Cybersecurity Quarterly
Fall 2021
A Publication from
Why Your Organization Should Have a Layered Cyber Defense Strategy
New Guides to Applying Security Best Practices to Your Extended Network
Simple Tips to Protect Organizations Big and Small from Cyber-Attacks
Fresh Updates to Tools and Resources for CIS Critical Security Controls v8
Outside the Fortress Walls With remote and hybrid workforces more common than ever, employees are increasingly outside the protection of your network. Our new service can help protect your endpoints both inside and outside the walls of your organization.
Cybersecurity Quarterly
HOW BIG IS YOUR VULNERABILITY BLIND SPOT? SEE EVERYTHING ACROSS THE MODERN ATTACK SURFACE. Protect your organization and data from cyber attack. Use Tenable Risk Based Vulnerability Management solutions to implement and maintain CIS Controls.
Download Guide
2
Fall 2021
Contents
Featured Articles
Quarterly Regulars
Fall 2021 Volume 5 Issue 3 Founded MMXVII Editor-in-Chief Michael Mineconzo Supervising Editor Laura MacGregor Copy Editor Autum Pylant
Staff Contributors Sean Atkinson Jay Billington Josh Franklin Paul Hoffman Eugene Kipniss Josh Moulin Victoria Pasmanik Aaron Piper Robin Regnier Thomas Sager
Defending Today's Workforce with CIS Endpoint Security Services Our new service to help protect your organization's endpoints, regardless of where they're connected to their network
8
CIS Critical Security Controls v8 Internet of Things & Mobile Companion Guides New guidance to help apply our security best practices to your network of devices
10
Your Data is Being Targeted – Using a Defense-in-Depth Model to Protect Your Digital Assets The importance of implementing a layered defense strategy and how CIS can help
14
No One is Immune From Cyber Threats Organizations of all sizes play a critical role in protecting us all from cyber-attacks
16
New Content and Tooling Updates from CIS Security Best Practices Integrating the CIS Critical Security Controls v8 further into our ecosystem of resources
18
Quarterly Update with John Gilligan
4
News Bits & Bytes
6
Cyberside Chat
22
ISAC Update
23
Event Calendar
24
Cybersecurity Quarterly is published and distributed in March, June, September, and December. Published by Center for Internet Security 31 Tech Valley Drive East Greenbush, New York 12061 For questions or information concerning this publication, contact CIS at info@cisecurity.org or call 518.266.3460 Copyright © 2021 Center for Internet Security. All rights reserved.
3
Cybersecurity Quarterly
Quarterly Update
with John Gilligan
“Organizations are increasingly moving away from accepting the risk of business disruption from cyber-attacks and are putting in place appropriate security controls” Welcome to the Fall Issue of Cybersecurity Quarterly. The past quarter has certainly been eventful. The COVID-19 Delta variant has forced us to retreat a bit from the progress that we made toward “getting back to normal.” Virtual meetings and mask wearing are back (or continuing). On the cyber front, ransomware attacks on the Colonial Pipeline and JBS have highlighted the vulnerability of key components of the U.S. critical infrastructure. These attacks have garnered the attention of the American public, leading to calls from the White House and Congress for improvements in the cybersecurity of our nation’s critical infrastructure. In addition, the White House and major corporations have begun to put emphasis on the need to significantly increase our nation’s cybersecurity workforce. Both of these areas will likely continue to receive considerable attention over the coming months. In response, this quarter’s issue will focus on improving cyber defenses and proactively stopping cyber-attacks. Not surprisingly, organizations are increasingly moving away from accepting the risk of business disruption from cyber-attacks and are putting in place appropriate security controls to defeat cyber threats. This issue will describe a number of tools and resources that are available to assist organizations in the pursuit of this objective. CIS’s Josh Franklin has provided an article that focuses on securing the Internet of Things (IoT) and mobile device space. His article explains how the recently released companion guides for the CIS Critical Security Controls Version 8 (CIS Controls v8) can help organizations establish the necessary controls to defend against attacks. A related article describes other resources that have been upgraded to reflect CIS Controls v8, including the CIS Controls Self Assessment Tool (CSAT) Pro, as well as an extensive list of mappings to other security frameworks such as PCI DSS, HIPAA, and SOC2.
4
Another article provides an overview of a new initiative CIS will be launching called CIS Endpoint Security Services (ESS). This initiative is a followon to the Endpoint Detection and Response (EDR) pilot that DHS and Congress supported within the U.S. elections community during 2020 and 2021. The ESS program is open to any state, local, tribal, and territorial (SLTT) organization and has been specifically tailored to reflect the needs and resource limitations of smaller public organizations. CIS's Josh Moulin has provided an overview of the products and services provided through the MultiState ISAC (MS-ISAC) and Elections Infrastructure ISAC (EI-ISAC) to help SLTT organizations defend against the increasing number of cyber-attacks. The Global Cyber Alliance (GCA) has a complementary article describing their free cyber protection tools and guidance available to any organization. Additionally, CIS’s Eugene Kipniss and Paul Hoffman highlight key services available to SLTT organizations, such as Virtual Service Reviews and Malicious Domain Blocking and Reporting (MDBR), as well as an overview of the MS- and EI-ISACs' recent partnership with Deloitte to provide SLTT organizations access to Deloitte's cyber threat intelligence portal. Finally, our own CISO, Sean Atkinson’s column focuses on the role of security policy and blue teams in cyber-attack prevention and defense. I hope that you enjoy this quarter’s issue. Best Regards,
John M. Gilligan President & Chief Executive Officer Center for Internet Security
Fall 2021
Expand your defense-in-depth strategy Security event analysis and notification LEARN MORE
5
Cybersecurity Quarterly
News Bits & Bytes The Nationwide Cybersecurity Review (NCSR) will officially open on October 1, 2021. The NCSR is a no-cost, anonymous, annual self-assessment designed to measure gaps and capabilities of state, local, tribal, and territorial (SLTT) governments’ cybersecurity programs. The NCSR evaluates cybersecurity maturity across the nation while providing actionable feedback and metrics directly to individual respondents. All states (and agencies), local governments (and departments), tribal nations, and territorial governments are encouraged to participate. All new participants can register now at https://www.cisecurity.org/msisac/services/ncsr/. For questions about the NCSR, please reach out at ncsr@cisecurity.org. The Multi-State Information Sharing and Analysis Center (MS-ISAC) is conducting its National Cybersecurity Awareness Poster Contest. The MS-ISAC holds the contest annually to encourage students to use the internet safely and securely, and to design their own messages that best communicate the goal to their peers across the country. The contest is open to all public, private, and home-schooled students in kindergarten through twelfth grade. Winning entries will be included on 2022 MS-ISAC posters and in the Kids Safe Online Activity Book. Entries are accepted until January 21, 2022. For questions or more information, contact contest@cisecurity.org. Cybersecurity Awareness Month launched in October 2004 by the National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS), and is a broad effort to help all Americans stay safer and more secure online. Now in its 18th year, Cybersecurity Awareness Month—previously known as National
Cybersecurity Awareness Month—continues to raise awareness about the importance of cybersecurity across our nation, ensuring that all Americans have the resources they need to be safer and more secure online. CISA and the National Cyber Security Alliance (NCSA) are proud to continue the effort this year using the overarching theme: “Do Your Part. #BeCyberSmart.” Learn more at https://staysafeonline.org/cybersecurityawareness-month/. Connecticut joins Ohio and Utah in legislative efforts to adopt an incentive-based approach for businesses to implement cybersecurity best practices. Connecticut Governor Ned Lamont signed HB 6607, “An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses” into law on July 12, 2021. The bill prohibits the Superior Court from assessing punitive damages against an organization that implements reasonable cybersecurity controls, including industry recognized cybersecurity frameworks such as the CIS Critical Security Controls (CIS Controls). Under the bill, organizations have to conform with revisions and amendments to identified industryrecognized cybersecurity frameworks (like the CIS Controls), laws, and regulations within six months after the bill becomes law on October 1, 2021. Check out the latest episodes of our podcast, Cybersecurity Where You Are. Co-hosts Tony Sager, CIS's Senior Vice President and Chief Evangelist, and Sean Atkinson, CIS's Chief Information Security Officer, have been diving into the latest industry topics and trends. Check out Episode 13: What's Important to You in Cybersecurity? A Host Q&A, Episode 14: The Top 5 Cybersecurity Tips for the Family, and Episode 15: Cybersecurity Success Takes Soft Skills, and be sure to subscribe on your favorite platform. Episodes are available on iTunes, Google Podcasts, and Spotify.
