CIF Cybersecurity Sessions
Share |

CIF Focus Area: Cybersecurity & Resiliency
Few subjects raise as many questions or fears as the security challenges inherent in our connected world and how they can impact 9-1-1 systems and PSAPs. Today’s 9-1-1 professionals must be aware of – and have strategies to manage – threats that were unimaginable just a few short years ago.

From SWATting to Denial of Service Attacks, from foreign surveillance of critical systems to the real possibility of a sustained impact to our nation’s power grid, the importance of addressing these issues and maintaining uninterrupted PSAP operations is undeniable. Attend the CIF to learn about and address these topics that should be on the minds of everyone in 9-1-1.

Session 1: Threat & Response
Deciding what you’re going to secure, and how, starts with understanding the threats your PSAP is likely to face. Our opening sessions will give you a glimpse of the basic hacker capabilities that are commonly seen "in the wild,” and an overview of the NIST CyberSecurity Framework that helps you protect critical systems and networks. Presentations include:

  • We Hacked a PSAP
  • We Hacked YOU
  • Policy Drives Practice: Write It Down, or It Won’t Happen

Session 2: Identify
Before you can protect your systems and networks, you have to know what they are. That’s why the NIST framework begins with inventories of devices, software, and data (authorized and un-authorized). This section of our CIF will teach you what to look for, and highlight the types of tools that can make this process much, much easier. Presentations include:

  • You Have to Know What You Have to Know What You Have to Defend!
  • Inventorying Hardware, Software, and Connections

Session 3: Protect
Once you know what your IT landscape looks like, it’s time to start building defenses. This section describes the basic protective layers required for a baseline defense-in-depth strategy, and provides examples of software and devices you should consider installing in your PSAP. Presentations include:

  • Panic and Freak Out! – How to Build an Information Castle
  • The Moat: Network Firewalls, VPN Servers, and Secure Proxies
  • The Drawbridge: Intrusion Prevention Systems
  • The Portcullis: Secure Machine and Configurations and the "Least Privilege” Principle
  • The Guards: anti-malware and antivirus software
  • The Keep: Secure Data Storage and Backup

Session 4: Detect
A determined, well-resourced attacker can beat nearly any defense. When (not if) you’re breached, it’s important to begin your response as quickly as possible. That’s why many security experts recommend a "monitor first” approach to security. This section will teach you the basics of logging and log analysis to help you catch intruders who breach you defenses. Presentations include:

  • You Won’t See What You Aren’t Looking for: Log All of the Things!
  • Finding Vulnerabilities – Before Your Adversaries Exploit Them
  • Intrusion Detection Systems – More Detail
  • Hacking Yourself – NIST Gap Assessment and Penetration Testing

Session 5: Respond
You’ve discovered a breach: Now what? This section will teach you the basics of incident response, including what to do, and who to call. It’ll also highlight some common response mistakes and blind spots that can allow an attacker to regain a foothold in your systems. Presentations include:

  • What to do When You Get Pwned
  • Who to Call First, Second, and Third
  • What NOT to do When You Don’t Know How Badly You’ve Been Hit
  • Persistent Threats: Where They Hide, and How to Root Them Out

Session 6: Recover
Isolating and excluding an intruder is only half the battle. You still have to provide 9-1-1 service to the public. This section will provide a case study from a 2016 ransomware attack, and provide pointers to help you recover when an attacker targets YOU. Presentations include:

  • Operating an Impaired Service: Training for Real-World Limitations
  • Getting Back to Business: Strategies for a Quick Recovery