0

Briefing on Cyber SecurityAdministration CommitteeApril 28, 2020

Julius SmithVice President, Chief Information Officer

1

Cyber Security Overview

• Introduction

• The Threat Landscape

• DART Cyber Security Program

• Defensive Steps

2

Digital DART

Cloud

End Users

ITS/IVC

Network Infrastructure

Applications/Databases

Headquarters

The

Big

Pic

ture

The Threat Landscape

FBI Cybercrime Stats

High Profile Breaches

COVID-19 Impact

4

FBI Crime Complaint Center 2019 Statistics

IC3 = Internet Crime Complaint Center

1

2

3

4

5

Threat Landscape & Recent Cyber Security Attacks

Source: https://www.identityforce.com/blog/2020-data-breaches

High profile breaches January 2020 to April 2020

6

COVID-19 Exploited by Malicious Cyber Actors

The COVID-19 pandemic is changing everyday life for workers across the globe. We continue to see attackers take advantage of the coronavirus situation to lure unsuspecting users into various pitfalls such as phishing, fraud, and disinformation campaigns.

• Phishing, using the subject of coronavirus or COVID-19 as a lure

• Malware distribution, using coronavirus- or COVID-19- themed lures

• Registration of new domain names containing wording related to coronavirus or COVID-19

• Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.

7

Account Hijacking on the RiseAccount hijacking is prevalent and fast-growing affecting organizations’ user accounts and application access as well as individual users personal accounts and identity.

• Hijacking by Phishing deceives users into providing their user-names, passwords, and account numbers via deceptive e-mails, fake Web sites, or both

• Hijacking with Spyware works by inserting malicious software, often referred to as “spyware,” on a person’s computer

• Most organizations haven’t implemented Multi-Factor Authentication to mitigate account hijacking risks

8

COVID-19 Remote Work• Ensure meetings are private, either by requiring a password for entry or controlling guest access

from a waiting room

• Do not share a link to a teleconference

• Consider security requirements when selecting vendors

• Ensure VTC software is up to date

• Employees should continue to be wary of unsolicited emails they receive that contain attachments or embedded links relating to the pandemic

• Using secure Virtual Private Network (VPN) connections with multi-factor authentication structures

• We have worked to safeguard the remote workforce to share data securely

• Launched updated Cyber Security Awareness Training

9

DART Cyber Security Program

Principles

Security Strategy

Risks Domains

10

Principles

“DART approaches cyber security as an enterprise-wide risk management issue, not just an IT issue.”1

“We understand the legal implications of cyber risk as they apply to the Agency’s specific circumstances.”2

“DART leadership sets adequate access to cyber security expertise, and discussions about cyber risk management on the cyber security governance council meeting agenda.”3

“DART leadership sets the expectation that management will establish an enterprise-wide cyber-risk management framework.”4

“Cyber risks discussions will include identification of which risks to avoid, which to accept, and which to mitigate or transfer through insurance, as well as specific plans associated with each approach.”5

11

Security Strategy Considerations

BUSINESS PLAN

THREATS REVIEW

GOVERNANCE

VISION STATEMENT

GAP ANALISYS

PRIORIZATION

DEPARTMENTS TECH

STRATEGY

COOP & BUSINESS

CONTINUITY

ECOSYSTEM MONITORING

National Institute of Standards and Technology Cyber Security Framework

12

Data, Technology, and Physical Security Risks Domains

Information Technology

Security

Operational Technology

Security

Health, Safety, Environmental

Product/Service Management

Security

Supply Chain Security

Head of Info/Network

Security

Data Security

13

Defensive steps

Our People

Security Response

Security Updates

14

First line of defense our people..• Deployed the updated 2020 DART

Computer-Based Cyber Security Training

• Bus and Rail Operators Cyber Security Training

• Cyber Security Campaigns

• InfoStation Communications

• Email on Threat Landscape

• Password complexity and new password portal

• Multi-Factor Authentication

• Identity Management

• Physical Security

15

Security Response

Classification ResponseEVENTAn event is an observed change to the normal behavior of a system, environment, process, workflow or person. Examples: router access control lists (ACLs) were updated, firewall policy was pushed.ALERTAn alert is a notification that a particular event (or series of events) has occurred, which is sent to responsible parties for the purpose of spawning action. Examples: the events above sent to on-call personnel.INCIDENTAn incident is an event that negatively affects the confidentiality, integrity, and/or availability (CIA) at an organization in a way that impacts the business. Examples: attacker posts company credentials online, attacker steals customer credit card database, worm spreads through network.

Through security tools and automated correlation engines the security events were reduced to

actionable and addressed 2,049 alerts

Managed Security Service Provider (MSSP) Level 1 Security operations Center (SOC)

mitigated 1415 of the alerts

634 alerts were escalated from MSSP to DART Level 2 & 3 SOC

For the first quarter of 2020, DART observed 7,977,813 security events

SECURITY OPERATIONS

16

Security Updates

VENDOR MANAGEMENT & RISKS REVIEWS-Vendor management audit completed. Updating processes and procedures.

PAYMENT CARD INDUSTRY DATA SECURITY AUDIT -Completed Recertification March 2020

-Awarded Report of Compliance (ROC)

-Awarded Attestation of Compliance (AOC)

CYBER & DATA GOVERNANCE-Focused on policy, standards, and governance execution

APPLICATIONS & ARCHITECTURE -Routine applications, operating systems, and hardware updates

-Patch Management

-Multi-factor Authentication

- Multiple Virtual Private Network (VPN) Solutions

01

02

03

04

17

Designing Secure Solutions

Security-led projects to enhance and/or implement new safeguards

Review of software applications and security architecture of other departmental and inter-departmental projects

Review of virtual conference rooms, new cloud applications and providers through vendor security management process

Technology Network Security Operations section is involved in multiple “secure-by-design” architecture initiatives.

Multi-factor authentication (MFA) method in which a computer user is granted access only after successfully presenting two or more pieces of evidence

18

Thank you