Technology Convergence November 28th, 8:30-9:30am GRB Room 310C Technology Convergence Panel: Cybersecurity Sponsored by:

Technology Convergence Panel CyberSecurity Don Pedersen Director, Technology Development Airbus Defense and Space ( https://www.airbusdshouston.com ) Holly Rollins Principal Director, Booz Allen Hamilton ( https://www.bah.com ) Experience: Lance Smith  CEO, Cyphre Security Solutions RigNet ( http://www.rig.net )

Technology Convergence Panel CyberSecurity “CyberSecurity is the protection of internet- connected systems, including hardware, software and data, from cyberattacks. In a computing context, security comprises cybersecurity and physical security -- both are used by enterprises to protect against unauthorized access to data centers and other computerized systems.” TechTarget, 2016

Technology Convergence Panel CyberSecurity In our world of Cloud infrastructures and services, Mobile devices and apps with internet connectivity and with AI (machine learning), CyberSecurity has grown into a critical knowledge base and skill for IT professionals. With the growing use of contract labor actively managing user accounts and access to business resources is a necessary practice for a good security posture. Ensure ex-employees accounts are disabled everywhere. The growing use of IOT devices in our infrastructures drives IT resources to constantly monitor for internet connections and data transfer when these devices “phone home” for updates. Even some COTS (Commercial Off The Shelf) managed 4-8 port network switches attempt to make connections if you don’t block them from the inside. Training of IT personnel will lead to an IT staff that thinks Cyber Defensive.

SESSION LEARNING OBJECTIVES Threat Awareness and Exposure What are we exposing and what threats are out there? Internal and External Testing Protecting from the inside and guarding from the outside Cyber Security Products and Services Leveraging Free and Enterprise-level Services and Products Security and Your Products Protecting client data within your own products ITAR and Export Controlled Data Good documentation and disciplined data transfer training

SESSION LEARNING OBJECTIVES Threat Awareness and Exposure What are we exposing and what threats are out there? Internal and External Testing Protecting from the inside and guarding from the outside Cyber Security Products and Services Leveraging Free and Enterprise-level Services and Products ITAR and Export Controlled Data Good documentation and disciplined data transfer training

Threat Awareness and Exposure Keep your software products and defenses up-to- date. Apply patches to systems that can be updated Isolate systems that can’t be patched with a network switch + firewall IT personnel should limit the exposure of externally accessible IPs and ports in your infrastructure to protect from outside attacks.

Threat Awareness and Exposure Carefully inspect and test all introduced software apps in a sandboxed environment before deploying enterprise-wide. Some simple desktop tools that people love to use connect to foreign countries and send out data. Stay up-to-date with the latest threats and take preventative measures.

SESSION LEARNING OBJECTIVES Threat Awareness and Exposure What are we exposing and what threats are out there? Internal and External Testing Protecting from the inside and guarding from the outside Cyber Security Products and Services Leveraging Free and Enterprise-level Services and Products ITAR and Export Controlled Data Good documentation and disciplined data transfer training

Internal and External Testing Regularly review routing and iptables rules internally. Utilize a sandbox environment for testing apps and monitor their behavior before deploying. Take advantage of local university resources for a cost-effective way to test your network from an independent perspective. Helps the university students by building practical experience and tests your defense with an independent view of your network responses.

Internal and External Testing Enterprise-level products should be used whenever possible for proactive internal scanning and monitoring of resources and connections Enterprise-level products should have the latest

SESSION LEARNING OBJECTIVES Threat Awareness and Exposure What are we exposing and what threats are out there? Internal and External Testing Protecting from the inside and guarding from the outside Cyber Security Products and Services Leveraging Free and Enterprise-level Services and Products ITAR and Export Controlled Data Good documentation and disciplined data transfer training

Cyber Security Products and Services Enterprise products are supported and have measures in place to deal with the latest threats. Spending $ on Enterprise-level products and support is worth the expense. Evaluate Enterprise products carefully and make the best choice for your company and security needs. Supplement your exposure testing with government provided DHS NCATS services. Free services for those that register. National Cybersecurity Assessments and Technical Services (NCATS) https://www.us-cert.gov/resources/ncats

Cyber Security Products and Services Network and IT infrastructure hardware Upgrade your hardware network-related products to ensure that each of your products is supported and updates are possible. Keep an eye on the latest trends and monitor for possible inclusion into your framework. There are a lot of great new emerging services related to secure transmission, encryption techniques, authentication and so on. Use these services if it solves a problem and adds value to your security posture. Evaluate these services and make sure that they fit your needs and complements your infrastructure.

SESSION LEARNING OBJECTIVES Threat Awareness and Exposure What are we exposing and what threats are out there? Internal and External Testing Protecting from the inside and guarding from the outside Cyber Security Products and Services Leveraging Free and Enterprise-level Services and Products ITAR and Export Controlled Data Good documentation and disciplined data transfer training

ITAR and Export Controlled Data Today most businesses interface with the global marketplace. When your business is involved in DoD contracts or interfacing and exchanging certain types of data or discussing design with foreign entities: Your workforce needs to be trained to recognize export- controlled technologies and technical data, and be equipped with the know-how and tools to comply with ITAR, EAR and DoD requirements, as well as industry best practices, for safeguarding sensitive information and combating cyber threats

ITAR and Export Controlled Data Secure your data, log all access to sensitive data, control access to physical locations of stored data and drawings. Log all e-mail exchanges and physically store all exchanges in file cabinets. Export control violations and fines can be very costly. Ensure your CyberSecurity plan involves measures to deal with ITAR and Export Controlled data.

QUESTIONS? THANK YOU