIS at info@cisecurity.org or call 518.266.3460 Copyright Š 2019 Center for Internet Security. All rights reserved.
3
Cybersecurity Quarterly
Quarterly Update
with John Gilligan
“Good cybersecurity starts with adoption of consensus IT best practices, such as the CIS Controls”
R
ecently, I had the privilege of representing CIS before the United States Senate’s Permanent Subcommittee on Investigations of Homeland Security and Government Affairs Committee. The topic of the hearing, understanding and preventing data breaches, is a core focus of our work at CIS. The breaches at Marriott and Equifax were the specific focus of the hearing. In my testimony, I highlighted the work of our members and our dedicated staff, and I shared our perspectives on how to confront the rising tide of cyber incidents. A point of emphasis for me was that good cybersecurity starts with adoption of consensus IT best practices, such as the CIS Controls. I shared that failure to implement cyber hygiene practices reflected in the CIS Controls has been shown to be the root cause of all major cyber breaches at organizations such as Target, Equifax, and OPM. I recommended to Congress during the hearing that they use our Controls as a basis for new guidelines for all organizations regarding basic cyber hygiene and prioritization of their security efforts. Recognizing the challenges that organizations continue to face in implementing effective cyber hygiene programs, CIS has been looking for ways to help guide organizations in their efforts. Working in collaboration with many in the cybersecurity community, CIS recently refined our Controls to prioritize the subcontrols into three groups based on priority and ability to implement. These three “Implementation Groups” will be the major new element when Version 7.1 of the Controls is released next month. I believe that Version 7.1 of the CIS Controls will be a major advancement to helping all organizations structure and prioritize their cybersecurity efforts.
4
I am excited about some of the great articles in this edition of Cybersecurity Quarterly as all share some perspectives on the challenge of ‘how to get started’ in implementing a cybersecurity program. Our own Phil Langlois and Maureen Kunac provide an overview of a new tool that CIS has launched to help organizations assess the quality of their implementation of the CIS Controls. This tool, the CIS Controls Self-Assessment Tool (CIS CSAT), also provides an ability to compare an organization’s scores against industry averages. Our colleagues at the Global Cyber Alliance (GCA) have provided us a great article on their recently launched GCA Cybersecurity Toolkit for Small Business, which is centered around the CIS Controls and is a great resource for any organization, but especially small to medium-sized businesses. Finally, our recently joined CIS CyberMarket partner Valimail walks us through some of the issues with securing that foundational IT element of almost every organization: email. I invite you to review these and the other columns in this edition of Cybersecurity Quarterly, and consider perhaps submitting an article yourself for the next one. We are always interested in engaging, educational, and vendor agnostic articles from our community of experienced cybersecurity professionals. If you would like to contribute, please send us an email at info@ cisalliance.org for more information.
John M. Gilligan President & Chief Executive Officer Center for Internet Security
Spring 2019
Protect your assets by deploying a custom-configured golden image. CIS SecureSuite® Membership includes:
• Consenus-developed
CIS Benchmarks™ for servers, OS, apps, and more
• Remote assessment with CIS-CAT Pro v4
• Remediation kits • CIS-CAT Pro Dashboard reports
10% Off
New One-year Membership 30 April 2019 Promo Code: GOLDEN-2019
www.cisecurity.org/cis-securesuite/
Cybersecurity Quarterly
News Bits & Bytes NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) and the Multi-State Information Sharing & Analysis Center® (MS-ISAC®) have announced an agreement to improve information sharing among the organizations with the goal of strengthening the cybersecurity of the nation’s critical electric infrastructure. The new agreement also deepens cooperation between the E-ISAC and the state and local government partners that the MS-ISAC represents. The goals of the partnership include improving security collaboration, providing joint analysis of security concerns and events, advancing processes for information sharing and situational awareness, and improving information sharing among all ISACs. John M. Gilligan, President and CEO of CIS, testified before the U.S. Senate Permanent Subcommittee on Investigations at a hearing on March 7th examining the causes and scope of private sector data breaches that exposed the sensitive information of millions of Americans. Gilligan testified during the second panel, which included witnesses from government agencies who focus on policies Congress could consider to help prevent future cyber attacks and data breaches. Gilligan identified trends and causes of recent cyber attacks, and explained how the CIS Controls™ can help organizations implement effective cyber defense. Video of the hearing and Gilligan's written testimony are both available on the subcommittee's website. The CIS Controls™ Cloud Companion Guide is now available. The guide allows users to manage cloud deployments by tailoring the CIS Controls in the context of a specific IT/OT cloud environment and provides guidance on how to apply the security best practices found in CIS Controls Version 7
6
to any cloud environment. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the control, along with any unique considerations from common IT environments. The guide can be downloaded here. Valimail is the newest vendor to join CIS CyberMarket. Valimail will be offering state, local, tribal, and territorial (SLTT) government entities exclusive pricing on Valimail Enforce: Government Edition, its fully automated email authentication solution for DMARC compliance and enforcement. It is the first and only FedRAMP authorized cloud-based service for DMARC enforcement to protect government domains from fraudulent use. Learn more or request a demo at https://go.valimail.com/gov. CIS has released its new CIS Controls™ Mobile Companion Guide, a new guide to help organizations break down and map the applicable CIS Controls and their implementation in mobile environments. This new resource helps organizations implement the consensus-developed best practices using CIS Controls Version 7 for phones, tablets, and mobile applications. The guide can be downloaded here. The Elections Infrastructure Information Sharing & Analysis Center™ (EI-ISAC®) has released its 2018 Year in Review. During 2018, the EI-ISAC evolved from an idea to a formalized collective of election officials, their staff members, associations, technology vendors, federal partners, and cybersecurity experts working tirelessly to help secure the U.S. elections infrastructure. From sharing information to creating educational opportunities and implementing technical controls, the EI-ISAC made substantial strides over its first year toward ensuring the security and integrity of our elections. Download the EI-ISAC Year in Review here.
Spring 2019
Kroll’s experienced leaders help clients make confident decisions about people, assets, and operations across the globe.
