SlideShare a Scribd company logo

Cascading Effects of Cybersecurity

Download as PPTX, PDF
Patrick Sheehan
Patrick Sheehan

Emergency Management perspective on the cascading impacts and interconnectedness that cyber brings between infrastructure sectors and ways that emergency managers can help identify and address gaps in preparedness and response capability.

Technology
1 of 31
Cascading Effects of Cyber Security on Ohio Patrick Sheehan, Plans Branch Chief (Interim) Ohio Emergency Management Agency September 19, 2012
Today’s Cyber Threat • Cyber threats to critical infrastructure continue to evolve: – Foreign nationalists – Criminals – Hackers – Disgruntled employees • Attacks on government have increased 680% over the past five years – Cyber incidents happen every day – Negative impact to both economic and national security – Loss of classified information and intellectual property worth millions The “cyber threat is one of the most serious economic and national security challenges we face as a nation…America’s economic prosperity in the 21st century will depend on cyber security.” – President Barack Obama
Planning Efforts • Cyber response requires a rapid response, which is highly dependent upon the development of trusted relationships between the public and private sector • May 2009 – Federal Cyberspace Policy Review document recommends development of cyber security incident response plans, but agencies have been slow to react • September 2010 – National Cyber Incident Response Plan (NCIRP) is developed by DHS, providing a federal strategy for coordinating operational response activities among all forms of government; however… • 85% of infrastructure is owned by the private sector No single agency has authority over cyberspace.
Critical Infrastructure Sectors • 17 sectors federally identified by Homeland Security Presidential Directive-7 (HSPD-7) in 2003 – An 18th sector, Critical Manufacturing, was added in 2008 • Similar to Emergency Support Functions within EMA, each sector is managed by a lead or Sector-Specific Agency (SSA) • In accordance with the National Infrastructure Protection Plan (NIPP), each SSA is responsible for: – Developing and implementing a Sector-Specific Plan (SSP) – Encouraging the development of appropriate information- sharing and analysis mechanisms throughout the sector
Critical Infrastructure Sectors • Food and Agriculture • Banking and Finance • Chemical Facilities • Commercial Facilities • Communications • Critical Manufacturing • Dams • Defense Industrial Base • Emergency Services • Energy • Government Facilities • Healthcare and Public Health • Information Technology • National Monuments and Icons* • Nuclear Reactors, Materials, and Waste • Postal and Shipping • Transportation Systems • Water *Not applicable to Ohio
Interdependencies and Cascading Effects
Food and Agriculture • Critical interdependencies with Water, Transportation, Energy, Banking and Finance, Chemical, Dams • Sector accounts for 1/5th of the nation's economic activity • 75,000 mostly privately owned farms in Ohio • Contributes $93 billion to state’s economy and 33.5K jobs • Ohio’s diagnostic labs play a vital role in health and human safety: – Reducing food-borne illness by 10% would keep about 5 million Americans from getting sick each year – Preventing a single fatal case of E. coli O157 infection saves an estimated $7 million • More farms with automated systems “on-line”
Banking and Finance • Critical interdependencies with Energy, Information Technology, Transportation Systems, and Communications Sectors • Especially vulnerable to large-scale power outages, echoing effects of natural disasters, and cyber attacks demonstrate the wide range of potential risks facing the sector • SSA – Ohio Department of Commerce • More than 4.5K Ohio-based financial institutions move money throughout and beyond the state and country • Public-private partnerships already in place – Financial Services-Information Sharing and Analysis Center (FS-ISAC • Highly-automated industry
Chemical Facilities • Dependent on, depended upon by, and interdependent with Communications, Critical Manufacturing, Emergency Services, Energy, Food and Agriculture, Healthcare and Public Health, Information Technology, Transportation Systems, and Water Sectors • Majority of industry is privately owned • Employs nearly 46K Ohioans; contributes $20 billion to state • Products are used in thousands of applications, including medical devices, food processing, construction materials, paints, paper, plastics, pharmaceuticals, electronics, water treatment, and clothing. • Highly-regulated and increasingly web-based processes
Commercial Facilities • Further sub-divided into: – Public assembly, sports league, gaming, lodging, outdoor events, entertainment and media, real estate, and retail venues • More vulnerable to cyber attacks because the general public can move freely throughout venues without the deterrent of highly visible security barriers • Majority of facilities are privately owned and operated, with minimal interaction with the Federal government and other regulatory entities. • Work closely with local law enforcement
