< Previous| tribalnetonline.com50FEATURE | IT SECURITY–RANSOMWAREKari Lombard (Cowlitz Tribe) has worked in the IT field since 2010. She is the Senior Systems Administrator for the Nisqually Tribe and adjunct faculty at Northwest Indian College. She is passionate about IT security and is completing her degree in Cybersecurity and Information Assurance at Western Governors University.ABOUT THE AUTHORRansomware is a type of malicious software (malware) used to encrypt important files and information. The intent is to extract a ransom payment from the victim in exchange for the encryption keys necessary to decrypt the affected data. In order to obfuscate the recipient of the ransom payment, victims are often required to remit payment via bitcoin or other cryptocurrencies. Ransom payment is not a guarantee of file recovery and most industry experts actually recommend against paying it.There are multiple vectors in which ransomware can spread. For example, a user may click on a malicious link in an email that appears to be from a genuine contact such as PayPal or Dropbox. This is a common distribution method for Locky ransomware. Another way is through the use of Trojans, a type of malware that presents itself as one type of application, while in reality, it performs other malicious actions. Booster & Cleaner Pro, an Android app, is one such Trojan that delivers LeakerLocker as its ransomware payload. Additionally, ransomware can also spread through the use of operating system vulnerability exploits. The WannaCry ransomware did just that by using a Windows exploit known as EternalBlue.Symptoms of a ransomware attack include password prompts when attempting to open a document or the file extension for a known document file type changing. For example, Microsoft Word documents have the file extension of .doc or .docx. A symptom of ransomware would be that a Microsoft Word document now shows a file extension of .lukitus instead of .doc.Although there has been a general uptick in this type of attack, tribes are especially vulnerable. Operating multimillion-dollar enterprises and managing economies that rival those of foreign nations, tribes are considered high-value targets. Even tribes that do not operate at such a scale need to be cognizant of this risk because there is a prevalent perception that tribes, in general, are very wealthy. In fact, a Washington State tribe reportedly was a victim of CryptoLocker ransomware in 2014. It is possible that other tribes have also been victimized by this type of attack but fail to report it due to concerns about privacy and tribal sovereignty.It is important that tribes recognize digital information as a tangible asset like any other asset they might manage and protect. Digital information includes tribal enrollment records and important financial documents. Loss of access to these pertinent files can pose a threat to the tribe’s ability to operate and assert their sovereignty.The single best proactive measure tribes can take against this threat is to implement routine scheduled data backups. When files become encrypted with ransomware, copies of the encrypted files can then be restored.A multi-layered security approach, however, is the best way to defend against this type and other types of attacks. This is especially true since ransomware spreads through diverse means, as mentioned previously. Such an approach would include the use of firewalls and spam filters to stop malicious emails as well as routinely scheduled updates to all information systems in use to prevent exploits like EternalBlue.A multi-layered security approach must also include important aspects like user security awareness training and a written security policy that identifies assets and defines the procedures for handling security incidents like ransomware attacks.Even with all possible preventative measures in place, it is still possible for a tribe to become the victim of ransomware. Steps must WHY TRIBES ARE TARGETEDRansomwarebe taken to contain the spread of ransomware and implement a recovery solution. Generally, these steps should include recognizing common ransomware symptoms, identifying and quarantining affected computers, remediating affected computers through the use of anti-malware software and other removal techniques, and then replacing encrypted files with those from backup. BYKARI LOMBARDSR. SYSTEM ADMINISTRATOR, IT SUPPORTNISQUALLY INDIAN TRIBEtribalnetonline.com |51FEATURE | TRIBALNETONLINE.COMFEATURE | TRIBALNETONLINE.COMFEATURE | TRIBALNETONLINE.ORGTRIBALNET MAGAZINE FALL 2017 | By the end of 2017, every U.S. state and territory chose to opt into the FirstNet plan to deploy the nationwide public safety broadband network. The unanimity of the states’ decision means that AT&T, in a public-private partnership with the First Responder Network Authority (FirstNet Authority), is able to speed deployment and ensure public safety entities get the fully interoperable network they asked for. As AT&T deploys the network, FirstNet will improve coverage and capacity in urban, suburban and rural locations. AT&T will also place 72 deployable assets throughout the country so they can be rapidly deployed to areas that need coverage such as remote response locations or in the event of large incidents or storm damage. These assets have already supported first responders during the massive Mallard fire in the Texas Panhandle and Hurricane Irma in Florida. With service available, agencies, jurisdictions and volunteers must decide if subscribing to FirstNet is the right decision. Many agencies across the United States have subscribed and are using the network to do their jobs more efficiently and effectively. Most recently, AT&T reported that nearly 1,500 public safety agencies across 52 states and territories have adopted FirstNet service. Among those early adopters were the Oglala Sioux Police Department, which serves the people of the Pine Ridge Indian Reservation in South Dakota. The department reports that prior to adopting FirstNet it had frequent communications issues due to limited connectivity within its police vehicles. In a press release, Robert Ecoffey, Oglala Sioux chief of police, said, “Moving to FirstNet enhances our ability to respond to the serious needs across the reservation for the protection of life and property on behalf of tribal members and the public.” FirstNet Authority CEO Mike Poth added, “For over 2 years, our tribal engagement team has worked alongside state officials to build relationships within Tribal Nations that help ensure FirstNet is deployed inclusive of the needs of tribal communities. We are pleased to see the Oglala Sioux Police Department move quickly to become early adopters and look forward to supporting their use of FirstNet.” FIRSTNET CORE IS LAUNCHED AND DEVICES AND APPLICATIONS APPROVED In March of 2018, AT&T delivered the FirstNet Core. As the first-ever nationwide LTE core infrastructure built for the nation’s first responder community, the core will keep public safety traffic separate from commercial traffic and enable end-to-end encryption of public safety’s data and voice transmissions. What that means is that a first responder will never be second in line for a signal, and everything sent and received over the network will be secure. The FirstNet Authority and AT&T have also been testing and validating devices and applications that run on FirstNet. The validation is a check to make sure devices and applications will perform the way public safety expects them to perform on the network. There are a number of devices and applications already approved for use on FirstNet with more being added each month.FirstNet is Here; Tribal Agencies Among Early Network SubscribersAGENCY UPDATE: FIRSTNETAfter years of planning and anticipation, FirstNet service is now available.AGENCY UPDATE | IRSTNETTO LEARN MORE ABOUT FIRSTNET SERVICE AND HOW IT MAY WORK FOR YOUR JURISDICTION OR DEPARTMENT, REACH OUT TO OUR STAFF OR VISIT FIRSTNET.GOV.MARGARET GUTIERREZ FirstNet Regional Tribal Government Liaison—East (Regions I-VIII) 202-738-8344 or margaret.gutierrez@firstnet.govADAM GEISLERFirstNet Regional Tribal Government Liaison—West (Regions IX-X))202-631-1188 or adam.geisler@firstnet.govFIRSTNET | AGENCY UPDATEPUBLIC SAFETY broadbandFEATURE | TRIBALNETONLINE.COM| tribalnetonline.com52The Leader in Cybersecurity and Software EngineeringWe work with government and industry to provide methods, technology, and training to prepare for and solve today’s software and cyber challenges: As a federally funded research and development center, founded in 1984, we provide neutral third-party insights and expertise in a trusted and confidential environment.Learn more at sei.cmu.edu or contact us at info@sei.cmu.edu or 888.201.4479• data analytics • incident response • IoT security• cyber workforce development • blockchain and cryptocurrency• insider threats • IT governance • agile methods • cloud security TRIBALNET MAGAZINE | FALL 2018A GROUP TOGETHER IS STRONGER THAN WORKING ALONEErin FontManaging Director, NATRC702-888-2729efont@infotech.comLarry FretzPractice Lead, NATRC702-574-4575lfretz@infotech.comNEW RESEARCH: BUILD EFFECTIVE LAND MANAGEMENT THROUGH GIS Based on a recent Info-Tech NATRC survey, GIS technology is not used effectively, with only 34% of Tribes using a centralized GIS service to the benefit of all Tribal departments. This research explains how Tribal governments responsible for the stewardship of their