Assisted NC businesses in winning 3,408 contracts minimum value of $13.15 billion

Really, How “Real” is All The Cyber Stuff? SE Region Cyber Security & Technology Symposium (Aug 24, Chapel Hill)

Really, How “Real” is All This Cyber Stuff?
The Offices of United States Senator Richard Burr and United States Senator Thom Tillis, the North Carolina Defense Technology Transition Office (DEFTECH), the North Carolina Military Business Center, and the North Carolina Military Foundation are pleased to host the Southeast Region Cyber Security & Technology Symposium on August 24 in Chapel Hill, North Carolina.

WHEN.  August 24, 2017 from 0815-1630

WHERE.  University of North Carolina – Chapel Hill
The Friday Conference Center
100 Friday Center Drive
Chapel Hill, North Carolina  27599

 
REALLY HOW “REAL” IS ALL THIS CYBER STUFF? 

We have heard so much in the last several months about “cyber security” and “cyber attacks,” but does it really matter?  Absolutely!  Don’t be the next victim.  The following information is presented to increase your basic knowledge of cyber and perk your interest.   Want to learn more?   Sign up for the SE Region Cyber Security and Technology Seminar, 24 Aug 2017, in Chapel Hill.   

Cyber threats refer to persons who attempt unauthorized access to a control system device and/or network using a data communications pathway. This access can be directed from within an organization by trusted users or from remote locations by unknown persons using the Internet. Threats to control systems can come from numerous sources, including hostile governments, terrorist groups, disgruntled employees, and malicious intruders. (Categories of persons involved in various attempted cyber intrusions are listed at the end of this article.)
In addition to well-known cyber threats such as phishing, malware, virus, ransomware, follows are some documented attacks that have taken place and their impacts that you may find interesting. (Information taken from “Lights Out” by Andy Greenberg in the July 17, 2017 Magazine “Wired.”)
  • 2000.   Using only a laptop and a radio transmitter, a disgruntled employee shut off all of the facility controls of a wastewater plant in Australia and disrupted 150 pump stations unleashing over 200,000 gallons of raw sewage into parks, canals and the grounds of a major resort.
  • 2003.   In Ohio, the Slammer worm infected a nuclear power plant’s network from a contractor’s computer blocking controls for a reactor.
  • 2009.   Stuxnet malware penetrated Iranian uranium enrichment facilities destroying about 100,000 centrifuges by causing them to spin too fast.
  • Late 2014.    Hackers take control of several automated systems in a German Steel Mill, causing massive damage to one of the last furnaces that could not be shut down.
  • 22 May 2014.   CyberBerkut, a pro-Russian group, hacks the Ukraine’s presidential election.   The intrusion is caught and stopped just in time.
  • 21 Dec 2014.   Another Russian group, Gancy Bear, released malicious software that is used to track Ukrainian artillery locations.
  • 24 Oct 2015.   Cyber attack destroys videos and documents and takes down Ukraine’s largest broadcasting company, StarLightMedia and the other Ukraine media company, TRK.
  • 3 Dec 2015. For six hours, power is cut to 225,000 Ukrainians by hackers.
  • 15 Jan 2016.   Screens in Kiev’s Metro is hijacked by hackers who display images of a villan named Moriarty from the movie, Sherlock.
  • 6 Dec 2016.   Hackers delete terabytes of financial data on the Ukraine Ministry of Finance and State Treasury, and interrupt payments to state employees.
  • 13 Dec 2016. Ukraine’s Ministry of Defense Website is prevented from posting updates on the Russian Separatist conflict.
  • 14 Dec 2016. Cyberattack cripples Ukraine’s national railway system during the holiday season.
  • 17 Dec 2016. Hackers take out a fifth of Kiev’s electrical capacity.
Follows is a listing and description of various cyber security threats. Source: Government Accountability Office (GAO), Department of Homeland Security’s (DHS’s) Role in Critical Infrastructure Protection (CIP) Cybersecurity, GAO-05-434 (Washington, D.C.: May, 2005).
Bot-network operators: Bot-network operators are hackers; however, instead of breaking into systems for the challenge or bragging rights, they take over multiple systems in order to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available in underground markets (e.g., purchasing a denial-of-service attack, servers to relay spam, or phishing attacks, etc.).

Criminal groups:  Criminal groups seek to attack systems for monetary gain. Specifically, organized crime groups are using spam, phishing, and spyware/malware to commit identity theft and online fraud. International corporate spies and organized crime organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.

Foreign intelligence services:  Foreign intelligence services use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power – impacts that could affect the daily lives of U.S. citizens across the country.

Hackers:   Hackers break into networks for the thrill of the challenge or for bragging rights in the hacker community. While remote cracking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.
 
ABOUT THE EVENT.
Who Should Attend & Why?
  • Industry, government, academe, students, and individuals who want to gain current information and future business opportunities surrounding cyber security threats, trends, research & development, public-private partnerships, and defense contractor cyber requirements.
Conference Objectives:
  • Connect federal & state government cyber entities with the North Carolina “Cyber Ecosystem” through an informative cyber security program consisting of the following and including ample time for question and answer to address attendee concerns. 
    1. Cyber Threats: Commercial and Government
    2. Cyber Operational Perspectives: Commercial & Government
    3. Cyber Challenges, Trends & Research Needs
    4. Cyber Public – Private Partnerships
  • Introduction to Defense Contractor Cyber Requirements (DFARS § 252.204-7012 and NIST Special Publication 800-17).
Background: The United States faces growing threats from malicious actors who seek to compromise critical business, National infrastructure, and Defense information residing on various networks. Potential economic losses and damage to National Security are staggering. Every day there are over 10 million cyber attacks worldwide with an estimated annual cost of $100 billion. Millions of Americans have had their identities compromised. Businesses have had IP and financial data taken.   Government networks have been targeted. Ransomware recently caused some health care organizations to stop providing services, and individuals continue to be “attacked” with viruses, phishing, and ransomware.   As a result, the Department of Defense has mandated as of 31 December 2017 that defense contractors meet certain cyber security requirements to do business with the government. (DFARS 252.204-7012)

To protect our networks and defeat these threats, today more than ever, Industry and the Government rely on Public-Private Cybersecurity Collaboration to share cyber threat information, enhance the overall security of networks, reduce damage to critical programs, and increase cyber situational awareness. Department of Defense has established a Defense Industrial Base Cybersecurity Program that allows participants to share unclassified and classified cyber threat information in near-real time and respond to adversary activity. Shared information includes mitigation measures and cybersecurity best practices.
This Southeast Region Cyber Security & Technology Symposium will provide commercial and government entities information about operational cyber perspectives, threats, needs, teaming and business opportunities.   All businesses with IT & Cyber security capabilities, all businesses engaged in the federal market, government agencies, and R&D entities should attend.

Einstein was asked what he would do if he had 60 minutes to save the world. He replied that he would spend 55 minutes understanding the problem and 5 minutes solving it.
DON’T be caught short!   Come get the information you need to protect yourself and make the right cyber security decisions!





The NC Military Business Center, the NC Community College System, and the State of North Carolina do not officially endorse events. These items are posted strictly for the information and convenience of NCMBC customers.

website by Biz Tools One