INVESTIGATIONS AND RISK MANAGEMENT SOLUTIONS Cyber Security & Incident Response
Business Intelligence & Due Diligence
Fraud & Corruption Investigations
AML & ABC Compliance
Asset Search & Recovery
Third-Party Screening
Dispute Advisory & Litigation Support
Security Risk Management
kroll.com 7
Cybersecurity Quarterly
New Tools for Assessing Your Implementation of the CIS Controls An overview of the new tools and updates CIS has introduced to make utilizing the best practices outlined in the CIS Controls easier than ever for your organization By Philippe Langlois & Maureen Kunac CIS® recently announced the launch of a new, free-of-charge web application available to the cybersecurity community: the CIS Controls Self-Assessment Tool, or CIS CSAT. This tool makes the powerful security guidance of the CIS Controls™ easier for teams to implement, track, and document. In combination with the CIS RIsk Assessment Method (CIS RAM), CIS CSAT allows organizations to effectively manage their risks. CIS CSAT enables security leaders to track and prioritize their implementation of the CIS Controls. The questions contained in CIS CSAT are based off of the popular AuditScripts Critical Security Manual
Assessment Tool and the platform was developed by our partners at EthicalHat. For each Control and Sub-Control, CIS CSAT helps track documentation, implementation, automation, and reporting.
Cybersecurity is a Team Sport CIS CSAT is a self-assessment platform that allows teams to join and collaborate on questions related to the CIS Controls. With CIS CSAT, the first person to register from your organization will be designated the “Owner.” Owners can add additional team members to the platform, so you can work on an implementation of the CIS Controls together. Owners using CIS CSAT can also delegate questions to other team members, set deadlines for each CIS Control and Sub-Control, collect documentation related to their findings and capture team discussion about each assessment question.
Reporting You Can Use Data is most useful if you can access it – which is why CIS has made it easy to share reports from CIS CSAT.
8
Spring 2019
Leverage your results with automatic reporting features, historical tracking, and access to raw data formats. Users can export assessment charts and other results directly into PowerPoint, Excel, and PDF. Assessment results from CIS CSAT can be exported per department or organizational unit, or you can take a more holistic view of the entire organization’s security. With cross-mappings to additional security frameworks like NIST SP800-53 and PCI DSS, you can also track your alignment between other best practices and the CIS Controls. This free tool also allows you to anonymously compare your results to the average of your industry or other peer group to help drive the direction of your security program.
Understanding the Risks In combination with CIS CSAT, CIS RAM helps organizations account for risk when implementing the CIS Controls. CIS RAM can utilize assessments from CIS CSAT to monitor risks. Consider implementing CIS CSAT and CIS RAM in a twophased approach by using the reports to: 1. Help your organization prioritize your implementation of specific CIS Controls. 2. Understand and document if your current implementation is reasonable given your risk.
As you answer the questions associated with CIS CSAT, you will find that, for a myriad of reasons, some SubControls may not be appropriate for you to implement. What you can do is use CIS RAM to determine the balance between the risks posed by not implementing the CIS Control and the associated burden of implementing said Control. If you find that implementing a specific CIS Control or SubControl would have a higher impact to your organization’s mission, objectives, and obligations than the risk it is seeking to mitigate, you may want to identify that CIS Control as “not-applicable.”
The Path Ahead Here is a five-step process to bolster your organization’s security with CIS CSAT and CIS RAM: Assess your current security posture using CIS CSAT Review CIS Controls and Sub-Controls that are not implemented Leverage CIS RAM to conduct a risk assessment on lower scored controls Use CIS RAM results to identify targets of opportunity and which controls aren't applicable Continuous evaluation: conduct regular CIS CSAT assessments to re-evaluate security posture As your organization continues to grow and evolve, you may want to review any “not-applicable” CIS Controls to ensure that conditions have not changed that would impact the risk. CIS looks forward to learning how organizations can leverage CIS RAM and CIS CSAT to measure and improve their cybersecurity posture.
9
Cybersecurity Quarterly
Security for Every Organization CIS is offering CIS CSAT and CIS RAM as free tools that can help organizations, regardless of size or resources, improve their security posture. With multiple reporting formats, collaboration functionality, and cross-mappings, it is a powerful place to start understanding and implementing the CIS Controls. CIS is excited to give back to the community that has helped it foster and grow the CIS Controls. If there are any features you would like to see, do not hesitate to reach out to our CIS Controls team. For more information on the tool, read the CIS CSAT FAQ.
CIS Controls V7 Come to CIS-CAT Pro Dashboard CIS SecureSuite® Members are receiving an update to CIS-CAT Pro Dashboard in v1.1.5. The CIS-CAT Pro Dashboard is the companion tool to CIS-CAT Pro Assessor. It consumes configuration assessment results and charts the results over time, providing users with insight into their overall security posture. With the update, CIS SecureSuite Members can more clearly and quickly see how their assessment results score against the CIS Controls™ best practices.
Compare to Security Best Practices Did you know that you can measure how well your CIS Benchmarks™ are scoring against the CIS Controls? The CIS Controls are best practices that help organizations around the world defend against cyber threats. CIS-CAT Pro Dashboard allows you to view a configuration assessment by the mapped CIS Controls. Mapping displays connections between CIS Controls best practices and specific CIS Benchmark configurations. This helps demonstrate how secure configurations and overall security posture are tied together. CIS-CAT Pro Assessor HTML configuration assessment reports show the same mapping information. The mapping helps you see how very specific configuration settings for each of your target systems support the overall CIS Controls and Sub-Controls. The CIS Controls are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and
10
networks. This is great information to share with your organization’s stakeholders on how well your target machines are meeting the CIS Controls! This update is available to all CIS SecureSuite Members. CIS SecureSuite Membership includes access to CIS-CAT Pro, remediation kits, full-format CIS Benchmarks, and more.