Communications • Critical interdependencies with: – Energy, Information Technology, Banking and Finance, Emergency Services, and Postal and Shipping Sectors • Underlying backbone for all day-to-day operations – public sector, private sector, and non-profit • Providers routinely share facilities and technology to ensure interoperability, leading to shared cyber vulnerabilities • Again, the private sector are owners and operators of the majority of communications infrastructure • Public safety HIGHLY dependent upon this sector!
Critical Manufacturing • Added as a critical sector in 2008 • Critical interdependencies with all other sectors • Subdivided into Metal, Machinery, Electrical, and Transportation Manufacturing • Highly-automated, computerized manufacturing processes – More than $12.5 million recently approved for innovation in manufacturing technology through “Third Frontier Initiative” • Home to one of two “centroid” cities in the country (Dayton) – Within a one-day drive of 50% of North America’s population and near 70% of manufacturing capacity – Numerous seaports along Lake Erie
Dams • Critical interdependencies with Emergency Services, Energy, Food and Agriculture, Transportation Systems, and Water • More than 1550 dams in Ohio, from temporary to Class 4 (small to large) • More than half (65%) are privately owned; 85% regulated • Increasingly computerized systems provide economic, environmental, and social benefits including: – Hydroelectric power, river navigation, water supply, wildlife habitat, waste management, flood control, and recreation
Defense Industrial Base • Critical interdependencies with all other Sectors – Government is highly dependent upon this sector • Especially vulnerable to cyber attack due to nature of sector (military weapons manufacturing, research, & development) • Ohio is home to many bases, manufacturers, and research and development companies – GE Aviation, Joint Systems Manufacturing Center, Timken, Goodrich, Boeing, Honeywell, L3 Communications, Lockheed Martin, Armor Holdings • Dayton is designated as a national aerospace hub, ranking 5th in U.S. in production – Aircraft engine manufacturing accounts for nearly 75% – Wright-Patterson Air Force Base contributes $5.1 million to economy
Emergency Services • Critical interdependencies with Communications, Information Technology, and Transportation Systems • All other sectors depend upon the ESS for protection – Presents unique challenges in protecting the ESS itself • SSA – Ohio Department of Public Safety • Broken down into subcategories of: – Law Enforcement, Fire and Emergency Services, Emergency Management, Emergency Medical Services, and Public Works • Complex and dispersed nature of the sector makes it difficult to disable the entire nationwide system; HOWEVER, this presents challenges in coordinating emergency responses across disciplines, regions, and levels of government
Energy • Critical interdependencies with Transportation Systems – Highlighted by heavy reliance on pipelines to distribute products – All other sectors dependent upon Energy Sector for power and fuel • 80% privately owned • Many owners and operators have extensive experience abroad with infrastructure protection and have more recently focused their attention on strengthening industry cyber security • Ohio, or “The Solar Valley, is #2 in solar manufacturing • Home to Columbia Gas, Marathon, and AEP • 5th largest consumer of electricity in U.S. • “Shale Rush” (frocking) in last two years
Government Facilities • SSA – Ohio Department of Administrative Services • More vulnerable to cyber attacks because many facilities are open to the public for business activities, commercial transactions, or recreational activities; while others contain highly sensitive information, materials, processes, and equipment • In addition to physical structures, the sector includes cyber elements that contribute to the protection of assets • Education Facilities Subsector – pre-K through 12th grade schools, higher education, business and trade schools – Recent rise in “cyber charter” schools presenting their own set of concerns
Healthcare and Public Health • Critical interdependencies with Communications, Emergency Services, Energy, Food and Agriculture, Information Technology, Transportation Systems, and Water Sectors • SSA – Ohio Department of Health • Protects all sectors from hazards such as terrorism, infectious disease outbreaks, and other natural disasters • Collaboration and information sharing between the public and private sectors is essential to increasing resilience of the nation's HPH critical infrastructure. • Plays significant role in response and recovery across all other sectors in the event of disaster • Many medical manufacturers, pharmaceutical companies, and universities
Information Technology • Critical interdependencies with the Communications Sector, first and foremost (the internet); although all other sectors, and even the general public, are highly dependent upon the sector itself • SSA – Ohio Department of Administrative Services, OIT • Complex and dynamic environment makes identifying threats and assessing vulnerabilities difficult and requires that tasks be addressed in a collaborative and creative fashion • Operated by a combination of owners, operators, and associations that maintain and reconstitute networks • Ohio Supercomputer Center in Columbus is largest in country • Blurring of the lines between communications & IT providers