land and resources and the health and well-being of their people can successfully approach a GIS project.Establish whether your Tribe should implement or expand a Geographic Information System (GIS) for the widest benefit across all Tribal departments.ELEVATE YOUR TEAM TO THE NEXT LEVELBring the right resources to the table and make sure that your people have the right capabilities, tools, and time to achieve greatness.IT RESEARCH FOR THE TRIBAL COMMUNITYTransforming the Way Future Technology Decisions Are Madetribalnetonline.com |53| tribalnetonline.com54FEATURE | TRAININGTime and time again people question the value of training. Some concerns are: How do you measure the impact? We do not have time to spend taking classes. Why is it so difficult for people to learn on their own? How come we just don’t hire the skill we need? Are these issues valid enough to forgo training?What would happen if we changed the law and issued driver’s licenses with no training, no classroom time, no textbooks, no manuals, and not even a mentor to ask advice? Don’t get me wrong, we would still have an organized system with rules like go on green and stop on red, we just wouldn’t train anyone. We would allow people to bang around until they got the hang of it — on the job training. What do you think driving on the road with this system would be like? Consider the disarray. New drivers would cause mass chaos, we would have more accidents, deaths and injuries, higher insurance rates and a lot of other problems associated with a lack of understanding that came from training. The experienced drivers that suffered through on-the-job-training would have an understanding that new drivers lacked what they had, and would stay away from the newbies.So, is a traffic system much different than a business system? Not at all. Systems are designed to help people get somewhere as efficiently and effectively as possible without creating damage. For businesses to consider not providing training is like throwing employees into their jobs without any explanation of the organization’s rules or systems.SIGNS YOU NEED TRAININGDo you have high turnover? Instead of traffic accidents do you have scrap, mistakes, reworking and a decrease in quality? Poor customer service? Instead of experienced drivers avoiding new drivers, do you have senior employees who are shy of getting involved with changes and new hires? Do people seem to take a long time adapting to the culture? Do you have poor communication? Due to the age of today’s workforce, the Department of Labor (DOL) found that in the next 10 years the average organization will lose 30% of its workforce. When they leave, they will take with them 70% of their knowledge. If you replace 10 people a year the cost to the organization is One Million Dollars. OF THE U.S. WORKFORCE:51% are looking to leave their jobs (Gallup)34% plan to leave in the next 12 months (Mercer)74% of all workers are satisfied with their jobs; 66% are still open to new employment (Jobvite)COST OF ANNUAL SALARIES (ERE MEDIA)50% replacing entry-level 150% replacing midlevel employees 400% of replacing executives44% of Millennials say if given the choice, they will leave their employer in the next two years, even for less money (Deloitte) WHY HAVE A TRAINING PLANTraining that’s left up to individuals, is like our earlier example of what would happen if we let drivers be responsible for their own training. We can expect poor results, chaos and poor communication. Organizations need to take the lead in the development of their employees and have a training plan in place. 1. Create a skills or competency list for each job2. Consolidate similar skills.3. Separate needs into 3 categories: a. Awareness b. Usage c. Train others4. Determine how training will be delivered. a. CBT (Computer-Based Training) b. Instructor-led c. Outsourced vs. Internal5. Establish budget6. Determine training calendar7. Execute, plan, and reevaluateSUMMARYEarly in my career, I worked as an engineer for a Fortune 500 company. Our capital expense process was intense. If we were going to buy a $500,000 machine, we spent months reviewing vendors, we had teams looking over the delivery and after it arrived, we made sure we set up a great maintenance plan. Perhaps this a preview as to why I changed careers, but when I worked at the Fortune 500 company, I remember thinking my pay is $25,000 per year x 40 years until retirement = $1,000,000. Yet, the only time spent on “human capital” during my hiring process was an hour interview and a plant tour. Then I was told, “If you have any questions ask your boss.”Perhaps if we thought of people as million-dollar investments we would make sure that we have a really good maintenance plan in place to