TEEX Cyber Security Training Recap at BRADD
We often talk about cyber security as a journey, not a destination. It is critical to keep your tools sharp (or up-to-date) along that journey. To that end, at Commonwealth Sentinel, we practice what we preach.
Last week, I participated in two free DHS/FEMA- courses offered by Texas A&M Engineering Extension Service (TEEX) and the National Emergency Response and Recovery Training Center.
These were coordinated and hosted by the Barren River Area Development District. (BRADD) in Bowling Green, KY.
Wednesday was an 8-hour class on Understanding Targeted Cyber Attacks. Thursday was an 8-hour class on Physical and Cybersecurity for Critical Infrastructure.
It was great to spend two days with IT Directors, Emergency Management Directors, System Admins, and more from the counties of BRADD and others throughout the state. The organizations were county governments, school districts, EMS, health care, and more. In all, over 40 people were in attendance to learn more about cyber security. That was exciting for all of us in the cyber security arena!
I focus entirely on cyber security, but I learned a lot from these courses, from the TEEX instructors and classmates who are not full-time cyber security folks.
Some fascinating information I learned includes details on the attacks we have seen over the last few years. A post-mortem is a critical learning experience following a cyber attack to understand what happened and what can be done to prevent it.
Here are some significant, well-known cyber attacks that have some excellent lessons:
2018 City of Atlanta, GA: Hit with a ransomware attack. It ultimately cost them $2.7 million to recover, and they lost many years of data. I learned last week that 100 servers were running Windows 2003. Support for Win 2003 ended in 2015. Three years later and three years of unpatched vulnerabilities resulted in this catastrophic attack. Updating their servers would have prevented this attack.
2019 City of Baltimore, MD: Hit by a ransomware attack. It ultimately cost them $18 million to recover (even though the ransom was just $76,280). I learned that in April 2017, an NSA-developed computer exploit called Eternal Blue had been leaked. Upon learning of the leak, NSA notified Microsoft to release a patch to protect all Windows versions that were currently supported and even those that were unsupported. Having not patched for Eternal Blue two years later, Baltimore was hit. Again, updating their systems would have prevented this attack.
2021 City of Oldsmar, FL Water: The victim of an attempted poisoning in which someone tried to remotely try to raise the amount of lye to a lethal level. Fortunately, an on-site worker saw the activity happening online and was able to reverse it. I learned that the hacker used to access the system through a TeamViewer tool, which allows for remote work. It was no longer used by the water company but had not been removed. The lesson here is to keep an inventory of your organization’s software and remove software that is no longer needed.
2021 Colonial Pipeline: Hit with a ransomware attack on the systems that managed the pipeline that serves the Southeastern United States. I learned that the attack method came via an old VPN account that had not been disabled. Again, keep an inventory of the software and services your organization is using so that you can ensure those that are no longer needed, used, or supported are removed.
Physical and Cyber Attacks: Lastly, Physical and Cyber Attacks are not separate events. There are physical-enabled cyber attacks and cyber-enabled physical attacks. The critical understanding is that cyber attacks have actual, physical repercussions. That is why it is so important that everyone is involved in the protection process.
This is just a short list of the essential nuggets of information I gleaned from my time at BRADD last week and knowledge I will incorporate into our teachings and presentations.
I look forward to working with the wonderful folks I met across our Commonwealth. Keep up the excellent work, keep your tools sharp, and stay on the path! The journey is worth it!
Do you prioritize the safety and security of your organization? Allow Commonwealth Sentinel to be your partner in risk reduction and ensuring the well-being of all. Our comprehensive services range from software and hardware solutions to training and policy implementation. Contact us at (502) 320-9885 to learn more about how we can help you achieve peace of mind.