So…What is New Exactly? You will find CIS Controls V7 cross references to CIS Benchmark recommendations to be more direct and granular to the CIS Sub-Controls. Where available, CIS Controls V7 mapping to CIS Benchmark recommendations will now show in the CIS-CAT Pro Configuration Assessment Reports and CIS-CAT Pro Dashboard views. CIS-CAT Pro Dashboard provides users the ability to toggle between CIS Controls V6.1 and V7. CIS Benchmarks that are available in CISCAT Pro Assessor and were previously mapped to CIS Controls V6.1 will retain those mappings. When new versions of these existing CIS Benchmarks are released, they will be mapped to CIS Controls V7. Future CIS Benchmarks offered through CIS-CAT Pro Assessor will be mapped to the latest version of the CIS Controls. The list of platforms that are currently mapped to the CIS Controls can be viewed here.
Set Your Preference for CIS Controls V6.1 or V7 Within the CIS-CAT Pro Dashboard, find the complete list of CIS Controls V6.1 and V7 in the Supporting Data drop-down menu under CIS Controls. Set your preferred CIS Controls default view in the CIS-CAT Pro Dashboard System Settings.
Once your preferred CIS Controls default view is set, select an assessment by accessing the Reports drop-
Spring 2019
Integrated Technology Resources By bringing the CIS Controls V7 to CIS-CAT Pro, CIS is taking the next step in helping organizations manage security from policy to practice. Whether it is monitoring against configuration drift with CIS-CAT Pro Dashboard reports or ensuring policy is implemented, it is never been a better time to invest in security. For more information on utilizing the CIS-CAT Pro dashboard, check out the CIS-CAT Pro FAQ. down menu, then selecting Assessment Results Search or Assessment Results List, and then select the CIS Controls version to view. The CIS Controls version tab will show the selected Controls and the recommendations that have been mapped. Recommendation mapping occurs during the CIS Benchmark update and creation process as part of the community effort. Not all Benchmarks will be mapped to a Control. Only the latest CIS Benchmark versions will be mapped to CIS Controls V7. Below is an example of a CIS-CAT Pro Configuration Assessment Report in HTML format for a CIS Benchmark with more than one version of CIS Controls mapping.
Philippe Langlois is the Technical Product Manager for the CIS Controls. In this role, Langlois leads an international community of cybersecurity experts who develop best practices known as the CIS Controls, as well as manages the production, writing, and publication of a range of cybersecurity resources. Working in collaboration with users of the CIS Controls, he ensures the quality and utility of the CIS Controls guidance plus the availability of tools, scripts, and other resources aiding users with implementation of the CIS Controls. Langlois holds an MS in Infrastructure Protection and International Security, and a BA in Criminology. Maureen Kunac is part of the Security Best Practices team at CIS and is the Product Owner for CIS-CAT Pro. Kunac leverages community experiences to prioritize and design new CIS-CAT Pro features. She works with members to understand their business processes associated with system configuration and vulnerability assessments. Prior to CIS, Kunac contributed her product management skills for over 25 years to various software development projects in a wide-range of industries, including warehouse management, retail, food manufacturing, and healthcare. Kunac is a Certified Scrum Product Owner and holds a BA in Accounting from the State University of New York at Albany.
11
Cybersecurity Quarterly
Threat of the Quarter This Quarter’s Threat: 2018 Top Malware Traits
In 2018, the MS-ISAC observed six malware variants consistently reach The Top 10 Malware list, whereas only one or two variants consistently made the monthly updated list in previous years. These six malware variants − Emotet, Kovter, WannaCry, Gh0st, ZeuS, and CoinMiner − have traits that allow them to be highly effective against U.S. State, Local, Tribal, and Territorial (SLTT) networks, consistently infecting more systems than other types of malware. An examination of the characteristics of these six malware variants revealed five traits: malspam, macro instructions, PowerShell, Server Message Block (SMB), and EternalBlue.
Traits Malspam emails contain malware, links to malware on malicious or compromised websites, or attempt to trick the user into opening malware hidden in an attachment. Due to its ease, low cost, versatility, and success rate, malspam is currently the top vector used to deploy malware. Emotet is an example of a modular banking Trojan that is spread via malspam campaigns. This campaign was recently observed imitating PayPal receipts, shipping notifications, and “past-due” invoices purportedly from a trusted third party. Malspam campaigns disseminating Emotet opportunistically target victims, as recipients of these emails only receive minimally different messages and attachments.
In 2018, the MS-ISAC observed six malware variants consistently reach The Top 10 Malware list, whereas only one or two variants consistently made the list in previous years. 12
Macro instructions (macros) are a set of rules or instructions stating how an input sequence is mapped to replace the output sequence, used to automate repetitive or complex tasks. These instructions are compressed into a smaller form and, when used, they are decompressed into the original instruction details. Macros are often used by cyber threat actors to obfuscate the delivery of malicious payloads. Cyber threat actors (CTAs) utilize social engineering to trick end users into opening malicious Microsoft Word or Excel attachments included in malspam emails. Once an end user opens the attachment, they are prompted to enable macros on the system. If the user allows the use of macros, the malicious payload will automatically run on the system, infecting the end user’s system before moving on to the rest of the network. Macros are used by CTAs because the instructions for completing their malicious tasks are compressed into a smaller form, allowing the malicious payloads to bypass security scanning. PowerShell is a task-based command-line shell or user interface, and a scripting language built on .NET, serving as Microsoft’s configuration management framework. This interface allows for task automation that manages operating systems and processes. CTAs often leverage PowerShell once they gain access to a system. This is due to it already being an official administrative tool that would allow them to use the command line and gain access to stored data, as well as access to both local and remote systems across the network. This access allows them to hide malicious commands within the user interface and run them across the network or on one system, as if they were put in place by the legitimate administrator, hiding it from security scans. For example, Kovter, a fileless clickfraud malware, hides its malicious modules entirely in the registry. These modules are then injected into
Spring 2019
Traits of 2018's Top Malware Variants Malware
EternalBlue
Malspam
Macros
SMB
PowerShell
✓ ✓
✓
✓
✓ ✓
Emotet (Infostealer) Kovter (Fileless Click Fraud) WannaCry (Ransomware Cyptoworm)
✓
Gh0st* (Remote Access Trojan)
✓
✓
✓
✓ ✓
ZeuS* (Banking Trojan) CoinMiner* (Cryptocurrency Miner)
✓ ✓ ✓
✓
✓ ✓
* And Variants the PowerShell process when the infected system restarts, prompting the click fraud process to begin. Server Message Block (SMB) is a Microsoft Windows operating system network file sharing protocol. This protocol is often used by CTAs to travel through a network, spread malware, and exfiltrate or alter information. The CTAs use the system’s ability for remote access to servers, as well as its client to client communication, for this propagation. The protocols, which applications use to read/write and update files, request services from server programs in a computer network, as well as access files on a remote server, are used to steal, disclose, alter, or destroy data in the system. For example, Emotet will scrape credentials from
the initial infected system and use those to spread via SMB throughout the network. While it spreads, it collects data from the system. Once Emotet is done collecting the information it requires, it will drop other types of malware, such as banking trojans or ransomware, which can do any of the above and have full access to the system. EternalBlue is an exploit that allows CTAs to remotely execute arbitrary code and gain access to a network by sending specially crafted packets. It exploits a software vulnerability in Microsoft’s Windows operating systems (OS) SMB version 1 (SMBv1) protocol. CTAs use this exploit to compromise the entire network and all connected devices. This exploit allows malware to selfpropagate, which drastically increases its impact. For example, WannaCry, a crypto-ransomware, was one of the first and most well-known malware to use this exploit to spread. WannaCry uses the EternalBlue exploit to spread itself across the network, infecting all connected devices and dropping the crypto-ransomware payload.