The Most Trusted Source for Information Security Training, Certification, and Research Fall 2021
CIS & SANS Institute
Information Security Training Partnership SANS Institute partners with the Center for Internet Security (CIS) to provide its top-rated information security training and awareness programs to State, Local, Tribal, and Territorial (SLTT) Government organizations at significantly reduced costs. Leverage this special partnership to ensure that your employees have the skills and experience necessary to protect your critical organization from cyber threats. Program participants may purchase:
More than 45 of SANS most popular hands-on courses are available OnDemand, or live, online via Live Online.
Use SANS Security Awareness to train and test non-technical staff on email, file storage, digital access, and general data security.
Purchase training during the Winter Aggregate Buy window to receive the best pricing of the year. Discounts are available December 1, 2021 through January 31, 2022. Contact partnership@sans.org, or visit www.sans.org/partnerships/cis for more information.
7
Cybersecurity Quarterly
Defending Today's Workforce with CIS Endpoint Security Services Announcing our latest security product – CIS Endpoint Security Services (ESS) – to help our members better protect their staff and data both on- and off-network By CIS Staff U.S. State, Local, Tribal, and Territorial (SLTT) organizations face a stark challenge in mounting a proper cybersecurity defense against malicious actors whose attacks continue to increase in sophistication and volume. The trend toward persistent remote and hybrid work models further complicates an organization's cybersecurity program, widening the attack surface as SLTT employees increasingly work from home, outside the protection of organizational networks. CIS, in partnership with CrowdStrike, one of the industry's leading endpoint security providers, is standing in the gap to offer SLTTs a fully-managed endpoint protection solution—CIS Endpoint Security Services (ESS).
Device-Level Protection CIS ESS is a solution deployed directly on endpoint devices to identify, detect, respond to, and remediate security incidents and alerts. It includes various ways to protect endpoints, such as Next Generation Antivirus (NGAV), Endpoint Detection and Response (EDR), asset and software inventory, USB device monitoring, user account monitoring, and host-based firewall management. These capabilities can complement other security measures already in place within SLTTs' defensein-depth portfolios, such as Albert Network
8
The trend toward persistent remote and hybrid work models further complicates an organization's cybersecurity program, widening the attack surface as SLTT employees increasingly work from home, outside the protection of organizational networks. Monitoring and Management and Malicious Domain Blocking and Reporting (MDBR). Adding CIS ESS to an organization's defense-in-depth portfolio helps ensure a layered approach to its cybersecurity strategy, while significantly increasing the time and complexity required for bad actors to compromise its networks. By deploying directly on an organization's endpoints, like workstations and servers, CIS ESS provides device-level protection and response that can mitigate threats that other measures may not. The MS- and EI-ISAC have more than 11,000 members, representing SLTT organizations using more than 14 million endpoints. There is no limit to the number of these endpoints that can be protected by CIS ESS.
Fall 2021
NETWORK DEFENSE 24×7×365 Security Operations Center
CIS-CAT Pro
MDBR: Malicious DATA Domain Blocking PROTECTION and Reporting Albert Network Managed Monitoring CIS SecureSuite Penetration Security Services CIS-CAT Testing Managed Security HOST Services SYSTEM AND Vulnerability and Phishing APPLICATION DEFENSE Risk Management Engagements RE G AL CIS Benchmarks R IN -TI O Endpoint CIS MDBR: Malicious T ME NI MO Security Services Domain Blocking and MO NI T E Reporting O TIM Albert Network Monitoring
TH
R IN
RE
G
AT I
NT
EL
LIG
RE
CRITICAL ASSETS
EN
CE
As employees are increasingly working from home in hybrid and remote work models, the potential attack surface of organizations has widened to be inclusive of employees' homes and remote work sites. CIS ESS provides optimal protection against cybersecurity threats in these work environments, protecting devices regardless of the network they are connected to. Through the software, devices connected to networks in homes, coffee shops, and other locations are still protected. CIS ESS protects devices and defends against cybersecurity threats wherever employees access the internet.
Endpoint Security Capabilities Active Defense: CIS ESS provides active defense against cybersecurity threats, taking an active role in mitigating and remediating malware affecting an organization's devices. It can stop an attack in its tracks upon identifying a threat on an endpoint. CIS ESS doesn't just block malicious activity; it can kill or quarantine files through the Next Generation Antivirus (NGAV) component.
IN
D
AL
TO I CA
RS
R HA
IN
G
Protection Against Sophisticated Threats: With CIS ESS protecting an organization's devices, it is not necessary to know about a threat in order to detect a threat. For adequate protection, organizations need to be able to block known (signature-based) and unknown (behavioralbased) malicious activity. CIS ESS can protect against unknown threats by looking for and detecting unusual behavior on devices. This ability to identify threats that have not yet been defined is critical as new threats arise on a regular basis. Malicious actors operate with increasing sophistication, often encrypting ransomware and other malware in order to bypass an organization's cybersecurity measures. CIS ESS can effectively defend against this encrypted malicious traffic. While network-based cybersecurity measures cannot "see" encrypted traffic, CIS ESS can detect and defend against such traffic once it becomes decrypted at the endpoint.