National Monuments & Icons • Not particularly applicable to Ohio, as our state has no nationally-recognized national monuments or icons located in or near it • Of more importance to national identity, as the sector is essentially composed of physical structures which are of greater vulnerability to intentional attacks. • While the public nature of the sector limits the range of protective measures available, there are minimal cyber issues associated with national monuments due to the nature of the mainly federally-owned assets
Nuclear Reactors, Materials, and Wastes • Critical interdependencies with Chemical, Energy, Healthcare and Public Health, and Transportation Systems Sectors • Highly regulated sector – Cyber security of sector is of utmost importance due to the nature of the sector – Cyber Systems Security Roadmap • Two nuclear power plants, both located along Lake Erie and owned by FirstEnergy: – Davis-Besse Nuclear Power Plant in Oak Harbor, pressurized water reactor, license expiring in 2017 – Perry Nuclear Power Plant in North Perry, one of largest boiling water plants in the country, license expiring in 2026
Postal and Shipping • Critical interdependencies with all sectors, in particular: – Banking and Finance, Commercial Facilities, Government Facilities, Healthcare and Public Health, Communications, Energy, Information Technology, and Transportation Systems Sectors • Highly regulated and concentrated sector, with only a handful of providers holding 90% of the market share • Assets include over 400 high-volume automated processing facilities, 40K local delivery units, 50K transport vehicles, and dedicated information and communications networks • Vulnerable to cyber attacks because the sector delivers to virtually all state, national, and international ports
Transportation Systems • Critical interdependencies with all sectors • Six key subsectors, or modes: – Aviation, Highway Infrastructure and Motor Carrier, Maritime Transportation Systems, Mass Transit and Passenger Rail, Pipeline Systems, Freight Rail • Many national transportation companies and 99 airports • Increasing cyber concerns, as automated public transit has seen a 4%-10% increase (depending upon metro area) in recent years, due to rising fuel costs
Water • Critical interdependencies with all sectors, specifically: – Energy, Food and Agriculture, Transportation Systems, Emergency Services, Healthcare and Public Health • Includes both drinking water and wastewater utilities • Approximately 84% of the U.S. population receives their potable water from drinking water systems; 75% have their sanitary sewerage treated by wastewater systems – Roughly 5,000 facilities service 10.8 million Ohioans • Vulnerable to cyber attacks due to high automation. Disruptions could result in illness, casualties, or denial of service that would impact public health and economic vitality.
Implications on Infrastructure • Increased Online Control = Greater Vulnerability – Electrical power grids – Water and transportation systems – Oil pipelines – Refineries – Power-generation plants – Water/Wastewater plants • Aging infrastructure is more vulnerable to sophisticated cyber crime
Implications on Infrastructure “When transformers fail, so too will water distribution, waste management, transportation, communications, and many emergency and government services…Given the average of twelve month lead that is require to replace a damaged transformer today with a new one the economic and society disruption would be enormous.” –Dr. Stephen Flynn, Northeastern University
Connecting Ohio’s Infrastructure • Strengthening our cyber security is imperative because of the delicate balance between critical infrastructure sectors. A cyber attack on one sector can have cascading effects across all 18 infrastructure sectors. • More public-private partnerships in the following sectors: – Banking and Finance – Commercial Facilities – Critical Manufacturing – Defense Industrial Base – Energy – Information Technology – Postal and Shipping • Interdependencies among the critical sectors have been identified; however, a means to strengthen them must be developed
Moving Forward • Cyber security will play a greater role on emergency in the foreseeable future as cyber attacks continue to grow in numbers and sophistication • Consider societal, technological, and environmental changes in planning • Understand the impacts of new technology and how best to implement it • Incorporate cyber security into governance and response plans • Seek technologically-savvy employees who can model data, run analytics, and track mission effectiveness to enhance decision-making • Build interdependent information technology capabilities with redundancies • Incorporate technologies based on simulation into exercises It is imperative that we all work together – government, private sector, non- profit, and the public
Questions? Patrick Sheehan, Plans Branch Chief (Interim) Ohio Emergency Management Agency (614) 799-3693 Office pcsheehan@dps.state.oh.us Thank You

