The internet is a powerful and useful tool. However in the same way that you should not drive without buckling your seat belt or ride a bike without a helmet, you should not venture online without taking some basic precautions.
Cyber criminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment. The privacy and financial security of individuals are increasingly at risk due to the widespread collection of personal information. As a result, more than 30 States, – including Louisiana – have passed laws that require notifications to residents when personal information is compromised.
SB205 Act 499 – known as the Database Security Breach Notification Law – became effective on January 1, 2006 and requires notification to any Louisiana resident whose unencrypted personal information is, or is reasonably believed to have been acquired by an unauthorized person as a result of a security breach.
LA Database Breach Law - Any person that conducts business in the state shall, following discovery of a breach in the security of the system containing such data, notify any resident of the state whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
The LA-SAFE's Cyber Security Team is an integral part of the State's Fusion Center Cyber Fusion Unit.
- Originally formed in 2009
- First Fusion Center in the Nation to have cyber capabilities.
- Our nation is a cyber dependent nation with an every growing reliance on digital infrastructure.
- Every DHS Sector depends on cyber
So what happens when systems are compromised?
- The loss of PII
- The loss of intellectual property
- Services can become unavailable
- Possible destruction of property
- LA Database Breach Law Any person that conducts business in the state shall, following discovery of a breach in the security of the system containing such data, notify any resident of the state whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
- Cyber Criminals
- State Sponsored
- Children at a Greater Risk
- How is the state of your #SCADA systems like your electrical = grid? Or traffic management?
- What about chemical industry? Or can hackers switch some stuff that sends trains to another rail
- Two Basic Types: Attacks that exploit people; Attacks that exploit systems
- Phishing is a method to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity.
- It often uses a mix of emails and web sites that mimic well known and trusted brands. Examples are: Banks; Government Agencies; Shipping Companies and Current events - Death of Osama Bin Laden; Natural Disasters; The Super Bowl.
Attacks that Target Systems - Four Types:
- Denial of Service
- Distributed Denial of Service Attacks
- Brute Force
Precursors are events, such as physical surveillance, equipment theft, or stated threats. Indicators of planning or help to facilitate future activities, including cyber-attacks. Of particular concern would be theft of equipment that can communicate with Sector ICSs, such as radio gear or laptops.
The LA-SAFE Cyber Fusion Unit (LCFU) provides actionable cyber intelligence to LA-SAFE customers that can assist those customers in protecting their networks. LA-SAFE accomplishes this by collaborating with federal partners such as the U.S. Department of Homeland Security (DHS) Office of Intelligence & Analysis (I&A) Cyber Intelligence Analysis Division (CIAD), the National Cybersecurity and Communications Integration Center (NCCIC) and with the Federal Bureau of Investigation’s (FBI) Cyber Task Force. LA-SAFE also partners with Louisiana Higher Education institutions, the Cyber Intelligence Network (CIN) and private sector entities such as the Cyber Innovation Center located in Bossier City, Louisiana. Through this collaboration, the LCFU is able to identify malicious cyber actors operating from within or against Louisiana based networks and in violation of LRS 14:73.4 and 14:73.7.
Cyber security tips
- Use protection software “anti-virus software” and keep it up to date.
- Don’t open email from unknown sources.
- Use hard-to-guess passwords.
Protect your computer from Internet intruders – use “firewalls.”
Don’t share access to your computers with strangers.
Disconnect from the Internet when not in use.
Back up your computer data.
Regularly download security protection update “patches.”
Make sure your family members and/or your employees know what to do if your computer becomes infected. It’s important that everyone who uses a computer be aware of proper security practices. People should know how to update virus protection software, how to download security patches from software vendors and how to create a proper password.
How to Identify a Malicious Link?