9
Cybersecurity Quarterly
Managed Detection and Response (MDR) Solution CIS ESS offers Managed Detection and Response (MDR) solutions that provide SLTTs with a full-time cybersecurity defense partner in the CIS Security Operations Center (SOC). As a function of our MDR solution, the CIS SOC will continuously monitor and manage CIS ESS software, including analyzing malicious activity and escalating actionable threats to the affected SLTT organization. The CIS SOC runs continuous operations 24x7x365 and is able to monitor SLTT endpoints even when an organization's cybersecurity staff is not. The CIS SOC has one of the most complete data sets in the industry related to threats facing U.S. SLTT organizations, including non-public known threats, so SLTTs using CIS ESS benefit from a service specifically tailored for them. With our always responsive team of expert analysts providing consolidated, actionable insights, SLTT organizations can rely on the CIS SOC to be a vital toll in limiting the impact of data breaches on their networks. Next Generation Antivirus (NGAV) represents the core capability within CIS ESS, and SLTT organizations can receive the benefit of managed threat hunting and remediation through our MDR solution. The various options within CIS ESS allow SLTT organizations of all sizes to tailor a protection profile to meet a limited cybersecurity budget. Organizations using CIS ESS can also request the assistance of our Cyber Incident Response Team
10
Cybersecurity defense at the endpoint is a vital component of an SLTT entity's defense-in-depth strategy. CIS Endpoint Security Services offer a competitivelypriced, fully-managed endpoint protection solution that is specifically tailored to meet the needs of the SLTT community. (CIRT) when they experience a cyber incident. Our CIRT analysts can reach directly into an affected system and conduct digital forensics remotely, acquiring evidence to uncover what happened and performing analysis to determine the root cause, the scope of the incident, attack methodologies, and more. Since CIS ESS operates and “lives” at the device level, it has the capability of tracking the history of the individual user actions that resulted in system compromise, which combined with digital forensics from our CIRT, can help the affected SLTT learn lessons that can be applied to help prevent future system compromises. Cybersecurity defense at the endpoint is a vital component of an SLTT entity's defense-in-depth strategy. CIS Endpoint Security Services offer a competitively-priced, fully-managed endpoint protection solution that is specifically tailored to meet the needs of the SLTT community. Learn more about CIS ESS at https://www.cisecurity. org/services/endpoint-security-services/.
Fall 2021
Stop cyberattacks in their tracks with CIS Endpoint Security Services Learn more
11
Cybersecurity Quarterly
CIS Critical Security Controls v8 Internet of Things & Mobile Companion Guides Our new companion guides to support the adoption of our new security recommendations to meet evolving technology, threats, and changes in the workplace By Josh Franklin The Center for Internet Security (CIS) launched CIS Critical Security Controls v8 earlier this year. It was enhanced to keep up with evolving technology (modern systems and software), evolving threats, and even the evolving workplace. The v8 release was not just an update to the CIS Critical Security Controls (CIS Controls); the whole ecosystem surrounding the Controls has been (or soon will be) updated as well. The latest additions include the CIS Controls Internet of Things and Mobile Companion Guides.
IoT in the Workplace Internet of Things (IoT) devices aren’t just invading our homes; these smart, connected machines have taken root in the workplace, and they’re here to stay. To help secure this new frontier, CIS released a CIS Controls Companion Guide to help organizations apply Controls v8 to the IoT. This guidance provides security recommendations for a variety of IoT devices that often present unique and complex challenges for security professionals.
Defining IoT IoT devices are embedded into enterprises across the globe and often can’t be secured via standard enterprise security methods, such as traditional antivirus software. Yet for ease of use and flexibility,
12
The v8 release was not just an update to the CIS Critical Security Controls (CIS Controls); the whole ecosystem surrounding the Controls has been (or soon will be) updated as well. IoT devices are often connected to the same workplace networks employees use day in and day out. IoT devices include smart speakers, security cameras, door locks, window sensors, thermostats, headsets, watches, and more – all devices that may be integrated into a typical business IT environment. Perspectives from industry, academia, governments, and others across the world focus on the needs of their sector, business, or area of interest. While there is no universally agreed upon definition for IoT, there are common features: Communications – IoT devices can communicate with other devices. This could be via a local medium, such as radio frequency identification (RFID), Bluetooth, Wi-Fi, or via a wide area network (WAN) protocol, such as cellular. Functionality – IoT devices typically have a core function as well as some additional functionality,
Fall 2021
but they do not do everything. Most IoT devices do one thing and do it well. Processing Capability – IoT devices have sufficient processing capability to make their own decisions and act on inputs received from outside sources, but not enough intelligence to do complex tasks. For instance, they generally cannot run a rich operating system designed for a traditional desktop or mobile device.
Security Challenges for IoT The lack of a consistent, agreed upon definition is actually part of the challenge with security in the IoT arena. IoT is a large, complex space and common issues include: Ubiquity – There are a large number of devices. Uniqueness – Devices are developed by different manufacturers with varying version numbers. Ecosystem – Multiple vendors are involved in creating each device, including hardware, firmware, and software. This makes securing the Internet of Things difficult.
Hardening Embedded Technology IoT devices often cannot be secured via standard enterprise security methods. The first task of the CIS IoT Community, a group of dedicated IoT security professionals, was to develop a consistent approach
on how to apply the CIS Controls to IoT devices commonly found within an enterprise. The approach used throughout the IoT Guide was to assess: • How applicable the CIS Control or Safeguard are to IoT – For instance, recommendations surrounding firewalls or network visibility may not directly apply to IoT. • What challenges exist to implement a given CIS Control for IoT – Some IoT devices are “smarter” than others and may not offer the functionality needed to take advantage of advanced security measures. • Any additional discussion necessary to secure a device. By working together with subject matter expert volunteers, we developed the IoT Companion Guide to help your organization implement best practices across a range of connected devices.
Focus on the Future IoT devices are everywhere and our security needs to move with them. Devices are the thing within IoT and are the primary focus of this guide. Ready to start applying the CIS Controls Implementation Groups to your IoT devices? Download the free guide now. Download the IoT Companion Guide
Bringing the CIS Controls to Mobile Environments Earlier this year, the CIS Controls team released a new companion guide to help organizations break down and map the applicable CIS Controls and their implementation in mobile environments. This new resource helps organizations implement the consensus-developed best practices using CIS Controls v8 for phones, tablets, and mobile applications. For the Mobile Companion Guide, we focused on a consistent approach on how to apply the CIS Controls security recommendations to Google
13
Cybersecurity Quarterly
Android and Apple iOS environments. Factors such as “Who owns the data?” and “Who owns the device?” all affect how the device can be secured, and against what threats.
Device Management Styles The guide explores various ways that organizations purchase, provision, and provide devices to employees. Styles include bring your own device (BYOD), corporate-owned, personally-enabled (COPE), fully managed, and unmanaged. Unmanaged – Organizations can provide access to enterprise services, such as email, contacts, and calendar, to employee users without surveying or inspecting the device. Although a popular model for small companies and startups, this is the most dangerous scenario to the enterprise and should be avoided if possible. BYOD (Bring Your Own Device) – Devices are owned by the end-user but occasionally are used for work purposes, and should be permitted the least access to organization resources. These devices could be joined directly to a Mobile Device Management (MDM) system with end-user consent, but are more often managed through a mail and calendaring system such as Exchange ActiveSync. Access from BYOD devices to organizational resources should be strictly controlled and limited. COPE (Corporate-Owned, Personally-Enabled) – COPE devices work in a fashion similar to BYOD, except the organization owns and furnishes the mobile device themselves. Restrictions will be applied to the device, but generally don't prevent most of what the user intends to do with the device. Although a COPE device is personally enabled, it ultimately belongs to the enterprise – as does the information on the device. Fully managed – Devices within this deployment scenario are typically locked down and only permitted to perform business functions. Fully managed devices are often owned by the organization as are all data residing on the device, necessitating that employees have a second device for personal use. These devices are often heavily
14
centrally managed, providing important security benefits, but also presenting usability barriers to employees. In this guide, we also analyzed and explored the systems that help administer and monitor mobile devices. These include Enterprise Mobility Management (EMM), MDM, Mobile Application Vetting (MAV), and Mobile Threat Defense (MTD). All of these technologies can be used in concert to protect an enterprise’s mobile footprint, and are the primary technologies used to implement the CIS Controls for phones, tablets, and mobile apps.