Recommendations SLTT governments should adhere to the following best practices to limit the effect and risk the organization has from CTAs exploiting these five traits:
13
Cybersecurity Quarterly
Malspam – To reduce an organization’s contact with malspam, policies and procedures should be implemented. Implement filters at the email gateway to filter out emails with known malspam indicators, like known malicious subject lines, or file attachments associated with malware, such as .zip files. Have a policy regarding all suspicious emails that specify employees report them to the security and/or IT departments. Additionally, organizations should mark external emails with a banner denoting it is from an external source, which will assist employees in detecting spoofed emails. Organizations should implement DomainBased Message Authentication, Reporting, and Conformance (DMARC), a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures. Furthermore, organizations should prioritize training to help employees recognize malspam. Training should emphasize that employees not open suspicious emails, click links contained in such emails or post sensitive information online, and never provide usernames, passwords, or personal information to any unsolicited request. Macros – Use Group Policy to block or disable macros from running in Microsoft Word, Excel, and PowerPoint files from the internet that are not digitally signed. This setting allows you to block macros from running even if “enable all macros” is selected in the macros settings. Using this setting, the digital signature acts as a way of validating who sent the document, preventing the accidental enabling of macros on a document containing a malicious payload. PowerShell – If PowerShell is not needed, prevent its execution on systems after performing appropriate testing to assess the impact to the environment. This may not always be possible, since this is a legitimate tool and has administrative functions. Restrict PowerShell in these cases through execution policy to administrators and execute signed scripts only. Depending on environmental configurations, there may be ways to bypass the execution policy. Lastly, to prevent the use of PowerShell for remote execution, disable, or at the very least restrict, Windows Remote Management Service.
14
SMB – Use Group Policy to set a Windows Firewall rule to restrict SMB inbound communication between client systems. If using an alternative host-based intrusion prevention system (HIPS), consider implementing custom modifications for the control of client-to-client SMB communication. At a minimum, SLTT governments should create a Group Policy Object that restricts inbound SMB connections to clients originating from clients. EternalBlue – Disable SMBv1 on all systems and utilize SMBv2 or SMBv3, after appropriate testing. If unable to disable SMBv1, patch devices with the security update for Microsoft Windows SMBv1. The Microsoft Security Bulletin titled MS17-010 includes the list of affected Windows OS. If unsure whether your version of Windows is vulnerable, use Eset’s tool to check. It should be noted that when patches come out, they should be implemented after appropriate testing. Additionally, apply the Principle of Least Privilege to all systems and services and run all software as a non-privileged user (one without administrative privileges). Lastly, use the above recommendations listed under SMB to secure vulnerabilities across all versions. The EternalBlue exploit should not be affecting anyone in the SLTT community because it can be solved with a simple patch or upgrade. MS-ISAC recommends SLTT governments patch their systems after appropriate testing.
valimail.com
Spring 2019
STOP FRAUDULENT USE OF GOVERNMENT DOMAINS WITH AUTOMATED DMARC ENFORCEMENT 4 Blocks phishing, spoofing, W-2 attacks, wire fraud attacks of state + local domains 4 Only FedRAMP-authorized DMARC solution 4 Never compromises or exposes PII/PHI 4 Requires minimal resources for implementation + management
Get a free domain analysis at valimail.com/domain-analysis4
15
Cybersecurity Quarterly
Protecting State & Local Domains from Fraudulent Use with DMARC Government domains are attractive targets for exploitation by cybercriminals. Implementing DMARC enforcement can protect them against malicious use By Benn Stratton Federal, state, and local governments are under constant attack from sophisticated phishing and spoofing campaigns targeting government domains (.gov, .us, and others). Emails that come from a .gov or .us domain imply authority and trust, and therefore are far more likely to be spoofed to send malicious email that targets citizens, businesses, and other government entities. Fortunately, there is an industry standard that has emerged that protects domains from fraudulent email. Domain-based Message Authentication, Reporting, and Conformance (DMARC) provides any domain owner worldwide visibility to all senders using its domain and provides the ability to stop all fraudulent email sent from a protected domain. When implemented properly, DMARC allows domain owners to ensure that only authorized senders can send email that appears to come “from� their domains. In 2017, the United States Department of Homeland Security (DHS) issued Binding Operational Directive 18-01 (BOD 18-01), "Enhance Email and Web Security." This directive mandated all federal civilian agencies implement DMARC to protect federal government domains from fraudulent use. Since BOD 18-01 was released, there has been a 14x increase in the number of federal domains protected by DMARC.
