Cyber Security & Intelligence Sharing in Our Schools By Steve - PowerPoint PPT Presentation

Cyber Security & Intelligence Sharing in Our Schools By Steve Palmer & Anthony Aukland

Today’s Topics • Digital Citizenship • EduTech O365 Security Pages • Physical School Access • Intelligence Sharing & North Dakota

North Dakota K-12 Schools • 530 Schools • 183 School Districts • > 100,000 Students • > 18,000 Teachers Faculty and Administrators All connecting to one big network StageNet

Digital Citizenship Defined as the norms of appropriate, responsible technology use • Helps teachers, technology leaders and parents understand what • students/children/technology users should know to use technology appropriately More than just a teaching tool; it is a way to prepare students/technology • users for a society full of technology. Too often we are seeing students as well as adults misusing and abusing • technology. The issue is more than what the users do not know but what is considered • appropriate technology usage.

Kids LEAD Digital Lives Kids ages 8-18 spend 7 hours and 38 minutes per day online • If a child sleeps 8 hours per night, that means ONE HALF of the time that he or she • is awake is spent online § 33% Online § 33% Offline (awake) § 33% Asleep Some common online issues kids face include: • § Cyber Predators § Cyber Bullying § Identity Theft

Students as Digital Citizens World at their fingertips… Smart phones/tablets • Social Media • Online Games • § Xbox, PlayStation, iOS Online Learning • Technology Carts : Students • § 1:1 in the schools § iPads, Chromebooks, Surfaces, Laptops

Digital Citizens Responsible Practices Passwords • Complexity § Pass Phrases § Length § Password Storage § Do’s and Don'ts? o Accounts • User ID's / Multiple § • Cyberbullying

Why we need Cybersecurity? Crimes that happen in real life – such as stealing – also happen on the • Internet. Just like you have to look both ways before crossing the street, you have to • be careful when using the Internet. The Department of Homeland Security helps you protect yourself from • dangers on the Internet by teaching you what to look out for online. Often, we might not realize that our actions online might hurt us, our • families, and even our country. Learning about the dangers online and taking action to protect ourselves is the first step in making the Internet a safer place.

World’s Biggest Data Breaches

EduTech O365 Security Pages

Security Advisories

Policy Templates

Security Awareness Information

Cyber Career Paths • Are you Creative? § Keep people from becoming victims on online attacks § Find system weaknesses § Do you like to observing people and their behavior? § Are you a problem solver? • Are you Analytical? § Make hardware hacker proof § Do you want to make sure phones, airplanes, cars and other equipment hacker-proof? § Make software hacker proof • Are you Technical? § Hunt down bad guys on the Internet? § Oversee systems and everything connected to it? § Be an Internet first responder?

Physical School Access • 65 School Districts visited…So far • What I have seen § Visitor badges § Visitor Logs § No visitor logs • Social Engineering

What is intelligence? The collection of information and analysis to provide guidance through assessing data Why is intelligence sharing important? The 9/11 attacks were a mandate for change. The inability of the U.S. intelligence community to “connect the dots” due to inefficient information-sharing mechanisms and the gap in domestic intelligence led to improving the nation’s intelligence sharing. Reformation since 9/11 resulted in the creation of Department of Homeland Security • • Director for National Intelligence • National Counter Terrorism Center Revamping Federal Bureau of Investigation capability • State and Local Fusion Centers •

What is the NDSLIC? • NDSLIC is owned and operated by North Dakota with support from Department of Homeland Security State and Local Program Office. • Focused on Information Sharing: Gather, blend, analyze, and share information with traditional and non-traditional partners. Collaborative: Work with multiple agencies to detect, prevent, apprehend, and • respond to criminal terrorist activity Flexible: All Crimes and All Hazards approach as most fusion centers. • We are committed to protecting the civil rights and civil liberties of all • Americans • NOT Focused Only on Terrorism: NDSLIC has broader Capabilities to assist in counter-terrorism as well All Crimes and All Hazards Missions.