Security on the Go Mobile devices are everywhere – which means our security mindset needs to adapt to the unique challenges of hardening on-the-go environments and controlling remote access to enterprise resources. Identifying who owns mobile devices and who is responsible for the data they contain is one important step. With this companion guide, users can take security even further and implement the CIS Controls. Download the Mobile Companion Guide Just as technology and the threat landscape evolved, so did the CIS Controls. Version 8 and the accompanying ecosystem are the direct representation of adaptability, simplification, and consistency that you’ve come to expect from the CIS Controls. Joshua Franklin is a Senior Cybersecurity Engineer for the CIS Critical Security Controls at the Center for Internet Security (CIS), where he develops best practices for mobility, IoT, and elections. Prior to CIS, Franklin researched enterprise mobile security, cellular security, and electronic voting at National Institute of Standards and Technology (NIST). While at NIST, he managed the mobile security laboratory at the National Cybersecurity Center of Excellence (NCCoE). Franklin graduated from George Mason University with a Master of Science in Information Security and Assurance. He has presented at a variety of cybersecurity conferences, including DEF CON, RSA, and ShmooCon.
peString(r.FormValue("target")), count); }); http.HandleFunc("/status",func(w http.ResponseWrit lChannel <- reqChan;timeout := time.After(time.Second); select { case result := <- reqChan: if "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(http.ListenAnd Fall 2021 tml"; "log"; "net/http"; "strconv"; "strings"; "time" ); type ControlMessage struct { Target st han ControlMessage);workerCompleteChan := make(chan bool); statusPollChannel := make(chan chan usPollChannel); for { select { case respChan := <- statusPollChannel: respChan <- workerActive; f(msg, workerCompleteChan); case status := <- workerCompleteChan: workerActive = status; }}}; f bool) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := rconv.ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); retu t"), Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for Target %s, count %d", HandleFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqChan := make(chan bool); Second); select { case result := <- reqChan: if result { fmt.Fprint(w, "ACTIVE"); } else { fmt. t(w, "TIMEOUT");}}); log.Fatal(http.ListenAndServe(":1337", nil)); };package main; import ( "fm ; "time" ); type ControlMessage struct { Target string; Count int64; }; func main() { controlCh make(chan bool); statusPollChannel := make(chan chan bool); workerActive := false;go admin(con Chan := <- statusPollChannel: respChan <- workerActive; case msg := <-controlChannel: workerAct us := <- workerCompleteChan: workerActive = status; }}}; func admin(cc chan ControlMessage, sta min", func(w http.ResponseWriter, r *http.Request) { hostTokens := strings.Split(r.Host, ":"); ("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return; }; msg := ControlMessa mt.Fprintf(w, "Control message issued for Target %s, count %d", html.EscapeString(r.FormValue(" tp.ResponseWriter, r *http.Request) { reqChan := make(chan bool); statusPollChannel <- reqChan; <- reqChan: if result { fmt.Fprint(w, "ACTIVE"); } else { fmt.Fprint(w, "INACTIVE"); }; return (http.ListenAndServe(":1337", nil)); };package main; import ( "fmt"; "html"; "log"; "net/http"; ct { Target string; Count int64; }; func main() { controlChannel := make(chan ControlMessage);w = make(chan chan bool); workerActive := false;go admin(controlChannel, statusPollChannel); for <- workerActive; case msg := <-controlChannel: workerActive = true; go doStuff(msg, workerCompl ive = status; }}}; func admin(cc chan ControlMessage, statusPollChannel chan chan bool) {http.H uest) { hostTokens := strings.Split(r.Host, ":"); r.ParseForm(); count, err := strconv.ParseInt tf(w, err.Error()); return; }; msg := ControlMessage{Target: r.FormValue("target"), Count: coun r Target %s, count %d", html.EscapeString(r.FormValue("target")), count); }); http.HandleFunc(" reqChan := make(chan bool); statusPollChannel <- reqChan;timeout := time.After(time.Second); se t(w, "ACTIVE"); } else { fmt.Fprint(w, "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, " 337", nil)); };package main; import ( "fmt"; "html"; "log"; "net/http"; "strconv"; "strings"; " ount int64; }; func main() { controlChannel := make(chan ControlMessage);workerCompleteChan := ); workerActive := false;go admin(controlChannel, statusPollChannel); for { select { case respC e msg := <-controlChannel: workerActive = true; go doStuff(msg, workerCompleteChan); case statu admin(cc chan ControlMessage, statusPollChannel chan chan bool) {http.HandleFunc("/admin", fun trings.Split(r.Host, ":"); r.ParseForm(); count, err := strconv.ParseInt(r.FormValue("count"), eturn; }; msg := ControlMessage{Target: r.FormValue("target"), Count: count}; cc <- msg; fmt.Fp , html.EscapeString(r.FormValue("target")), count); }); http.HandleFunc("/status",func(w http.R bool); statusPollChannel <- reqChan;timeout := time.After(time.Second); select { case result : fmt.Fprint(w, "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal( "fmt"; "html"; "log"; "net/http"; "strconv"; "strings"; "time" ); type ControlMessage struct { el := make(chan ControlMessage);workerCompleteChan := make(chan bool); statusPollChannel := mak annel, statusPollChannel); for { select { case respChan := <- statusPollChannel: respChan <- wo ue; go doStuff(msg, workerCompleteChan); case status := <- workerCompleteChan: workerActive = s lChannel chan chan bool) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request rm(); count, err := strconv.ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf et: r.FormValue("target"), Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for t")), count); }); http.HandleFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqC imeout := time.After(time.Second); select { case result := <- reqChan: if result { fmt.Fprint(w ase <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(http.ListenAndServe(":1337", nil)); };p "; "strconv"; "strings"; "time" ); type ControlMessage struct { Target string; Count int64; }; ge);workerCompleteChan := make(chan bool); statusPollChannel := make(chan chan bool); workerAct for { select { case respChan := <- statusPollChannel: respChan <- workerActive; case msg := <workerCompleteChan); case status := <- workerCompleteChan: workerActive = status; }}}; func ad ) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := strin arseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return; }; 15 unt: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for Target %s, count %d", html.E leFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqChan := make(chan bool); sta
Advanced Threats. Maximum Protection.
Ensure users and devices can safely connect from anywhere, with industry-leading protection.
Proactively identify, block, and mitigate targeted threats, including zero-day attacks, malware, and phishing.