protect our investments. BYFRED BROWNPRESIDENT, QUANTUM SERVICES, INC MATT CLAYSENIOR PARTNER, QUANTUM SERVICES, INCMatt is an accomplished Senior Executive with fifteen years of expertise. He has worked in education, healthcare, and IT. Matt is the Director of PHS and Senior-Partner at Quantum Services. He also serves on many executive boards working to improve quality and service and help organizations save millions of dollars. Matt is married with five beautiful children. Fred has 35 years of consulting experience working to improve a diverse group of organizations in the US and abroad. Fred has been adjunct faculty for numerous universities, served on many boards, and holds degrees in Computer Science, Human Resources and Business. Fred is currently the President of Quantum Services. He is married with four children and six grandchildren. ABOUT THE AUTHORSThe Value ofTRAININGtribalnetonline.com |55TRIBALNET MAGAZINE | FALL 2018FEATURE | TRIBALNETONLINE.COMTRIBALNET MAGAZINE | FALL 2018TRIBALNET MAGAZINE | SPRING 2018THE POWER OF BROADBAND PARTNERSHIP: A TOOLKIT FOR LOCAL AND TRIBAL GOVERNMENTSThis toolkit provides an overview of common broadband partnership models and identifies several factors that communities should consider when developing a successful partnership. The goal of this toolkit is to equip communities with the know-how to implement their broadband projects with partners who can provide resources and expertise to ensure success. These partners should complement the Planning a Community Broadband Roadmap toolkit.PLANNING A COMMUNITY BROADBAND ROADMAP: A TOOLKIT FOR LOCAL AND TRIBAL GOVERNMENTSThis toolkit provides advice on developing a Community Broadband Roadmap for building broadband networks, enhancing public computer centers, expanding broadband to unserved areas, and encouraging public-private partnerships and promoting broadband connectivity to homes, businesses and institutions. The goal of this publication is to help communities expand broadband access locally to create jobs, improve educational opportunities, promote economic development, spur private investment and facilitate the delivery of essential social services to their citizens.SUSTAINING BROADBAND NETWORKS: A TOOLKIT FOR LOCAL AND TRIBAL GOVERNMENTSThis toolkit presents an action plan to maintain and sustain a broadband network. This guide contains best practices and lessons learned from broadband programs. The toolkit is meant to help local governments who enter into public-private partnerships and to help ISPs ensure that those networks are sustainable.TECHNICAL ASSISTANCE OVERVIEW: BROADBAND INFRASTRUCTURE & DIGITAL INCLUSIONNTIA’s BroadbandUSA team provides expert assistance and support to stakeholders who are interested in broadband infrastructure and digital inclusion programs that advance economic development, education and public safety initiatives.DIGITAL INCLUSION GUIDE: CONNECTIVITY WITH A PURPOSEDigital inclusion implies that individuals have access to robust broadband connections; Internet-enabled devices that meet their needs; and the skills to explore, create and succeed in the digital world. BroadbandUSA developed this resource to help leaders consider factors that could impact or influence their digital inclusion efforts.NTIA’s Broadband USA Shares Local and Tribal Government Resources to Expand Broadband Connectivity and Improve Digital InclusionAGENCY UPDATE: NTIAFOR MORE INFORMATION ON ACCESSING LOCAL AND GOVERNMENT TRIBAL TOOLKITS CONTACT:JEAN RICE Senior Program Specialist for Broadband 202-482-2614JRice@ntia.doc.govwww.ntia.doc.gov/broadbandusaBroadbandUSANational Telecommunications and Information AdministrationUnited States Department of CommerceAGENCY UPDATE | NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION (NTIA)| tribalnetonline.com56tribalnetonline.com |57Fiber optics! These words are immediately recognized as the highest level of physical connectivity for high-speed voice, video and data applications. The implementation of fiber optic technology allows tremendous flexibility for future expansion due to fiber’s tremendous bandwidth and performance advantages. Therefore, we must look at how it can be best utilized to provide current and future benefits. In this article, I will address the applications, benefits and opportunities fiber optic communications provides.While we look at fiber optics as a new technology, it has actually been over forty years since the first installations took place so the technology is quite mature. After Ted Maiman’s invention of the laser in 1960, Nobel Prize winner Charles Kao envisioned optical fibers in 1965 as the perfect medium for the transmission of optical signals. Since that time a series of worldwide design, installation