16
There are thousands of state and local domains that could benefit from the DMARC protection. Yet, less than 1% of them are currently protected by DMARC. While the DHS directive does not apply to state and local government, it validates DMARC as essential to restore public trust in email. State and local governments face similar challenges in protecting critical public services from malicious email, including public utilities, mass transportation, voting systems, licensing and permits, tax collection, procurement systems, healthcare, unemployment, and public assistance.
State and Local Governments' Use of DMARC by the Numbers There are thousands of state and local domains that could benefit from DMARC protection — three times the number of federal domains. Yet, less than 1% of state and local domains are currently protected by DMARC. According to a recent study by Valimail, of 4,273 domains maintained by state and local governments: Only 206 (4.8 percent) have DMARC records
Spring 2019
Of those with DMARC records, 55 were invalid due to syntax errors in DNS 130 lack protection because they are set to a monitoring-only policy Only 21 records were protected with DMARC enforcement from fraudulent use
Approaches to DMARC Implementation DMARC offers domain holders powerful visibility and control over their domains. However, DMARC can be challenging to implement in today's complex cloud environments. Common challenges that state and local governments face in implementing DMARC enforcement include: Decentralized control and complexity of state and local email enterprises Complex, tedious, and difficult processes to properly maintain DMARC in DNS Properly authenticating a broad range of cloudbased email services Constant changes in state and local government enterprises Inadvertent blockage or disruption of good email Implementing DMARC enforcement is a methodical process that includes creating a DMARC record in DNS, collecting and analyzing XML aggregate reports that provide details on email senders using a domain, and determining the correct SPF and DKIM authentication policies for all senders to publish in DNS. There are three options to implement DMARC enforcement: Do-it-Yourself: This approach consists of receiving high volumes of DMARC XML reports, parsing the XML to identify authorized and unauthorized senders, and determining the correct SPF, DKIM, and DMARC authentication policies to publish in DNS. Industry averages show less than 20% of domains achieve DMARC enforcement after 12 months using this approach.
DMARC enforcement rates for domains using automation average greater than 95%, typically within 3-6 months. DMARC Reporting Tools, Training, and Consulting: This approach uses reporting tools to interpret DMARC XML reports, often in conjunction with DMARC training and consultants. However, it is up to the domain holder to determine all the correct SPF, DKIM, and DMARC policies for their domain, and manually update DNS to properly authenticate all email. Success rates in achieving DMARC enforcement with this approach average 30-40% after 12 months. Automated DMARC Enforcement: Over the past two years, DMARC Software-as-a-Service (SaaS) solutions have emerged that leverage the power of automation in the cloud to greatly reduce the complexity, time, and cost of DMARC enforcement. One automated solution provider, Valimail, has worked with GSA to provide the only FedRAMP authorized automated DMARC service dedicated to government domains. DMARC enforcement rates for domains using automation average greater than 95%, typically within 3-6 months. Regardless of the approach, achieving DMARC enforcement is essential for state and local governments to protect their domains from fraudulent use, and restore trust in email communications to the public for which they serve. Benn Stratton currently serves as Director of Public Sector for Valimail. For the past 30 years, he has served in both the public and private sector driving innovation to support national security priorities across the federal government. He has a deep knowledge and expertise in working with federal, state, and local governments to accelerate the adoption of new cybersecurity capabilities. Stratton is a graduate of the United States Military Academy at West Point and Duke University. He served as an Infantry and Special Forces Officer in Central America with the 82nd Airborne Division and 7th Special Forces Group at Fort Bragg (NC). He can be reached at benn.stratton@valimail.com.
17
Cybersecurity Quarterly
Small Business, Big Impact — Making Cybersecurity Accessible to All A new collection of resources draw from the CIS Controls to make developing a stronger security posture an attainable goal for small and medium-sized organizations By Aimée Larsen Kirkpatrick In its latest Global Risks Report, the World Economic Forum includes cyber attacks as one of the biggest threats facing our world in 2019. Some studies estimate that cybercrime costs the global economy as much as $600 billion1. The issues have never been more complex and the need for action more critical. The Global Cyber Alliance (GCA), a nonprofit organization, is working to address these issues. Founded by the Manhattan District Attorney’s Office, the City of London Police, and the Center for Internet Security, GCA is dedicated to eradicating cyber risk and improving our connected world by bringing free cybersecurity solutions to the world. GCA’s initial efforts have been focused on reducing the risk of phishing, as it remains one of the biggest risks – from delivery of malware and ransomware to the gathering of sensitive data to commit fraud. In fact, multiple studies show that over 90% of breaches begin with an email. GCA has developed a platform to enable easier implementation of an existing email authentication protocol known as DMARC and has built a global service known as Quad9 that prevents access to known malicious
Some estimates indicate that 58 percent of cyber attacks are targeted against small businesses. 18
websites. Most recently, GCA has set its sights on making these and other tools more accessible to small and medium-sized business. Small and medium-sized business (SMBs) are some of the most vulnerable entities when it comes to cyber attacks. Some estimates indicate that 58 percent of cyber attacks are targeted against small businesses2. These attacks include phishing, malware, ransomware, and more – all of which can have devastating financial consequences. According to the OECD3: Small businesses account for 99% of businesses globally, including businesses in the EU, UK, and US. Small businesses account for, on average, about 70% of jobs. Small businesses generate more than half the of the value added by most economies. Small businesses remain some of the most vulnerable to cyber attack, because they often do not have the resources or knowledge needed to effectively protect themselves. Yet, small businesses 1 https://www.mcafee.com/enterprise/en-us/solutions/lp/economics-cybercrime.html 2 Verizon 2018 Data Breach Investigations Report 3 https://www.oecd.org/mcm/documents/C-MIN-2017-8-EN.pdf
Spring 2019
are part of the supply chain for government and enterprise, they provide critical services, and provide the vast majority of jobs. The potential for harm doesn’t just stop with a business that has had a cyber event. Small businesses need operational tools and guidance that can be implemented with relative ease to reduce their risk. Resourcing small businesses with tools to reduce their cyber risk strengthens their individual businesses and helps to reduce the third-party and supply-chain risk for larger companies and governments. To this end GCA, in collaboration with our partners, developed the GCA Cybersecurity Toolkit for Small Business, a free, operational resource that small businesses can use to significantly reduce their cyber risk. The GCA Cybersecurity Toolkit for Small Business, sponsored by Mastercard, is aligned with the leading cybersecurity recommendations from the CIS Controls, the United Kingdom’s National Cyber Security Centre (NCSC), and the Australian Cyber Security Centre (ACSC). All of the tools included in the toolkit are free and have been tested and evaluated by a team of cybersecurity experts to ensure they work and can be used by those who are not technical experts.