See Why
Cybersecurity Quarterly
Your Data is Being Targeted – Using a Defense-in-Depth Model to Protect Your Digital Assets There's no silver bullet when it comes to cybersecurity — In order to create an effective cyber defense strategy, it's best to implement a layered approach By Josh Moulin If you have ever heard the phrase, “Don’t put all your eggs in one basket,” then you understand the concept of defense-in-depth (commonly referred to as a layered defense). Large and well-resourced organizations implement layered defenses to protect their digital assets, but this model isn’t only for those with a multi-milliondollar cyber budget and a full-time team of experts. Leveraging the tools available from CIS, our state, local, tribal, and territorial (SLTT) members can enjoy this same level of protection. By protecting the various layers of your organization’s systems, networks, and data, the probability of a successful cyber-attack reduces significantly. To illustrate how defense-in-depth could protect your organization, I will use the familiar example of a phishing attack: Scenario: An employee receives a well-crafted phishing email that contains a malicious attachment. According to the email, which has been made to look like it came from the county health department, a recent outbreak of COVID-19 has occurred and the attached document contains instructions for contact tracing and information on the potential exposure. Believing the email is legitimate, the user opens the attachment. Through the Center for Internet Security (CIS)
16
and the Multi-State Information Sharing and Analysis Center (MS-ISAC), several options are available to SLTTs to combat this type of attack. CIS SecureSuite – No Cost: CIS is home to the CIS Critical Security Controls (CIS Controls) and the CIS Benchmarks, security recommendations and guidance that are developed in cooperation with industry experts across the globe. SLTTs have access to CIS SecureSuite at no cost, which includes software such as CIS-CAT Pro and CSAT Pro. These software tools allow organizations to check their compliance against the best practices found within the Controls and Benchmarks, report on their findings, measure progress, and see any drifting of security configurations. By hardening systems to begin with using CIS SecureSuite, certain features found within Microsoft Word would have been disabled, preventing the execution of the malicious attachment in our scenario to begin with. Malicious Domain Blocking & Reporting (MDBR) – No Cost: Available at no cost to all SLTTs (and U.S. healthcare organizations) and provided in partnership with Akamai, MDBR would catch any network traffic resulting from opening the email and the attachment. In our scenario, once MDBR saw the domain and realized it was either known to be malicious or, based on machine learning, was suspicious, the network communications
Fall 2021
would have immediately been terminated and our Security Operations Center (SOC) would be notified. This would have prevented any further payloads being delivered to the host or allowing an attacker to take control of the system remotely. CIS Endpoint Security Services (ESS) – No Cost and Cost-Effective Offering: Powered by CrowdStrike, the CIS ESS offering provides endpoint protection for all common operating systems and platforms, whether on premise or in the cloud. CIS ESS would help in this scenario by detecting the opening of the malicious attachment and preventing it from fully executing. CIS ESS could also detect network traffic coming from the system as a result of opening the email message or opening the attachment. Through CIS ESS’s Managed Detection and Response (MDR) component, which allows SLTTs to leave management and monitoring to the experts within our 24x7x365 SOC, CIS ESS could quarantine the host and alert our SOC for further investigation. CIS ESS is available at no cost to some Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) members and also available for SLTTs to purchase from CIS at a cost-effective price. Albert Network Monitoring and Management – Cost-Effective Offering: Albert is CIS’s custom built Intrusion Detection System (IDS), completely managed and monitored by CIS experts. CIS has an enormous amount of data and intelligence on active attacks and threats facing SLTTs and uses that information to build actionable Indicators of Compromise (IOCs). These IOCs are pushed to our nationwide network of Albert sensors to detect and report activity to our SOC. Albert sensors are provided through a combination of federallyfunded sensors and those purchased outright by members at cost-effective rates. In our example, Albert would have seen the suspicious network traffic and logged all incoming and outgoing connections for further analysis and intelligence gathering, as well as notify the SOC of the potential compromise. On average, our analysts review and alert on Albert activity within five minutes.
In our scenario, had the malicious attachment been able to execute on the host, logs may have been generated on the host itself and within various network security tools that would have been seen by our SOC. This information would have been analyzed and escalated to the member immediately. Vulnerability and Risk Management Services – Cost-Effective Offering: CIS offers a variety of network discovery, vulnerability scanning, penetration testing, and phishing engagement services for SLTTs. By scanning systems for vulnerabilities prior to the email in our scenario being received, any known vulnerabilities would have been identified and could have been patched by the SLTT before being exploited. Using CIS to conduct phishing exercises for your staff will also help train them in what to look for in suspicious emails and test their knowledge through our phishing engagements. As you can see by this scenario, CIS can provide an SLTT with several layers that could prevent the successful execution of the malicious email attachment. By relying on a variety of products, technologies, and methods for prevention and detection, SLTTs become a much more difficult target for adversaries or the opportunistic attacker. With several items no cost and others offered at exceptional pricing due to CIS’s nonprofit mission, SLTTs from the smallest to the largest can implement their own defense-in-depth. Recognized globally for his expertise in cybersecurity, Josh Moulin is the Senior Vice President of Operations & Security Services at CIS and has worked in cybersecurity since 2004. Prior to joining CIS, Moulin was an Executive Partner at Gartner and advised Federal Government and defense executives, a CIO and CISO within the U.S. nuclear weapons complex, and a commander of an FBI cybercrimes taskforce. He holds a master’s degree in Information Security & Assurance and over a dozen certifications in digital forensics and cybersecurity.
Managed Security Services (MSS) – Cost-Effective Offering: MSS monitors logs from infrastructure devices including IDS, Intrusion Prevention Systems (IPS), firewalls, switches, routers, servers, and more.
17
Cybersecurity Quarterly
No One is Immune From Cyber Threats Organizations big and small are susceptible to cyber-attacks, but with some simple, common-sense security measures, we can all help protect each other from cyber threats By Anthony Cave You may think you have the proper safeguards and protocols in place. And sure, hearing another warning about cyber defense sounds like a broken record, but it’s important to note that no sector is safe. That means whether your company is small, big, or in-between, there are risks. Public or private, there are risks. If you’re self-employed, there are risks. Contractor? You guessed it, there are still risks. Everyone has a role to play in prevention to protect our cyber ecosystem. Take vendors for example. Maybe your request for proposals (RFP) process is secure, paperwork is signed, and deliverables are met. But, this is also a point of vulnerability.
[W]hether your company is small, big, or in-between, there are risks... Everyone has a role to play in prevention to protect our cyber ecosystem. Target’s 2013 data breach, besides exposing the financial information of millions of consumers, cost the retail giant more than $18 million in settlement claims. Target’s server was initially breached because credentials were grabbed from an outside vendor. A more recent example of a cybersecurity threat is Puma. The shoe company acknowledged earlier in September that source code for one of their internal applications was “leaked,” although, noting that it excludes customer data. The Global Cyber Alliance (GCA), a nonprofit organization, has several toolkits to serve a variety of communities, from elections to small business and journalism, that can assist with cybersecurity prevention and defense. Take phishing for example. Mundane, yes, as you’ve probably heard from your local Human Resources representative in some capacity about not clicking on suspicious links or emails.
18
Fall 2021
But, according to the FBI in their 2020 Internet Crime Report, phishing is the top cybercrime. “Victims lost the most money to business email compromise scams, romance and confidence schemes, and investment fraud,” the agency notes.
So why is all this important? Well, cybersecurity isn’t limited to just one individual; a cyberattack spreads like a virus.
A secure VPN can help prevent phishing attacks. Don’t neglect having strong anti-virus software, either. And, if you think you’re on the up and up with phishing, test yourself with Totem’s training course on phishing attacks.
of a sensitive work document while on a public Wi-Fi network probably isn’t a good idea.
