Weaving cyber events into emergency management plans
Dave Sweigert, CISSP, CISA, PMP
January, 2014

1/14/2014
Intended audience
• Cyber security personnel working with
emergency planners, Crisis Management
Teams (CMT), Emergency Ope...
Objective
• Assist cyber practitioners in leveraging
techniques to integrate cyber specific
plans into larger basic plans
...
BACKGROUND

1/14/2014
Different plans for different objectives
• Strategic, Operational, Tactical Plans
i.

Strategic – goals and objectives set...
Planning backdrop
• Comprehensive Preparedness Guide (CPG)
101, Developing and Maintaining
Emergency Operations Plans as a...
Plans that support and supplement
the comprehensive basic plan
•
•
•
•
•
•

Administrative Plans
Preparedness Plans
Contin...
Terms: CIKR, COOP , COG & DRP
Critical Infrastructure/Key Resources (CIKR)
Continuity of Operations (COOP)
Continuity of G...
Other plans orbiting the basic plan
• Organizational/agency specific plans
(planning can be to department level)
• Busines...
Emergency Operations Plans (EOPs)
• Potential integration with National Incident
Management System (NIMS) and National
Res...
EOPs:
• Identification of response and recovery
actions, agencies, key resources
• Direction, control, sequence of events
...
PLANNING PROCESS

1/14/2014
The Planning table
• Identify community partners (law
enforcement, utilities, colleges)
• Build relationship (cross-functi...
Planning process issues
• Get the right folks at the table
• Walk thru your organizational structure
• Develop common voca...
Best practices
•
•
•
•
•
•
•
•

Project objective (create living document)
Core planning team (stakeholders)
Project sched...
Project Management issues
• Need buy-in from top management
(compliance issues HIPAA, SOX, PCI)
• Scope statement (catalys...
Planning Characteristics
• Reduction of unknowns
• Continual process (living document)
• Appropriate actions based on what...
INTEGRATING
PLANS

1/14/2014
Integrated Emergency Planning
• Horizontal integration: developing
partnerships across your organization
• Synchronization...
Linkages to promote integration
• Conduct gap analysis to determine shortfalls
• Convert needs to capabilities (need 72 ho...
CONCLUSION

1/14/2014
Planning for the cyber incident
• Understand that the cyber event plan is
part of a broader integrated approach to
emergen...
About the author:
An Air Force veteran, Dave Sweigert acquired significant
security engineering experience with military a...
Upcoming SlideShare
Loading in …5
×

Integration of Cyber Events into Emergency Planning

707 views
517 views

Published on

Integration of Cyber Events into Emergency Planning

Published in: Technology, Business, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
707
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Integration of Cyber Events into Emergency Planning

