SlideShare a Scribd company logo
1 of 25
Developing Emergency Support Function (ESF) no. 18
Dave Sweigert, EMS, CISSP, CISA, PMP
February, 2014

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Intended audience
• Managers of political sub-divisions, nonprofit organizations, corporations and
others tasked with planning for an
integrated response to a disaster or
emergency incident that may involve
issues related to cyber security or cyber
terrorism.

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Objective
• Provide awareness of cyber terrorism and
cyber warfare threats
• Create awareness of Emergency Support
Function no. 18 – Cyber Security/Response
• Highlight challenges to emergency
management of cyber events

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
BACKGROUND

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Evolving impacts of cyber attacks
• Cyber warfare activities
• Part of coordinated multi-disciplinary
attacks (bio, chemical, infrastructure)
• Disruption of critical infrastructure
• (grid down, loss of Internet, terrorism).

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
No longer just a “data breach” problem
• Public safety systems can be comprised
to put response activities in the dark
• Disruptions of public alert and warning
systems to increase terror in public
• Illegitimate social media hacks to provide
false and misleading press releases

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
CYBER WARFARE &
CYBER TERRORISM

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Dave Sweigert, EMS, PMP, CISA,
CISSP

2/1/2014
Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
EMERGENCY
MANAGEMENT (EM)
AND CYBER RESPONSE

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Coordinating cyber response
• Emergency Support Functions (ESFs)
provide buckets of disciplines to help
manage incident response
• ESF 18 – Cyber Security/Response – a
developing area to support comprehensive
emergency management with cyber
capabilities

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Emergency Support Function (ESF):
• ESFs provide for a coordinated response
• ESFs used to plan in all four (4) phases of
EM: Mitigation, Preparedness, Response,
Recovery
• ESFs offer a coordinating structure

• ESFs help coordinate information flow

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Emergency Support Function (ESF):
• ESF support for communications and
shared messaging to avoid contradictory
statements and assessments
• Promotes common operating picture
• Organizes and identifies overlapping
functions (e.g., ESF – 2 Communications)

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Emergency Support Function (ESF):
• ESFs are the grouping of governmental and
certain private sector capabilities into an
organizational structure to provide
support, resources, program
implementation, and services that are most
likely needed to save lives, protect
property and the environment, restore
essential services and critical
infrastructure, and help victims and
communities return to normal following
domestic incidents.
Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Traditional ESFs

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
UNDERSTANDING
CYBER RESPONSE
CAPABILITIES

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
ESF 18 – catalogue capabilities
• Rapid deployment of basic Internet
services following destruction of
infrastructure?

• Use of technical specialists to defend
against aggressive cyber attacks?
• Coordination of network monitoring and
restoral activities for critical public safety
systems (911 dispatch, radio, comm)?
Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
CONCLUSION

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
ESF 18 – Cyber Security / Response
• Developing area of Emergency
Management (EM)
• Understand the significance of cyber
warfare and cyber terrorism
• Build awareness of integrating cyber
response planning into overall EM plans
(EOPs, continuity plans, etc.)
Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014
About the author:
An Air Force veteran, Dave Sweigert acquired significant
security engineering experience with military and defense
contractors before earning two Masters’ degrees (Project
Management and Information Security).
He holds the following certifications: California Emergency
Management Specialist (EMS), Project Management
Professional (PMP) , Certified Information Security Systems
Professional (CISSP), and Certified Information Systems Auditor
(CISA).
Mr. Sweigert has over twenty years experience in information
assurance, risk management, governance frameworks and
litigation support.