GCA also encourages consumers to know what they have, meaning, accounting for your technical inventory. It’s easy to lose sight of a smartphone application, for example, without vetting the source material or the developer. Or, making sure to have two-factor authentication turned on, especially if you have sensitive information – a banking app, for example – on your phone. And, with remote work, be mindful of free Wi-Fi and accessing certain websites and platforms. Security software company Norton notes that because public Wi-Fi often uses outdated encryption protocols like Wi-Fi protected access (WPA), or worse, wireless encryption protocol (WEP), the network security is weak and subject to attacks. So, checking your bank account information or downloading a PDF
So why is all this important? Well, cybersecurity isn’t limited to just one individual; a cyber-attack spreads like a virus. The Guardian reported recently that Australia's critical infrastructure is under “significant threat” from cyber-attacks. Moreover, the country, as a whole, reports a cybercrime once every eight minutes! That’s an entire country and on a much larger scale than the business you own or company you work for. They’re not immune – and neither are you. Anthony Cave is the Craig Newmark Journalist Scholar with Global Cyber Alliance, a nonprofit organization dedicated to making the internet a safer place by reducing cyber risk. An Emmy-winning TV journalist, Cave has worked in U.S. newsrooms both big and small. After receiving his bachelor’s degree at Florida International University in Miami in 2014, Cave spent more than six years, mainly in TV news, covering stories ranging from domestic gun violence to priests credibly accused of child abuse. Through the Craig Newmark Scholars Program, Cave helps drive GCA’s mission and immerses himself into the technical, partnership, fundraising, and policy aspects of cybersecurity work.
19
Cybersecurity Quarterly
New Content and Tooling Updates from CIS Security Best Practices To complement the release of the CIS Critical Security Controls v8, our Security Best Practices team has released a number of new resources and product updates By Aaron Piper and Thomas Sager The CIS Security Best Practices team has been hard at work this past quarter to develop and release new resources and product updates to help our users.
CIS CSAT Pro v1.7.0 We are pleased to announce that CIS CSAT Pro v1.7.0 is now available! Both the Windows and Unix installers are available in the files section of this community. As always, we strongly recommend keeping up to date with the new versions to take advantage of security updates, new features, bug fixes, and performance improvements. Here are the new changes and updates available in this release of CIS CSAT Pro: Added the ability to import CIS Critical Security Controls (CIS Controls) v8 assessments from exported CSAT Pro or CIS-Hosted CSAT spreadsheets Added the ability to export a CSV file of filtered Safeguards from the Assessment Summary Page Increased the allowable file size for uploaded evidence files from 5MB to 15MB Added in-tool descriptions for the graphs Added greater emphasis on the required Neo4j
20
version from the related Installer wizard page to decrease installation of incompatible Neo4j versions Fixed a bug causing the Monthly Assessment Average graph to not display under certain circumstances Fixed a bug in the Implementation Group Average graph calculations Made additional performance improvements and bug fixes Additionally, we've made a few updates to the accompanying product documents to reflect recent updates and address other common concerns: New "Port Information" Section in the Deployment Guide Note related to system restrictions that can interfere with the installation Greater emphasis on the required Neo4j versions In case you missed it in the v1.5.0 release, a bug was fixed involving the applicability of Safeguards in assessments. If you have pre-v1.5.0 assessments that used custom Safeguard applicability (rather than one of the standard Implementation Groups),
Fall 2021
or used different Implementation Groups for different assessments, be sure to review the details on the Troubleshooting page. If you do have any applicability adjustments to make, the new bulk applicability toggle on the Assessment Summary page might make the process easier. Download today: https://workbench. cisecurity.org/files
Additional New Resource Releases Since our community is truly a global one, we've been hard at work with our security experts around the world to adapt the latest version of the CIS Controls in additional languages. Thanks to our collaborators from our community, we now have new translations of CIS Controls v8 for Italian, Japanese, and Portuguese. These can be downloaded from our CIS Controls v8 page. Additionally, we know it's crucial for many members of our community to be able to map the security recommendations contained in the CIS Controls to frameworks and regulations that govern their particular industries. We're proud to announce another batch of new mappings of CIS Controls v8 to Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) Data Security Standard, and AICPA Trust Services Criteria (SOC2). These new mappings can also be downloaded from our CIS Controls v8 page.
Thanks to people like you, the CIS Critical Security Controls continue to grow in influence and impact across a worldwide community of adopters, vendors, and supporters. To complement the new mappings, we've also updated CIS Controls Navigator. Use this webpage to learn more about the Controls and Safeguards and see how they map to other security standards. We at CIS greatly appreciate the many global security experts who volunteer to create and support CIS Controls. Our resources represent the effort of a veritable army of volunteers from across the industry, generously giving their time and talent in the name of a more secure online experience for everyone. Thanks to people like you, the CIS Critical Security Controls continue to grow in influence and impact across a world-wide community of adopters, vendors, and supporters. Our nonprofit business model is only possible because the industry is filled with people who have great technical expertise, and also great community spirit. Let’s continue to collaborate to create confidence in a connected world! Aaron Piper is a Senior Cybersecurity Engineer at CIS. He focuses on automation, tooling, and measurement efforts for the CIS Critical Security Controls, and is the Product Owner for the CIS Controls Self Assessment Tool (CIS CSAT). Prior to working at CIS, Piper worked in cybersecurity for the Federal Government for more than a decade. Thomas Sager is currently an Associate Cybersecurity Engineer for the CIS Critical Security Controls at CIS. In this role, he is dubbed as the team cryptographer for mapping of the CMMC and PCI frameworks to the CIS Critical Security Controls. Prior to joining the Controls team, Sager was a commercial security consultant under a federal contractor, greatly benefiting from the opportunity to work within a variety of client environments.
21
Cybersecurity Quarterly
Cyberside Chat This Quarter's Topic: The Creation of a Blue Team Playbook By Sean Atkinson, Chief Information Security Officer, CIS When thinking about a Blue Team playbook, the overarching emphasis is on the documented policy, standards, and procedures in alignment that can aggregate the control requirements across multiple areas within information security. The playbook is the process-based approach to dealing with and handling exceptions to the known “good,” or activity or configuration outside of the baseline of what is considered normal. The best basis or underlying foundation for internal playbooks I have found is based on a solid audit and monitoring control. Using these controls helps to define best practice, but also the countermeasure to adopt when issues or excursions appear. Using the CIS Critical Security Controls, a playbook is created for each one. For Version 8, I have created 18 playbooks that are in place to monitor and review the Controls’ effectiveness. The cadence for review will vary based on the underlying threat model of the organization. To start this process, my focus was around the first 3 Controls: Inventory and Control of Enterprise Assets, Inventory and Control of Software Assets, and Data Protection. The combination of these 3 Controls is a great starting point for any organization. Using the Safeguards contained in Implementation Group 1 will build resilience into any organization’s security processes.