What’s in the GCA Cybersecurity Toolkit? The toolkit is broken down into six toolboxes of basic areas of risk to be addressed. Within each toolbox are tools and reference materials to help educate and provide guidance. The goal is to make it as easy as possible for small businesses to understand their risks and select the right tools. The first version of the toolkit features more than two dozen tools and resources that help small businesses implement best practices in the following categories: Know What You Have (inventory of devices and applications) Update Your Defenses (updates, patches, and vulnerability management) Beyond Simple Passwords (passwords and twofactor authentication)
Our highest goal is to make cybersecurity more accessible to all – to protect our local economies, our neighbors, and each other. Prevent Phishing and Viruses (DNS security, antivirus, and ad blockers) Protect Your Brand (email authentication and brand monitoring) Defend Against Ransomware (create backups) Entities can follow step-by-step guidance found in the toolboxes, and users can rate the tools and provide other input that will inform future development of the toolkit to ensure it continues to meet small business needs. GCA encourages state and local government entities to make the GCA Cybersecurity Toolkit available to the businesses in their communities. Our highest goal is to make cybersecurity more accessible to all – to protect our local economies, our neighbors, and each other. All are welcome to link to the toolkit and share it with others. If you’d like more information about the toolkit and how to get involved please contact us at Toolkit@ GlobalCyberAlliance.org or visit www.gcatoolkit. org/smallbusiness. For more information about GCA, visit www.globalcyberalliance.org. Aimée Larsen Kirkpatrick is the Global Communications Officer for the Global Cyber Alliance (GCA). Prior to GCA, she was President of ALK Strategies, a communication and public affairs consulting practice focused on start-ups and nonprofits. Kirkpatrick was also formerly the Partnership Engagement & Strategic Initiatives Director for the National Cyber Security Alliance (NCSA). At NCSA, Kirkpatrick established strategies and programs to engage and broaden NCSA’s stakeholder base and expand its audiences. Kirkpatrick was a 2012 Executive Women’s Forum Women of Influence Award recipient. She also currently sits on the Board of Trustees for the EU chapter of Anti-Phishing Working Group (APWG).
19
Cybersecurity Quarterly
Cyber Tips & Tricks This Quarter’s Tip: Keeping Your Identity Safe Online by Joshua Palsgraf, Cyber Intelligence Analyst, MS-ISAC With tax season right around the corner everyone, including myself, has taxes and refunds on their mind, but you should also be thinking about your identity and, more specifically, protecting it. Protecting one's identity should be a top priority, especially in this day and age with social media and the internet. According to the Federal Trade Commission (FTC), there were 371,000 reports of identity theft in 2017. Of these reports, the second most popular is tax fraud, which means tax season is a main hunting season for identity thieves. However, by following these security recommendations, protecting your identity and your tax refund online can be effortless.
According to the FTC, there were 371,000 reports of identity theft in 2017. Of these reports, the second most popular is tax fraud, which means tax season is a main hunting season for identity thieves. First, be aware of what you post publicly or submit through applications and services. Consider with whom you share your Personal Identifiable Information (PII), and give extra scrutiny and consideration as to whether you really need to share this information. If someone contacts you requesting PII through email, social media, or a phone call, do not provide the information. If it is a phone call that you think is legitimate, hang up and call the organization back through a publicly listed telephone number. This will help you verify that the caller is who they say they are. Second, be aware of what you select as your security questions. Posting a picture or writing
20
a post about your first car’s make and model, childhood address, mother’s maiden name, or elementary school is a bad idea. These are common security questions and by posting this information, you give away the answers, allowing cybercriminals to potentially access your accounts. Lastly, utilize privacy settings and permissions. All websites and applications have privacy settings. These settings help you control what others are allowed to see, as well as manage your online experience. You should be familiar with these privacy settings and customize them to protect your information. Furthermore, when agreeing to their services, understand what you are giving them permission to do with the data you provide. Identity theft is something everyone wants to avoid, but it is sometimes unavoidable, such as if your information gets released due to a data breach. In the past year, we saw a significant number of data breaches impacting the privacy of individuals. According to the Privacy Rights Clearinghouse, in 2018, 828 publicly disclosed breaches exposed 1.37 billion records. If you or someone you know believe your PII has been stolen, do not worry; there is hope. Immediately report the theft to the federal government at https://identitytheft.gov/. This site will help you go through what happened and will help you create a personalized recovery plan. For additional information on identity thefts, and how to protect yourself or what to do if affected, visit the FTC's identity theft resource guide at https://www.consumer.ftc.gov/features/ feature-0014-identity-theft and the Internal Revenue Service's identity protection guide at https://www.irs.gov/identity-theft-fraud-scams.
Spring 2019
Affordable Legal and Identity Theft Protection Have you ever had a dispute with a creditor, neighbor or landlord? Have you ever received a traffic ticket or signed a contract? Have you ever been a victim of a data breach? Used public Wi-Fi or ever lost your wallet? Get the legal and identity theft protection you and your family deserve with LegalShield and IDShield. Through a nationwide network of provider law firms, LegalShield provides every member direct access to a dedicated law firm. And IDShield is the only identity theft protection plan armed with a team of licensed private investigators, ensuring that if your identity is stolen it will be fully restored.
