WA State Cyber Response


Published on

Published in: Technology, Business
  • Be the first to like this

WA State Cyber Response

  1. 1. Washington Military DepartmentCyber Perspectives and Response PlanningLt Col Gent WelshChief Information Officer/J6
  2. 2. Agenda• National Perspectives & Background• WA State Cyber Planning• Steady State/Significant Relationships• WA State Cyber CONOPS• Washington State Significant Cyber Incident Annex• Exercise Concepts• Accomplishments• Questions
  3. 3. National Perspectives– 9/11 Commission Report (22 July 2004, Chapter 11, Foresight and Hindsight):“We believe that the 9/11 attacks revealed four kinds of failures—inimagination, policy, capabilities, and management.”– Senator Joe Lieberman (14 Feb 12, Senate Floor): “I know it is February 14,2012, but I fear that when it comes to protecting America from cyber-attackit is September 10, 2001, and the question is whether we will confront thisexistential threat before it happens?”– Secretary of Defense Panetta (11 Oct 12, New York): “…the collective resultof these kind of attacks could be a cyber Pearl Harbor; an attack that wouldcause physical destruction and the loss of life. In fact, it would paralyze andshock the nation and create a new, profound sense of vulnerability.”– President Obama (21 Nov 12): “The cyber threat to critical infrastructurecontinues to grow and represents one of the most serious national securitychallenges we must confront.”– Defense Science Board (Jan 13): “The US cannot be confident that ourcritical IT systems will work under attack from a sophisticated and well-resourced opponent…”
  4. 4. Background• In Jan of 2012…– Washington State did not have a comprehensive strategy to confront thechallenges of cyber security– No “whole of government” dialogue on the issue– Any plans existed solely at the individual state agency level– Cyber was an IT problem…not an Operational issue– The Comprehensive Emergency Management Plan (CEMP) mentioned cybertwice in 119 pages– We lacked imagination, policy, capabilities, and management on the cyberissue• By March of 2012…– TAG/Homeland Security Advisor sponsored a Cyber Integrated Project Teamalong the lines of the Domestic Security Executive Group (DSEG) model– Used Emergency Support Function 2 (Communications) as the foundation– State CIO established “Security” as his #1 priority in Technology StrategyDocument
  5. 5. Washington State Cyber Integrated Project TeamTAG/Homeland Security Advisorrapidly organizing key stateagencies involved in cyberplanning, response, mitigationObjectives:1. Develop a Washington State CyberIncident Annex based on National CyberIncident Response Plan2. Develop a domestic Cyber Planning andResponse Concept of Operations thatcrosswalks National Guard cybercapabilities with state domestic cyberrequirements3. Create a “bottom up” state cyberresponse planning forum (requirements,capabilities, action plan) for others inFEMA Region X and nationally thatleverages the “Cyber Center ofExcellence” found in the PacificNorthwest…already accomplishing 8 of the 12 objectives inthe NGA “12 Steps to Secure Cyberspace”
  6. 6. Steady State - CyberDay to day operationsIndependent plans and processesLimited coordinationMultiple lines of communicationPrivate Industry Critical Infrastructure State Government Other Governments(County, Local)Department of HomelandSecurity(NCCIC)Military Department
  7. 7. Significant Event - CyberPost State of EmergencyCoordinated processesSimplified lines of communicationPrivate Industry Critical Infrastructure State Government Other Governments(County, Local)Department of HomelandSecurity(NCCIC)Military Department(Cyber Unified CoordinationGroup)
  8. 8. View Cyber as a ContinuumHow canthe NationalGuardsupport thedomesticcybercontinuum?• Disaster Recovery• Cyber Continuity ofGovernment (COOP)• Law Enforcement Support• Incident Response Teams• Forensics• Root Cause• Attribution• VulnerabilityIdentification andRemediation• System Security standard consultation• Compliance reviews• Exercise support• Project team
  9. 9. NG Domestic Cyber CONOPS – Now OPLAN• Defines the requirement• Matches requirement to NG capabilities• Addresses “cyber resource type” issues• Takes a holistic perspective
  10. 10. WA State Significant Cyber Incident AnnexCEMP designed as an “AllHazards” EmergencyManagement Plan- Domestic cyber issues managed as “AllHazard” along with other natural andmanmade disastersSignificant Cyber Incident Annex(Annex D - under development)- Working draft ready now- Validation during DHS tabletop exercisesin Sept and Nov 2013
  11. 11. Significant Cyber Incident Escalation PathwayCyber UCG Activation(CEMP Annex D - Cyber)State of EmergencyDeclaration(Significant Cyber Incident)EOC Activation(Local Govt or Private Sector)Addl Resources NeededCyber Incident(Not able to be contained locally)
  12. 12. Cyber Unified Coordination GroupGovernorCyber Unified Coordination GroupWMD/CIOOCIOTAG/HSAWSPCity ofSeattle/CISOWSFCFBICTS/CISOOperationsFinance/AdminLogisticsPlanningCoordinate resource requestsCyber Resource TypesSet prioritiesSet objectives•Prioritize, allocate, anddeconflict resources• Manage key Federaland State resources•Develop and maintainstatewide situationalawarenessIncident Site CommandMission Tasks/AssignmentsFederalAgencies/DODNationalGuardResources placed under direct control of recipientResources remaining under Federal/State controlLogistical support for integration and utilization of resourcesRegional Mutual AidCoordinatorsOperational Area EOCsand Mutual AidCoordinatorsOtherResourceTypesIncident Response TeamsCommandand controlof incidentresponseAffected CIKR Sectors
  13. 13. Cyber UCG Coordination FrameworkPrivate Industry Critical Infrastructure State Government Other Governments(County, Local)Department of HomelandSecurity(NCCIC)Cyber UnifiedCoordination GroupWA State EOCNSA/CYBERCOMFederalInteragencyResource TypesPriorities1. Prioritize, allocate, anddeconflict resources2. Manage key Federal and Stateresources3. Develop and maintain statewidesituational awareness
  14. 14. Cyber Exercises - 2013Dates: Sept and Nov 2013Locations: Fusion Center, participating sitesFacilitator/Planner: DHS, WMD, IndustryParticipants: Cyber UCG, DHS, CIKR Sector Reps(SnoPUD, Avista)Objectives:1. Validate WA State UCG Concept and WACIAplan2. Integrate actual WA CIKR (energy) sectorplayer3. Validate communications processes4. Develop WA state cyber resource types5. Validate WNG response CONOPS for asignificant cyber incident response
  15. 15. Accomplishments to dateFY12 DHS HLS Grant – $80k to OCIO for domesticcyber planning (June 12)– $40k matching funds to hire state Cyber PolicyCoordinator– $25k for National Guard penetration testing ofcyber critical infrastructure (in State ActiveDuty)– $15k to begin development of state-widecyber critical infrastructure response planDHS Cyberstorm IV exercise (14-15 Aug 12)– Hosted by WA Consolidated TechnologyServices– Capture issues/gaps for potential FY13 DHSgrant funding– Left participants “wanting more…”TAG/HSA appointment letter (1 Apr 13)– TAG/HSA “Senior Official” and MilitaryDepartment “Lead Agency” for Cyber coord
  16. 16. Three Final Points• The Washington Military Department/National Guard hasa unique role in domestic cyber…• Information sharing/formalize relationships• Partnerships, partnerships, partnerships…
  17. 17. Questions?