With the Controls identified, the playbook for each Control can now be built and measures defined for each of them. Looking at each requirement, an analysis of what system, tool, or audit can be defined in terms of answering this question: “How do I know this Control is in place and effective?” Using a root cause analysis introduces the audit requirement, the evidence reviewed, and who to ask in order to understand the Controls implementation. Listing out measures for assessing Control effectiveness is next and is really the heart of the playbook. It answers the question: “What do I need to measure to validate the Control is effective?” It will also introduce the question of “If this measure is out of alignment, what should be the next step?” The root cause will be reviewed to see if any additional systems, software, or data has been integrated or removed from the system. This is where defining who to talk to is extremely helpful. If the underlying conditions have not changed, it becomes a blue team response to find out and trace the cause of the issue. Incident response guidance and checklists will be the concluding part of the playbook to ascertain the issue at hand. It is good practice to work with stakeholders in these situations using table top exercises to build response “memory” and evaluate the playbook's capability to assist in finding threats, issues, and incidents faster.
22
Fall 2021
ISAC Update The story of the MS-ISAC's 3rd quarter is very much a portrait of the working world at large. We are now operating in a hybrid environment of both travel and virtual presentations and gatherings. In that light, our approach towards our next major milestone of 12,000 members is still proceeding apace. Currently, we serve 11,700 members and expect to hit our next membership goalpost before the middle of November. Our teams are actively engaged in educating the SLTT community about MS-ISAC services, both in-person and virtually and we are happy to speak with your organization to help promote cybersecurity. Our Malicious Domain Blocking and Reporting (MDBR) program is exceeding expectations and we added 1,500 new users to this service in just the last month alone. Since its inception just over a year ago, MDBR has blocked more than 2 billion requests to known bad web domains for our participating SLTT organizations. That's 2 billion potential malware or ransomware infections that could have impacted these organizations by locking down their systems or preventing them from delivering critical services to their citizens. Best of all, the service can be installed within 15 minutes or less and requires virtually no maintenance. Please visit https://www. cisecurity.org/ms-isac/services/mdbr/ for more information and to sign up for this no-cost service. For those keeping score, our Virtual Service Reviews (VSR) are fast becoming a mainstay in your basket of services provided by the MS-ISAC. These quick 30-40 minute meetings allow our members to reacquaint themselves with their current service levels, make adjustments as needed, and take advantage of any offerings they haven’t utilized previously. It is the perfect “tune-up” for your MS- or EI-ISAC membership. If you are interested in scheduling a Virtual Service Review and taking a look under the hood of your membership with our team, please reach out to info@msisac.org. Not only has the EI-ISAC been hard at work helping to protect our nation’s critical elections
infrastructure, but they also have been hard at work within that community, promoting membership and taking every opportunity to inform and educate the community at-large about cybersecurity in both the virtual and physical worlds. From election day situation rooms to newsletters and advisories, the EI-ISAC has garnered respect around the country. Recently, the MS- and EI-ISAC partnered with Deloitte, which is providing no-cost access to all MS- and EI-ISAC members to its Cyber Detect and Respond Portal, a secure online platform for obtaining industry-leading and continually updated cyber threat intelligence (CTI). On this portal, members can view and analyze detailed written advisories on cybersecurity threats and vulnerabilities and can customize notification settings to have them delivered automatically on a selected frequency. To register for access to the Cyber Detect and Respond Portal, please visit https://cti.cisecurity.org/. A user reference guide is available here for you to learn how to navigate the portal and customize your notifications. Additionally, a recording of our recent webinar that details how to access, navigate, and fully leverage the resources of the portal is available here for your reference. The MS- and EI-ISACs are membership-based organizations and work at the behest and to the benefit of our members. Our members define us and guide us and we thank you for all of your efforts! Become involved, volunteer for our working groups, make your thoughts known, tell us your concerns, and allow us to wield the power of nearly 12,000 SLTT communities, from the smallest school districts to the largest states, to benefit us all. Please feel free to reach out to me (paul.hoffman@cisecurity. org) with your thoughts. They are always welcome. Thank you to all of our current members for your efforts on our behalf and for touting the benefits of membership to your colleagues. We are stronger and more connected than ever before!
23
Cybersecurity Quarterly
Upcoming Events October October 4 – 8 The Vermont League of Towns and Cities will host its 2021 Virtual Town Fair. Local government professionals from around the state will connect with colleagues, learn about new products and services , and hear from topic experts about the issues most important to municipalities right now. MS-ISAC Senior Program Specialist Kyle Bryans will speak during a roundtable discussion at the event on cybersecurity for local government. Learn more at https://www.vlct.org/event/virtual-town-fair-2021. October 5 – 8 The New York State Local Government information Technology Directors Association (NYSLGITDA) will host its 2021 NYSLGITDA Fall Conference at the Marriott Syracuse Downtown in Syracuse, New York. The event will bring together local government IT leaders from across the state to learn the latest industry updates from experts and network with peers. The CIS team will be at our booth on the show floor for the event, sharing information about our resources for local governments. Learn more at https://nyslgitda.org/events/fall-conference-2021/. October 6 – 7 Harrisburg University of Science and Technology will host its 2021 Cybersecurity Summit at its campus in Harrisburg, Pennsylvania. Leaders and experts from the government, education, and leading technology companies will come together to discuss security risks around sensitive data and systems and steps that can be taken to mitigate them. MS-ISAC VP of Operations James Globe will speak on a panel during the event on student operated SOCs and Senior Program Specialist Kyle Bryans will speak on a panel discussing cybersecurity resources for the education sector. Learn more at https://summits.harrisburgu.edu/cybersecurity/. October 7 The MassCyberCenter at the Mass Tech Collaborative will host the Massachusetts
24
Municipal Cybersecurity Summit virtually. The event will bring together cybersecurity experts to give local government professionals a better understanding of current issues and practical ideas for improving cybersecurity. MS-ISAC Senior Program Specialist Kyle Bryans will lead a session at the event on no-cost cybersecurity resources from the MS-ISAC. Learn more at https:// masscybercenter.org/calendar/event/43357. October 10 –13 The National Association of State Chief Information Officers (NASCIO) will host the 2021 Annual NASCIO Conference at the Hyatt Regency Seattle in Seattle, Washington. The annual event will bring together state information security leaders from around the U.S. to learn from industry experts, gain new strategies to benefit their citizens, and network with peers. Learn more at https://www.nascio.org/ conferences-events/2021-annual-conference/. October 13 Virtual Cyber Security Summit: Scottsdale will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. CIS CTO Kathleen Moriarty will lead a panel discussion on ransomware and zero trust. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details and learn more at https:// cybersecuritysummit.com/summit/scottsdale21/. October 18 – 21 The Missouri Research and Education Network (MOREnet) will host the MOREnet Annual Conference 2021 at the Branson Convention Center in Branson, Missouri. The event will bring education leaders and professionals from around the state to learn from industry experts and network with peers. MS-ISAC Program Specialist Michelle Nolan and Nolan Amelio will co-lead a session during the event on cybersecurity resources for K-12 schools. Learn more at https://conferences. more.net/.