LegalShield Benefits:* IDShield Plan Benefits:* • Legal consultation and advice
• Identity consultation and advice
• Dedicated law firm
• Dedicated licensed private investigators
• Legal document review (up to 15 pages each)
• Child monitoring (family plan only)*
• Access to legal forms/contracts
• Identity and credit monitoring
• Letters and phone calls made on your behalf
• Identity threat and credit inquiry alerts
• Speeding ticket assistance • Will preparation • 24/7 emergency legal access • Mobile app • And more!
• Social media monitoring
• Complete identity restoration • Monthly credit score tracker • Password manager
We have an app for that! With the LegalShield and IDShield mobile apps, you can easily begin your Will preparation, track your alerts and have on-the-go access, 24/7 for emergency situations!
• 24/7 emergency access • Mobile app • And more!
AFFORDABLE PROTECTION
Starting at $8.95 a month For more information visit: www.legalshield.com/info/centersecurity *This is a general overview of the legal and identity theft protection plans available from LegalShield for illustration purposes only. See plan details or plan contract for specific state of residence for complete terms, coverage, amounts, conditions and exclusions. Google Play and the Google Play logo are trademarks of Google Inc. Apple, the Apple logo, and iPhone are trademarks of Apple Inc., registered in 21 the U.S. and other countries. App Store is a service mark of Apple Inc., registered in the U.S. and other countries.
Cybersecurity Quarterly
ISAC Update MS-ISAC & EI-ISAC Membership Growth Off to a Great Start for 2019 The first quarter of 2019 has proven to be a continuation of the stellar results we achieved through 2018 for both the MS-ISAC and EI-ISAC. Through thousands of miles of travel, countless phone calls, and untold speaking engagements and exhibit spaces, the team has continued to foster incredible growth and help strengthen the cybersecurity defenses of the state, local, tribal, and territorial (SLTT) community. For the MS-ISAC, the K-12 sector is proving to be popular yet again with 185 new members thus far, bringing our total to 815! The MS-ISAC has also achieved a significant milestone with the Warrior Run School District in Pennsylvania becoming our 5,000th member. Growth in the elections sector has proceeded apace, with over 1,500 EI-ISAC members joining in our first year of operation. Happy Anniversary EI-ISAC! We are projecting significant growth in membership for both the EI-ISAC and MS-ISAC for the coming year and we are beginning outreach to several other sub-sectors in the critical infrastructure sphere to help drive that growth. Thank you to all of our current members for your continued efforts on our behalf and for touting the benefits of membership to the greater community.
2019 MS-ISAC Annual Meeting
The 2019 MS-ISAC Annual Meeting will be taking place in Denver, Colorado at the Sheraton Denver Downtown Hotel from Sunday, April 28th through Wednesday, May 1st, 2019. This exciting event will be the largest one yet, with an estimated 700 MS-ISAC and EI-ISAC members expected to be in attendance. The MS-ISAC Annual Meeting is focused on collaborative, deliverable-oriented sessions that address specific areas of the MS-ISAC’s objectives, with the ultimate goal of helping each of us enhance our cybersecurity posture by working collectively. The event features best practice solutions from MS-ISAC members to assist their SLTT colleagues across the country, along with plenary sessions from industry experts and key government officials and stakeholders. The collaboration and knowledge transfer serves as a tremendous benefit to increasing our situational awareness and helping us collectively enhance our cybersecurity posture. The MS-ISAC’s trusted relationships with SLTT governments have been further expanded to include elections offices through their integration and support of the EI-ISAC, as both ISACs operate under the auspices of CIS. The MS-ISAC Annual Meeting consistently receives positive feedback, with many members rating this event as the highest value meeting they participate in each year. Please reach out to AnnualMeeting@msisac.org with any questions or inquiries regarding the 2019 MS-ISAC Annual Meeting.
22
Spring 2019
Cyberside Chat This Quarter's Topic: Making Controls Actionable by Sean Atkinson, Chief Information Security Officer, CIS With the release of the CIS CSAT tool in 2019, security and information technology professionals now have a method to implement a maturity rating system to measure against the CIS Controls. The need for such a tool has been highlighted in the common question from executives and stakeholders: “How secure are we?” Now, with the advanced analytics and reporting visualizations available from CIS CSAT, we have an answer. Using the tool allows a team to provide input into the determination of written policies, implementation status, automation, and reporting of security controls. These groups provide a way to envision a current controls program and make plans for future risk mitigation strategies. As cybersecurity matures as an internal program with the recognition, resources, and top-level support, the need to articulate the investment, risk management, and return on investment to executive leadership will be required of any CISO. Conceptually, no single standard metric has been able to provide the required confidence in an answer to “How secure are we?” The number of security events, number of thwarted attacks, and how may firewall rules we have do not provide a complete picture of the security posture organizations need to present to stakeholders.
As cybersecurity matures as an internal program with the recognition, resources, and top-level support, the need to articulate the investment, risk management, and return on investment to executive leadership will be required of any CISO. All is not lost. CIS CSAT provides a method to record, visualize, and monitor an organization’s security posture. The complete 20 CIS Controls picture provides an overall status of security, control, and risk in a single repeatable process. The method of changes over time will allow executives to understand improvements in security capability as a metric of maturity on the CIS CSAT compliance scale. Gaps are easily identified across multiple CIS Controls categories. Once gaps are identified, the process to reduce risk will align to prioritization of control implementation to improve coverage and close the gaps. As a planning tool, CIS CSAT can be used to measure current to expected future results, where policy and procedure need to articulate the rules and governing dynamics of an organization's operations, the automation and reporting of security will improve visibility, and overall decrease response times to fundamental security issues. At CIS, the mission and vision of the organization is to improve the security posture of all those in the connected world. A step in the right direction is the use of CIS Controls V7. CIS CSAT is the navigator to make sure that right direction is a journey that takes you to a mature Governance, Risk, and Compliance (GRC) destination.