and transmission standards have been invented, addressing the technology from components to systems. This ensures interoperability and forms the basis of worldwide communications through the implementation of this amazing technology.Today, most voice signals, video channels, high-speed data and internet and cellular signals are transmitted worldwide over optical fibers. What most people do not recognize is that even cellular calls are transmitted through fiber optic connectivity. The new 5G wireless systems require optical fiber connectivity and are made possible by the fibers’ immeasurable bandwidth.Advantages of fiber optics include extremely low signal loss (attenuation), high bandwidth (information capacity), and small size. This, combined with its immunity from electromagnetic interference (EMI) and radio frequency interference (RFI), means that it can be installed where other types of cable suffer signal loss and increased costs due to noise problems. The performance quality is the major reason that legacy Coax and DSL services continue to decline in signal quality while the fiber optics continue to improve.Fiber Optics and CommunicationsTHIS ARTICLE PROVIDES A STRATEGIC BENEFITS REALIZATION FRAMEWORK FOR MAXIMIZING IT’s STRATEGIC CONTRIBUTION The impact of the Internet and its value to how communications have changed is remarkable. Optical fibers can link buildings miles apart with a signal quality that is unheard of in twisted-pair, coaxial, microwave or satellite technologies. Applications include medical, gambling/gaming and engineering, which require real-time high signal quality. In addition to low latency (delay) transmission and high signal quality, optical fibers have the transmission quality of one error in every one billion bits transmitted. If you operate your own telephone services, optical fibers are directly linked to the multiplexers and can extend hundreds of miles without expensive regeneration. If not, your right of ways (ROW) has extreme value for service providers who wish to place optical cables on your lands. These options can create a significant financial return and need to be seriously reviewed. Optical fibers can also be used for video applications such as cable television (CATV) and Internet protocol TV (IPTV), and for security applications like CCTV.How about jobs and economics? If you would like to design, install, test and maintain your own fiber network, it does require training to understand all the components and system elements. However, your ability to operate and maintain your own network is worth the investment. Creating high-level skills for your members is a long-term benefit that comes as a reward for implementing the technology.Unlike other communication technologies, fiber optics has the bandwidth to adapt to new and future technologies. Without changing the optical cable, systems are easily updated by only having to replace the transmission equipment, which is typically located at end locations. One trend is Fiber to the Home (FTTH) installations, which are occurring at a massive rate worldwide. As more people work from home, watch video on demand, receive remote medical monitoring, and communicate through high-speed Internet data channels, it isn’t uncommon to have gigabit links to subscribers transmitted directly via optical cables. In my research I have found that FTTH adds an additional 3.1% value to a house connected. Even if it passes by a residence, the value is 1.8% higher. With all the opportunities that the Internet can provide, distance is no longer a limitation and those who wish to attend specialty online courses can find success if they are optically connected.Fiber optic technology already surrounds us. Whenever you watch a show, communicate by phone (landlines or cellular) or send an e-mail, it is through this amazing technology. Best yet, it provides a cost-effective solution for communications systems. These benefits allow system designers to plan networks that can handle communication needs well into the future. ABOUT THE AUTHORLarry Johnson, founder and president of FiberStory, has been at the forefront of the fiber optics industry since 1977. Over his three-plus-decade career in the telecommunications industry, Mr. Johnson has written over twenty courses on fiber optics, coordinated special events at conferences worldwide and is a member of many industry technology committees. He can be contacted at FiberStory@gmail.com and is available to address your questions about fiber optic technologies. www.Fiber-Story.comBYLARRY JOHNSONFOUNDER AND PRESIDENT OF FIBERSTORYTRIBAL TELECOM | FEATUREFEATURE | TRIBALNETONLINE.COM| tribalnetonline.com58tribalnetonline.com |59TRIBALNET MAGAZINE | FALL 2018Next >