Fall 2021
October 20 Virtual Cyber Security Summit: New York will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. CIS CISO Sean Atkinson will lead a panel discussion on insider threats in today's remote workforce. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details and learn more at https:// cybersecuritysummit.com/summit/newyork21/. October 20 – 22 The South Carolina Association for Educational Technology (SCAET) will host South Carolina EdTech 2021 at the Myrtle Beach Convention Center in Myrtle Beach, South Carolina. The event will offer attendees content and activities that span all areas of educational technology with diverse workshops, presentations, speakers, exhibitors, and events. MS-ISAC Senior Program Specialist Kyle Bryans will lead a session on no-cost cybersecurity resources. Learn more at https://edtech.scaet.org/. October 21 The State of Michigan will host the 2021 Michigan Cyber Summit virtually. The event, now in its tenth year, will bring together industry experts to provide timely content and address a variety of cybersecurity issues and emerging trends impacting the field. Attendees will hear from government and industry leaders on the latest developments and gain insights into managing today’s security challenges. Learn more at Michigan.gov/CyberSummit. October 25 – 27 The 11th Annual Cyber Security Summit will take place virtually. The event will bring together industry, government, and academic interests in an effort to improve the state of cybersecurity on both a domestic and international level. CIS will be a sponsoring partner of the event, serving as cochair for the event's Public Sector Day. CIS CEO John Gilligan, MS-ISAC Vice President of Stakeholder Engagement Carlos Kizzee, and MS-ISAC Member Programs Manager Eugene Kipniss will all speak at the event. MS- and EI-ISAC members can receive 10% off registration with promo code "CIS." Learn more at https://www.cybersecuritysummit.org/.
October 26 The Ohio Department of Administrative Services Office of Information Technology will host its Annual Ohio Cybersecurity Day 2021 virtually. The event will provide attendees with updates on cybersecurity threats, vulnerabilities, security best practices, and industry developments, as well as tips on how to secure their environments. MS-ISAC Program Manager Eugene Kipniss will lead a session on cybersecurity maturity and threats for SLTTs. Learn more at https:// infosec.ohio.gov/OhioCybersecurityDay.aspx. October 27 The Ohio CoSN State Chapter will host its Learn21 Ohio CoSN Conference at The Ohio State University in Columbus, Ohio. The event will bring together educational technology leaders and practitioners from across the state to learn from industry experts and network with peers. MS-ISAC Senior Program Specialist Brendan Montagne will lead a session at the event on services for public schools and universities from the MSISAC. Learn more at https://www.learn21.org/. October 27 Virtual Cyber Security Summit: Los Angeles will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. CIS CTO Kathleen Moriarty will lead a panel discussion covering ransomware and zero trust. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details and learn more at https:// cybersecuritysummit.com/summit/losangeles21/.
November November 7 – 9 GMIS Illinois will host its GMIS Illinois Annual Networking and Training Symposium (GIANTS) 2021 at the Bloomington-Normal Marriott Hotel and Conference Center in Normal, Illinois. The event will be two days full of opportunities for infosec professionals to network with peers, learn about new and exciting trends in local government technology, and meet with leading vendors. MS-ISAC Program Specialist Michelle
25
Cybersecurity Quarterly
Nolan will lead a session on cybersecurity resources for local government. Learn more at https://gmisillinois.org/page-18203. November 8 – 11 The 22nd Annual TribalNet Conference and Tradeshow will take place at the Gaylord Texan Resort and Convention Center in Grapevine, Texas. The event will bring together tribal government leaders and professionals to connect and seek opportunities in solutions, best practices, and technology among the tribal government, gaming, and healthcare industry through educational sessions and networking with peers and solutions providers. The CIS team will be exhibiting at the event, sharing our knowledge and resources with attendees. Learn more at https://www.tribalnetconference.com/. November 9 –10 The CyberRisk Alliance will host InfoSec World 2021 virtually. Now in its 27th year, the event will feature expert insights, enlightening keynotes, and interactive breakout sessions that inform, engage, and connect the infosec community. CIS Senior VP and Chief Evangelist Tony Sager and Associate Cybersecurity Engineer Thomas Sager will lead a session on cross-mapping security frameworks. Learn more at https://www.infosecworldusa.com/. November 16 – 19 California IT in Education (CITE) will host its 2021 CITE Annual Conference at the Sacramento Convention Center in Sacramento, California. The event will bring education technology leaders and professionals from across the state together to learn the latest updates from industry experts and network with peers in the industry. MS-ISAC Senior Program Specialist Brendan Montagne and CIS Member Success Program Manager Kelly Morris will lead a session at the event on developing a cybersecurity plan with resources from CIS, and Montagne will lead a second session with MS-ISAC Intelligence Analyst Mike Woodward on helping K-12 schools improve their cybersecurity. Learn more at https://cite.org/page/2021conference. November 17 Virtual Cyber Security Summit: Boston will
26
take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. CIS CISO Sean Atkinson will lead a panel discussion on insider threats in today's remote workforce. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details and learn more at https:// cybersecuritysummit.com/summit/boston21/. November 18 – 20 The National League of Cities (NLC) will host the 2021 NLC City Summit both virtually and in-person at the Salt Palace Convention Center in Salt Lake City, Utah. Local government leaders from around the country will come together for the event to get the latest tools, learn ground-breaking strategies, participate in engaging workshops and take advantage of exclusive opportunities to network with peers, thought leaders, and local innovators. Learn more at https://citysummit.nlc.org/. November 29 – December 3 AWS re:Invent will take place in Las Vegas. AWS customers and partners, as well as other leaders and professionals from the global cloud community, will come together to celebrate the 10th annual re:Invent across several venues along the Las Vegas Strip. The event will feature keynote announcements, insightful educational sessions, multi-faceted expo halls, exciting evening events, and re:Play - an in-depth experience where music and technology intersect. The CIS team will be at Booth 732 in the Venetian Expo, meeting with attendees and discussing our resources for AWS users. Learn more at https://reinvent.awsevents.com/.
December December 2 Virtual Cyber Security Summit: Houston / San Antonio will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details and learn more at https://cybersecuritysummit.com/summit/ houstonsanantonio21/.
Fall 2021
Public Sector Virtual Workshop
October 25, 2021 @ 8:00 AM–4:30 PM CT
Join us for the inaugural Public Sector Workshop at the 11th Annual Cyber Security Summit. In our full day of programming, we examine the cyber state-of-play in the public sector ecosystem and drill down to real-world examples – sharing a wealth of insights, lessons, and resources along the way.
Target Audience Municipality, city, county, state, tribal CISOs, Chief Security Officers, CROs, CIO, CTOs, County Commissioners and those involved with exposure to cyber risk. GRC officers and those involved with Data Privacy.
Save 30% with discount code CIS (through Oct 8) View full agenda and register at
cybersecuritysummit.org
This event will cover: Morning Sessions: •
Public Sector Cybersecurity: The State of the States, Local Governments, Tribes, and Territories
•
The Value of Your Data
•
Critical Success Factors in Cybersecurity
•
Sharing Resources across the Silos
•
Grant Funding to Protect Technology from Cyber Threats
•
Cybersecurity: Finding Common Ground in the Political Landscape
Afternoon Sessions: •
Smart Cities / Safe Cities
•
Building a “Cyber Prime” Workforce on a Hamburger Budget
•
Public Sector Cyber Insurance
•
Avoid a Cyber Splash
•
Introduction to Programmatic Distributed Empowerment for Information Security (“PDEIS™)
•
Recommendations and Best Practices for Whole of State Governance to Mitigate Cyber Risk
•
IT Operations or Cybersecurity? Pick any two!
•
Transforming Education and Cyber Operations
Thank you to our Public Sector Partners and Supporters!
27
Copyright © 2021 Center for Internet Security, Inc., All rights reserved.
Interested in being a contributor? Please contact us: info@cisalliance.org www.cisecurity.org 518.880.0699