Who is the NDSLIC North Dakota State and Local Intelligence Center 1 BCI Special Agent (Director) 3 NG Counter-Drug Analysts • • 1 NDHP Sergeant 1 Critical Infrastructure Program • • 1 NDDES Civilian Analyst (Chief of Manager • Operations) 1 North Dakota Anti-Terrorism • 1 Information Liaison Officer (ILO) Program Force Protection Officer • 5 BCI Intelligence Analysts 1 North Dakota Anti-Terrorism • • 1 DHS Intelligence Officer Program Specialist • 1 Information Technology 1 US Border Patrol Agent • • Department Cyber Analyst

NDSLIC links North Dakota Public & Private Sectors, National Network of Fusion Centers & Intelligence Community Includes Higher Education, K-12 Schools, Energy and Financial Industries MS-ISAC, E-ISAC, F-ISAC, Infragard, Cyber Intelligence Network, Center for Internet Security

NDSLIC Support and Products • Weekly Intelligence Summary Critical Infrastructure and Key Resources § Cybersecurity Bi-Weekly § • Cybersecurity Alert • Site Assistance Visits • Public Advisories • Security / Safety Training • Threat Assessments • Various Analytical Charts

Who is attacking us? Cyber Criminals • § Organized Crime (US, Russia/Ukraine, etc…) § Malware / Phishing / Ransomware / Social Networking Hacktivists • Ideologically Motivated = political issues § Website Defacements / DDoS / Doxing § • Terrorist Groups / Extremists § Propaganda / Fundraising/Recruitment Youth targeting § 3 British teenage girls travelling to Syria to join ISIS o http://www.cnn.com/2015/02/25/middleeast/isis-kids-propaganda/ o • Nation States / Advanced Persistent Threat § Foreign Governments Capability & Intent § https://www.technologyreview.com/s/603262/ukraines-power-grid-gets- § hacked-again-a-worrying-sign-for-infrastructure-attacks/

Intelligence Sharing with EduTech Wildfire Reports Tech Coordinators Name, On DAY, MONTH, YEAR we were notified about the following device that generated a WildFire alert. Name: k12.nd.us Address: 10.XXX.XXX.XXX The alert was caused by a WildFire submission that came back as malicious. What does that mean? 1.It was a file that was not seen by our PA WildFire service 2.It was uploaded to the cloud to be analyzed 3.The file was actually downloaded by the device 4.WildFire determined it was bad and is now blocking 5.The filename of the identified file was "Malicious Code file name from e-mail XXXXXX.EXE " The device should be investigated for any signs of compromise and a full AV scan should be run. I have attached the wildfire report on the characteristics of the malware. EduTech Ticket # H2HXXXXXXXX When you find the devices and remedy the situation, please provide me a resolution. Thank you.

National Cases • Spring Lake Park Schools Michigan (December 2016) http://abcnewspapers.com/2016/12/07/ransomware-virus-attacks-slp-schools-technology/ § Backups had them up and running in two days without paying a dime § Cloquet Minnesota Schools (March 2016) • § http://www.duluthnewstribune.com/news/crime/3989320-cloquet-schools-suffer-ransomware-attack $6000 ransom § Did not pay ransom § School cancelled for 1 day § Phishing / Spam Email § Bigfork Montana (November 2016) • http://www.edweek.org/ew/articles/2017/01/11/ransomware-attacks-force-school-districts-to.html § Phishing / Spam Email § Did not pay ransom § Cockrell Hill Police Department (January 2017) • http://www.csoonline.com/article/3163045/security/ransomware-steals-8-years-of-data-from-texas- § police-department.html $4000 ransom § § Files affected went back to 2009, 8 years of data gone Spam Email §

North Dakota Cases Targeted & Untargeted • Phishing Email • Personal Email • Phone Calls • Financial Gain • 6 cases identified • Some companies had no backup or discovered backups were not • working and forced to pay ransom Lost 4 years worth of data • Agencies, Healthcare, Retirement

Is it really ANONYMOUS? Be vigilant anyway

Daughter’s Stolen iPad Stolen during work • Called me “as soon as she knew” • Logged in to iCloud and put device in Lost mode • Put my phone number and name on the message • Must have still had wireless or found a known wireless network to receive the message • NON-CELLULAR iPad •

Daughter’s Stolen iPad 3 months later phone call from Kansas gas station manager • Customer used it as collateral for gas • Station Manager’s father plugged it into a PC • Lost iPad Message appeared • Gave it to local Police who shipped it to Bismarck PD •