  1. 1. Weaving cyber events into emergency management plans Dave Sweigert, CISSP, CISA, PMP January, 2014 1/14/2014
  2. 2. Intended audience • Cyber security personnel working with emergency planners, Crisis Management Teams (CMT), Emergency Operation Plan developers and business continuity planners relying on current best practices 1/14/2014
  3. 3. Objective • Assist cyber practitioners in leveraging techniques to integrate cyber specific plans into larger basic plans • Provide background in best practice planning processes • Foster inter-disciplinary dialogue in the emergency planning domain 1/14/2014
  4. 4. BACKGROUND 1/14/2014
  5. 5. Different plans for different objectives • Strategic, Operational, Tactical Plans i. Strategic – goals and objectives set by senior leadership ii. Ops – roles and responsibilities, integrated with partners (state, regional, local, contractors, utilities) iii. Tactical – personnel, equipment, resources (standard operating procedures (SOP)) 1/14/2014
  6. 6. Planning backdrop • Comprehensive Preparedness Guide (CPG) 101, Developing and Maintaining Emergency Operations Plans as a guide • Three types of threats: natural, adversarial, technology (cyber) • FEMA’s Emergency Support Function # 2 addresses cyber security (drafting ESF #18 Cyber) 1/14/2014
  7. 7. Plans that support and supplement the comprehensive basic plan • • • • • • Administrative Plans Preparedness Plans Continuity Plans Recovery Plans Mitigation Plans Prevention and Protection Plans 1/14/2014
  8. 8. Terms: CIKR, COOP , COG & DRP Critical Infrastructure/Key Resources (CIKR) Continuity of Operations (COOP) Continuity of Government (COG) Disaster Recovery Planning (DRP) (I.T. specific recovery) • DRP defines knowledge, skills and abilities of technical personnel • DRP defines specific guidelines to carryout specific functions • • • • 1/14/2014
  9. 9. Other plans orbiting the basic plan • Organizational/agency specific plans (planning can be to department level) • Business Continuity (memorandums of understanding/agreement (MOU/A)) • Business Safety plans (OSHA) • Hazard Mitigation (identified major threats, union strikes, terrorism) • Home Safety Plans for essential personnel (develop family preparedness mindset) 1/14/2014
  10. 10. Emergency Operations Plans (EOPs) • Potential integration with National Incident Management System (NIMS) and National Response Framework (NRF) • Describes how incidents are handled • Base plan (organization-wide) with hazard specific annexes (cyber specific) • Information sharing between private-public partners 1/14/2014
  11. 11. EOPs: • Identification of response and recovery actions, agencies, key resources • Direction, control, sequence of events • Specific communications procedures • Identify triggers and processes to activate personnel, resources, partners • Times, periods, anticipation of needs • Appendix (support material) • Annex (threat / capability specific) 1/14/2014
  12. 12. PLANNING PROCESS 1/14/2014
  13. 13. The Planning table • Identify community partners (law enforcement, utilities, colleges) • Build relationship (cross-functional) • Identify resources (needed capabilities) • Know the processes needed and specialized procedures to acquire timely resources (pre-existing vendor agreements) 1/14/2014
  14. 14. Planning process issues • Get the right folks at the table • Walk thru your organizational structure • Develop common vocabulary (avoid use of career specific jargon and buzz words) • Incentivizing participants: developing a “hook” to retain participants • Develop team around a planning scenario common to all participants (72 hour power black-out) 1/14/2014
  15. 15. Best practices • • • • • • • • Project objective (create living document) Core planning team (stakeholders) Project schedule (tasks, durations) Plan development (templates) Plan preparation and review Plan vetting and commentary Final draft reviewed in workshop Approval 1/14/2014
  16. 16. Project Management issues • Need buy-in from top management (compliance issues HIPAA, SOX, PCI) • Scope statement (catalyst) • Define clear objectives • Project manager’s role defined • Scope creep (focus on a functional plan) 1/14/2014
  17. 17. Planning Characteristics • Reduction of unknowns • Continual process (living document) • Appropriate actions based on what is likely to happen based on facts, typical behavior, capabilities • Training, education, exercises • Testing the plans, revise and improve 1/14/2014
  18. 18. INTEGRATING PLANS 1/14/2014
  19. 19. Integrated Emergency Planning • Horizontal integration: developing partnerships across your organization • Synchronization and integration of plans (your plan may be part of another) • Promotes complementary goals • Reduces fragmentation • Ensures common focus • Work out MOUs/MOAs (legal review) 1/14/2014
  20. 20. Linkages to promote integration • Conduct gap analysis to determine shortfalls • Convert needs to capabilities (need 72 hours of power  mobile generators with fuel) • Understand the missions of public-private partners (law enforcement, contractors) • Developing crosswalk of plan components with partner plans to improve integration • Identify all appropriate stakeholders 1/14/2014
  21. 21. CONCLUSION 1/14/2014
  22. 22. Planning for the cyber incident • Understand that the cyber event plan is part of a broader integrated approach to emergency management • Pre-response planning with partners can greatly reduce impact (ounce of prevention) of the event • Strive to ensure your cyber plan is integrated into the total response 1/14/2014
  23. 23. About the author: An Air Force veteran, Dave Sweigert acquired significant security engineering experience with military and defense contractors before earning two Masters’ degrees (Project Management and Information Security). He holds the Certified Information Security Systems Professional (CISSP), Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) certifications. Mr. Sweigert has over twenty years experience in information assurance, risk management, governance frameworks and litigation support. 1/14/2014

×