Dave Sweigert, EMS, PMP, CISA, CISSP

2/1/2014

More Related Content

Viewers also liked

GAMBARAN TINGKAT KECEMASAN IBU HAMIL TRIMESTER III DALAM MENGHADAPI PERSALINA...
GAMBARAN TINGKAT KECEMASAN IBU HAMIL TRIMESTER III DALAM MENGHADAPI PERSALINA...GAMBARAN TINGKAT KECEMASAN IBU HAMIL TRIMESTER III DALAM MENGHADAPI PERSALINA...
GAMBARAN TINGKAT KECEMASAN IBU HAMIL TRIMESTER III DALAM MENGHADAPI PERSALINA...Warnet Raha
 
Latihan kecemasan 2014
Latihan kecemasan 2014Latihan kecemasan 2014
Latihan kecemasan 2014Munirah Ramli
 
Module 5 security
Module 5   securityModule 5   security
Module 5 securityIT
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBCapyn
 
TDL3 Rootkit Background
TDL3 Rootkit BackgroundTDL3 Rootkit Background
TDL3 Rootkit BackgroundDavid Sweigert
 
Overview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacksOverview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacksDavid Sweigert
 
Wireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksWireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksDavid Sweigert
 
Disaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDisaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDavid Sweigert
 
Russian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting InfrastructureRussian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting InfrastructureDavid Sweigert
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention  SP 800-83NIST Malware Attack Prevention  SP 800-83
NIST Malware Attack Prevention SP 800-83David Sweigert
 
Handbook for Cyber Incident Response
Handbook for Cyber Incident ResponseHandbook for Cyber Incident Response
Handbook for Cyber Incident ResponseDavid Sweigert
 
Psychology of the Insider Threat
Psychology of the Insider ThreatPsychology of the Insider Threat
Psychology of the Insider ThreatDavid Sweigert
 

Viewers also liked (15)

GKK Tindakan Kecemasan
GKK Tindakan KecemasanGKK Tindakan Kecemasan
GKK Tindakan Kecemasan
 
GAMBARAN TINGKAT KECEMASAN IBU HAMIL TRIMESTER III DALAM MENGHADAPI PERSALINA...
GAMBARAN TINGKAT KECEMASAN IBU HAMIL TRIMESTER III DALAM MENGHADAPI PERSALINA...GAMBARAN TINGKAT KECEMASAN IBU HAMIL TRIMESTER III DALAM MENGHADAPI PERSALINA...
GAMBARAN TINGKAT KECEMASAN IBU HAMIL TRIMESTER III DALAM MENGHADAPI PERSALINA...
 
TRIO BC/DR
TRIO BC/DRTRIO BC/DR
TRIO BC/DR
 
Latihan kecemasan 2014
Latihan kecemasan 2014Latihan kecemasan 2014
Latihan kecemasan 2014
 
Unit 4 e security
Unit 4 e securityUnit 4 e security
Unit 4 e security
 
Module 5 security
Module 5   securityModule 5   security
Module 5 security
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
 
TDL3 Rootkit Background
TDL3 Rootkit BackgroundTDL3 Rootkit Background
TDL3 Rootkit Background
 
Overview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacksOverview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacks
 
Wireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksWireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication Attacks
 
Disaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDisaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA framework
 
Russian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting InfrastructureRussian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting Infrastructure
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention  SP 800-83NIST Malware Attack Prevention  SP 800-83
NIST Malware Attack Prevention SP 800-83
 
Handbook for Cyber Incident Response
Handbook for Cyber Incident ResponseHandbook for Cyber Incident Response
Handbook for Cyber Incident Response
 
Psychology of the Insider Threat
Psychology of the Insider ThreatPsychology of the Insider Threat
Psychology of the Insider Threat
 

Similar to Awareness of Cyber Security - Response for Emergency Support Function 18 planning

Cyber Security Risk Assessment Awareness for Emergency Managers
Cyber Security Risk Assessment Awareness for Emergency ManagersCyber Security Risk Assessment Awareness for Emergency Managers
Cyber Security Risk Assessment Awareness for Emergency ManagersDavid Sweigert
 
Integration of Cyber Events into Emergency Planning
Integration of Cyber Events into Emergency PlanningIntegration of Cyber Events into Emergency Planning
Integration of Cyber Events into Emergency PlanningDavid Sweigert
 
Emergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative  UASI briefingEmergency Services Sector Cybersecurity Initiative  UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingDavid Sweigert
 
Meteo Risk Response Presentation at International Disaster and Risk Conferenc...
Meteo Risk Response Presentation at International Disaster and Risk Conferenc...Meteo Risk Response Presentation at International Disaster and Risk Conferenc...
Meteo Risk Response Presentation at International Disaster and Risk Conferenc...Global Risk Experts
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesShawn Tuma
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team   NIMS   Public CommentCyber Incident Response Team   NIMS   Public Comment
Cyber Incident Response Team NIMS Public CommentDavid Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team  -  NIMS  -  Public CommentCyber Incident Response Team  -  NIMS  -  Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsBigData_Europe
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Creating a Culture of Security
Creating a Culture of SecurityCreating a Culture of Security
Creating a Culture of SecurityTechSoup
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
ERM 1200 Introduction to Emergency ManagementModule 2 Chapter
ERM 1200 Introduction to Emergency ManagementModule 2 ChapterERM 1200 Introduction to Emergency ManagementModule 2 Chapter
ERM 1200 Introduction to Emergency ManagementModule 2 ChapterTanaMaeskm
 

Similar to Awareness of Cyber Security - Response for Emergency Support Function 18 planning (20)

Cyber Security Risk Assessment Awareness for Emergency Managers
Cyber Security Risk Assessment Awareness for Emergency ManagersCyber Security Risk Assessment Awareness for Emergency Managers
Cyber Security Risk Assessment Awareness for Emergency Managers
 
Integration of Cyber Events into Emergency Planning
Integration of Cyber Events into Emergency PlanningIntegration of Cyber Events into Emergency Planning
Integration of Cyber Events into Emergency Planning
 
Emergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative  UASI briefingEmergency Services Sector Cybersecurity Initiative  UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefing
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Securing Humanitarian Connectivity
Securing Humanitarian ConnectivitySecuring Humanitarian Connectivity
Securing Humanitarian Connectivity
 
Cyber Lead
Cyber LeadCyber Lead
Cyber Lead
 
CNDSP Assessment Template
CNDSP Assessment TemplateCNDSP Assessment Template
CNDSP Assessment Template
 
Meteo Risk Response Presentation at International Disaster and Risk Conferenc...
Meteo Risk Response Presentation at International Disaster and Risk Conferenc...Meteo Risk Response Presentation at International Disaster and Risk Conferenc...
Meteo Risk Response Presentation at International Disaster and Risk Conferenc...
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businesses
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team   NIMS   Public CommentCyber Incident Response Team   NIMS   Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team  -  NIMS  -  Public CommentCyber Incident Response Team  -  NIMS  -  Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
 
Creating a Culture of Security
Creating a Culture of SecurityCreating a Culture of Security
Creating a Culture of Security
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
ERM 1200 Introduction to Emergency ManagementModule 2 Chapter
ERM 1200 Introduction to Emergency ManagementModule 2 ChapterERM 1200 Introduction to Emergency ManagementModule 2 Chapter
ERM 1200 Introduction to Emergency ManagementModule 2 Chapter
 
CVSS
CVSSCVSS
CVSS
 
Fpc business prep 7 oct 2 final
Fpc business prep 7 oct 2 finalFpc business prep 7 oct 2 final
Fpc business prep 7 oct 2 final
 

More from David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting  Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisDavid Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterDavid Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner David Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityDavid Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartDavid Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTDavid Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackDavid Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTDavid Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals  2015  2nd editionNational Preparedness Goals  2015  2nd edition
National Preparedness Goals 2015 2nd editionDavid Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanDavid Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector  -  DHSCyber Risk Assessment for the Emergency Services Sector  -  DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSDavid Sweigert
 
Exam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIExam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIDavid Sweigert
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide  800-184NIST Cybersecurity Event Recovery Guide  800-184
NIST Cybersecurity Event Recovery Guide 800-184David Sweigert
 