23
Cybersecurity Quarterly
Upcoming Events April April 1st – 3rd MISTI will hold its 25th Annual InfoSecWorld Conference & Expo at Disney's Contemporary Resort in Lake Buena Vista, Florida. Information security professionals from around the world will come together to learn from industry experts on being a business partner and enabler in their organizations, as well as how to prevent, detect, and respond to security challenges. CIS Senior VP Tony Sager will be a featured speaker at the event, leading a session on cyber maturity for businesses. April 4th Cyber Security Summit: Denver will take place at the Hilton Denver City Center, bringing together executives, business leaders, and cybersecurity professionals to learn about the latest cyber threats. CIS Senior Director Ryan Spelman will be a featured panelist at the event, speaking on insider threats and cloud security. Through our partnership, SLTT institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details.
on cybersecurity resources for local government. Through our partnership, MS-ISAC members can receive 10% off registration for the event. Contact the CIS CyberMarket team for more details. April 23rd - 24th (ISC)2 Secure Summit DC will take place at the Washington Hilton Hotel. The event will assemble the best minds in cybersecurity for insightful discussions, workshops, and best-practices sharing. CIS Senior VP Tony Sager will lead a breakout session at the event, discussing the unique challenges facing small and medium organizations and how they can effectively defend themselves from cyber attacks. April 25th Cyber Security Summit: Philadelphia will take place at the Philadelphia Marriott Downtown, bringing together executives, business leaders, and cybersecurity professionals to learn about the latest cyber threats. CIS Senior Director Ryan Spelman will be a featured panelist at the event, speaking on incident response. Through our partnership, SLTT institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details.
April 4th - 5th The University of Maryland (UMD) and the Maryland Global Initiative for Cybersecurity will hold their 1st Annual Executive Cybersecurity Summit at the UMD campus in College Park, Maryland. The event will be an intensive two-day experience that offers an interactive learning opportunity combining the latest industry research with practical relevance. CIS Executive VP Curtis Dukes will deliver the event's lunch keynote, discussing enterprise security.
April 28th - May 2nd The 2019 MS-ISAC Annual Meeting will take place at the Sheraton Denver Downtown Hotel. The event will bring members of the MS-ISAC and EI-ISAC from across the country together to learn new best practices and the latest cybersecurity threats in SLTT government from a number of industry experts and educational breakout sessions.
April 9 - 12 The Alliance for Innovation will hold its 25th Annual Transforming Local Government Conference at the Silver Legacy Resort Casino in Reno, Nevada. The event will bring together local government professionals to learn new ways to better serve their communities. MS-ISAC Senior Program Manager Paul Hoffman and CIS Cyber Security Solutions Manager Jamie Ward will co-lead a breakout session
May 16th Cyber Security Summit: Dallas will take place at the Sheraton Dallas Hotel, bringing together executives, business leaders, and cybersecurity professionals to learn about the latest threats from industry leaders. CIS Senior Director Ryan Spelman will be a featured panelist at the event, speaking on cloud security. Through our partnership, SLTT
th
24
May
th
Spring 2019
institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details. May 19th - 23rd The Florida State Association of Supervisors of Elections (FSASE) will hold its 2019 FSASE Summer Conference at the Daytona Beach Oceanfront Resort Hilton to educate the state's elections officials on the latest updates in their industry. CIS Cyber Security Solutions Manager Jamie Ward will speak at the event on cybersecurity in elections. May 22nd - 24th The North Carolina Local Government Information Systems Association (NCLGISA) will hold its NCLGISA Spring 2019 Symposium at the Wilmington Convention Center, where government IT professionals from around the state will come together to learn from industry experts. MS-ISAC Program Specialist Jessica Cone and EI-ISAC Election Program Manager Kateri Gill will lead a breakout session at the event on MS-ISAC and EI-ISAC services.
June June 2nd - 4th The New York Association of Local Government Records Officers (NYALGRO) will hold its 2019 Annual NYALGRO School at the Riveredge Resort Hotel in Alexandria Bay, New York, to educate its members on the latest technologies, strategies, and solutions. MS-ISAC Senior VP of Operations Tom Duffy will deliver the event's keynote on cyber threats for state and local governments. June 7th Regulatory Compliance Watch will hold its 11th Annual IA Compliance: The Full 360Âş View Southwest at the Fairmont Dallas in Dallas, Texas. The event will bring financial professionals together to learn critical insights and best practices to tackle today's latest compliance challenges in the financial industry. CIS Senior Director Ryan Spelman will be a featured panelist at the event, speaking on current cyber threats and effective defense practices. June 11th The Tennessee Information Technology Professionals Association Conference will take place in Nashville, where IT leaders and
professionals from around the state will come together to network and learn the latest updates from industry experts. MS-ISAC Director of Partnerships Stacey Wright will keynote the event, speaking on the cyber threat landscape. June 17th - 20th The 13th Annual National Homeland Security Conference will take place at the Phoenix Convention Center in Phoenix, Arizona. The event will bring together homeland security, law enforcement, and emergency management professionals to learn about emerging trends in the field. MS-ISAC Director of Partnerships Stacey Wright will speak at the event, discussing the cyber threat landscape in state and local government. June 25th Cyber Security Summit: Seattle will take place at the Sheraton Grand Seattle, bringing together executives, business leaders, and cybersecurity professionals to learn about the latest threats from industry leaders. Senior Director Ryan Spelman will be a featured panelist at the event, speaking on cloud security. Through our partnership, SLTT institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details. June 30th - July 3rd The National Association of Secretaries of State (NASS) will hold its 2019 NASS Summer Conference at the Eldorado Hotel in Santa Fe, New Mexico. The event will bring together the nation's secretaries of state and their staff to network and learn from industry experts on the latest updates in their sector. Director of EI-ISAC Ben Spear and EI-ISAC Elections Program Manager Kateri Gill will present at the event, speaking on elections security.
July July 12th - 15th The National Association of Counties (NACo) Annual Conference & Expo will take place jointly at the Paris Las Vegas Hotel & Casino and Bally's Las Vegas Hotel & Casino. Participants will come together to shape NACo's federal policy agenda, share proven practices, and strengthen knowledge networks to help improve residents’ lives and the efficiency of county government.
25
Confidence in the Connected World
Copyright Š 2019 Center for Internet Security, All rights reserved.
CIS CyberMarket Interested in being a contributor? Please contact us: info@cisalliance.org www.cisecurity.org 518.880.0699