[Year 12 SofDev] Fwd: SANS NewsBites Vol. 21 Num. 072 : Russia’s Attack on Ukrainian Power Grid's Goal: Long-Term Physical Damage; Ransomware: New Targets and Baltimore CIO on Indefinite Leave

Bass, Gary S bass.gary.s at edumail.vic.gov.au
Fri Sep 13 23:54:27 UTC 2019 

Cyber security disaster recovery plan

SANS provides weekly summaries (an example is included) on the week’s security news. there are daily updates on the latest vulnerabilities.

SANS held an industry conference, free to educators, in Melbourne in August.

Gary
VSV

Sent from an iPad PRO

Begin forwarded message:

From: SANS NewsBites <newsbites at email.sans.org<mailto:newsbites at email.sans.org>>
Date: 14 September 2019 at 4:47:34 am AEST

Subject: SANS NewsBites Vol. 21 Num. 072 : Russia’s Attack on Ukrainian Power Grid's Goal: Long-Term Physical Damage; Ransomware: New Targets and Baltimore CIO on Indefinite Leave
Reply-To: SANS Institute <reply-feca117476650475-11678_HTML-106957115-7329836-566 at email.sans.org<mailto:reply-feca117476650475-11678_HTML-106957115-7329836-566 at email.sans.org>>

Baltimore CIO on Indefinite Leave Following Ransomware Attack
(September 10 & 11, 2019)

Baltimore (Maryland) CIO Frank Johnson is on indefinite leave. Johnson faced substantial criticism following the May 2019 ransomware attack. City officials noted a lack of transparency and communication in the wake of the attack and said that Johnson had not drawn up a continuity of operations plan for such an incident. The city is still cleaning up and recovering from the estimated $18m in revenue lost and recovery costs. The May attack was the second ransomware attack to hit Baltimore systems while Johnson was CIO.

Editor's Note

[Paller<https://www.sans.org/newsletters/newsbites/editorial-board#alan-paller>]
In a surprisingly large number of organizations, the ransomware epidemic has brought about a shift from compliance to continuous hygiene. Having a “clean bill of health” from a cybersecurity consultant no longer works. Senior executives know that those reports were neither comprehensive nor continuous nor sufficient to reflect adequate CISO performance. Cybersecurity hygiene is dull. It’s never ending. But building the partnership between security and IT operations staff that keeps every machine clean enough to withstand the low-powered attacks is the pathway to senior management support, even after something bad happens.

[Neely<https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely>]
The takeaway here is that this wave of ransomware attacks is making IT disaster preparedness even more important. IT organizations need to not only have a verified recovery plan, but also communication and backup procedures to bridge the gaps while services are offline. Involving senior management is also critical for support and transparency.

[Murray<https://www.sans.org/newsletters/newsbites/editorial-board#william-hugh-murray>]
Concur. And I would add that all accepted residual risk must be scrupulously documented.

Read more in:
- www.baltimorebrew.com<http://www.baltimorebrew.com/2019/09/10/frank-johnson-baltimores-it-chief-during-the-ransomware-attack-goes-on-leave/>: Frank Johnson, Baltimore’s IT chief during the ransomware attack, goes on leave
- statescoop.com<http://statescoop.com/baltimore-cio-on-leave-ransomware/>: Baltimore CIO, criticized for ransomware response, on leave
- www.govtech.com<http://www.govtech.com/people/Baltimore-CIO-Who-Managed-Ransomware-Response-on-Leave.html>: Baltimore CIO, Who Managed Ransomware Response, on Leave
IMPORTANT - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Training.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://edulists.com.au/pipermail/sofdev/attachments/20190913/0df2c8d2/attachment.html>

More information about the sofdev mailing list