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting  Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals  2015  2nd editionNational Preparedness Goals  2015  2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector  -  DHSCyber Risk Assessment for the Emergency Services Sector  -  DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 
Exam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIExam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level II
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide  800-184NIST Cybersecurity Event Recovery Guide  800-184
NIST Cybersecurity Event Recovery Guide 800-184
 

Recently uploaded

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfInfopole1
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kitJamie (Taka) Wang
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.IPLOOK Networks
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTopCSSGallery
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Alkin Tezuysal
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 

Recently uploaded (20)

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kit
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 

Awareness of Cyber Security - Response for Emergency Support Function 18 planning

  • 1. Developing Emergency Support Function (ESF) no. 18 Dave Sweigert, EMS, CISSP, CISA, PMP February, 2014 Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 2. Intended audience • Managers of political sub-divisions, nonprofit organizations, corporations and others tasked with planning for an integrated response to a disaster or emergency incident that may involve issues related to cyber security or cyber terrorism. Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 3. Objective • Provide awareness of cyber terrorism and cyber warfare threats • Create awareness of Emergency Support Function no. 18 – Cyber Security/Response • Highlight challenges to emergency management of cyber events Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 4. BACKGROUND Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 5. Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 6. Evolving impacts of cyber attacks • Cyber warfare activities • Part of coordinated multi-disciplinary attacks (bio, chemical, infrastructure) • Disruption of critical infrastructure • (grid down, loss of Internet, terrorism). Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 7. No longer just a “data breach” problem • Public safety systems can be comprised to put response activities in the dark • Disruptions of public alert and warning systems to increase terror in public • Illegitimate social media hacks to provide false and misleading press releases Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 8. CYBER WARFARE & CYBER TERRORISM Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 9. Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 10. Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 11. Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 12. Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 13. EMERGENCY MANAGEMENT (EM) AND CYBER RESPONSE Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 14. Coordinating cyber response • Emergency Support Functions (ESFs) provide buckets of disciplines to help manage incident response • ESF 18 – Cyber Security/Response – a developing area to support comprehensive emergency management with cyber capabilities Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 15. Emergency Support Function (ESF): • ESFs provide for a coordinated response • ESFs used to plan in all four (4) phases of EM: Mitigation, Preparedness, Response, Recovery • ESFs offer a coordinating structure • ESFs help coordinate information flow Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 16. Emergency Support Function (ESF): • ESF support for communications and shared messaging to avoid contradictory statements and assessments • Promotes common operating picture • Organizes and identifies overlapping functions (e.g., ESF – 2 Communications) Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 17. Emergency Support Function (ESF): • ESFs are the grouping of governmental and certain private sector capabilities into an organizational structure to provide support, resources, program implementation, and services that are most likely needed to save lives, protect property and the environment, restore essential services and critical infrastructure, and help victims and communities return to normal following domestic incidents. Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 18. Traditional ESFs Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 20. Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 21. Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 22. ESF 18 – catalogue capabilities • Rapid deployment of basic Internet services following destruction of infrastructure? • Use of technical specialists to defend against aggressive cyber attacks? • Coordination of network monitoring and restoral activities for critical public safety systems (911 dispatch, radio, comm)? Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 23. CONCLUSION Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 24. ESF 18 – Cyber Security / Response • Developing area of Emergency Management (EM) • Understand the significance of cyber warfare and cyber terrorism • Build awareness of integrating cyber response planning into overall EM plans (EOPs, continuity plans, etc.) Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014
  • 25. About the author: An Air Force veteran, Dave Sweigert acquired significant security engineering experience with military and defense contractors before earning two Masters’ degrees (Project Management and Information Security). He holds the following certifications: California Emergency Management Specialist (EMS), Project Management Professional (PMP) , Certified Information Security Systems Professional (CISSP), and Certified Information Systems Auditor (CISA). Mr. Sweigert has over twenty years experience in information assurance, risk management, governance frameworks and litigation support. Dave Sweigert, EMS, PMP, CISA, CISSP 2/1/2014