Recommended

Form and genre
Form and genreForm and genre
Form and genre
SDewhirstmedia
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
lines12
 
Poster mock-1
Poster mock-1Poster mock-1
Poster mock-1
charliewhitmore
 
Resume
ResumeResume
Resume
Robert Davidson
 
James et al (2015) Physiological responses to incremental exercise in the he...
James et al (2015) Physiological responses to incremental exercise in the he...James et al (2015) Physiological responses to incremental exercise in the he...
James et al (2015) Physiological responses to incremental exercise in the he...
Carl James
 
Crear innovar... otra perspectiva
Crear innovar... otra perspectivaCrear innovar... otra perspectiva
Crear innovar... otra perspectiva
Docente en Universidad Tecnológica del Perú
 
La Amanezca Photo Gallery
La Amanezca Photo GalleryLa Amanezca Photo Gallery
La Amanezca Photo Gallery
guestddffb7
 
Universida nacional de chimborazo
Universida nacional de chimborazoUniversida nacional de chimborazo
Universida nacional de chimborazo
Danii Parra
 

Recommended

Form and genre
Form and genreForm and genre
Form and genre
SDewhirstmedia
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
lines12
 
Poster mock-1
Poster mock-1Poster mock-1
Poster mock-1
charliewhitmore
 
Resume
ResumeResume
Resume
Robert Davidson
 
James et al (2015) Physiological responses to incremental exercise in the he...
James et al (2015) Physiological responses to incremental exercise in the he...James et al (2015) Physiological responses to incremental exercise in the he...
James et al (2015) Physiological responses to incremental exercise in the he...
Carl James
 
Crear innovar... otra perspectiva
Crear innovar... otra perspectivaCrear innovar... otra perspectiva
Crear innovar... otra perspectiva
Docente en Universidad Tecnológica del Perú
 
La Amanezca Photo Gallery
La Amanezca Photo GalleryLa Amanezca Photo Gallery
La Amanezca Photo Gallery
guestddffb7
 
Universida nacional de chimborazo
Universida nacional de chimborazoUniversida nacional de chimborazo
Universida nacional de chimborazo
Danii Parra
 
PORTADA
PORTADAPORTADA
PORTADA
Cristhian Villa
 
토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천
토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천
토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천
dsvfgdgf
 
Form and genre poster
Form and genre posterForm and genre poster
Form and genre poster
James Lockton
 
Delia Martin Resume 1
Delia Martin Resume 1Delia Martin Resume 1
Delia Martin Resume 1
Delia Martin BSN, RN
 
Configuracion ap
Configuracion apConfiguracion ap
Configuracion ap
David Antonio Rapri Mendoza
 
ประวัติส่วนตัว
ประวัติส่วนตัวประวัติส่วนตัว
ประวัติส่วนตัว
tkd18190075
 
Stacey Phaneuf - Resume
Stacey Phaneuf - ResumeStacey Phaneuf - Resume
Stacey Phaneuf - Resume
Stacey Phaneuf, BSN
 
ประว ต
ประว ต ประว ต
ประว ต
tkd18190075
 
Ensayo (casa unifamiliar).
Ensayo (casa unifamiliar).Ensayo (casa unifamiliar).
Ensayo (casa unifamiliar).
Josee Gutierrez
 
Tugas ii (dasar perencanaan poros)
Tugas ii (dasar perencanaan poros)Tugas ii (dasar perencanaan poros)
Tugas ii (dasar perencanaan poros)
Rinaldi Sihombing
 
Presentacion del Portafolio
Presentacion del PortafolioPresentacion del Portafolio
Presentacion del Portafolio
Cristhian Villa
 
Axiologia
AxiologiaAxiologia
Axiologia
EscuelaDerechoCsJuridicas
 
Women empowerment
Women empowermentWomen empowerment
Women empowerment
kumarijulee
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Bhuvaneswari Subramani
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
 

More Related Content

Viewers also liked

토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천
토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천
토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천
dsvfgdgf
 
ประวัติส่วนตัว
ประวัติส่วนตัวประวัติส่วนตัว
ประวัติส่วนตัว
tkd18190075
 
ประว ต
ประว ต ประว ต
ประว ต
tkd18190075
 

Viewers also liked (13)

PORTADA
PORTADAPORTADA
PORTADA
 
토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천
토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천
토토추천 토토추천 =*=*=*= Too93.com =*=*=*= 토토추천 토토추천
 
Form and genre poster
Form and genre posterForm and genre poster
Form and genre poster
 
Delia Martin Resume 1
Delia Martin Resume 1Delia Martin Resume 1
Delia Martin Resume 1
 
Configuracion ap
Configuracion apConfiguracion ap
Configuracion ap
 
ประวัติส่วนตัว
ประวัติส่วนตัวประวัติส่วนตัว
ประวัติส่วนตัว
 
Stacey Phaneuf - Resume
Stacey Phaneuf - ResumeStacey Phaneuf - Resume
Stacey Phaneuf - Resume
 
ประว ต
ประว ต ประว ต
ประว ต
 
Ensayo (casa unifamiliar).
Ensayo (casa unifamiliar).Ensayo (casa unifamiliar).
Ensayo (casa unifamiliar).
 
Tugas ii (dasar perencanaan poros)
Tugas ii (dasar perencanaan poros)Tugas ii (dasar perencanaan poros)
Tugas ii (dasar perencanaan poros)
 
Presentacion del Portafolio
Presentacion del PortafolioPresentacion del Portafolio
Presentacion del Portafolio
 
Axiologia
AxiologiaAxiologia
Axiologia
 
Women empowerment
Women empowermentWomen empowerment
Women empowerment
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

Cascading Effects of Cybersecurity

  • 1. Cascading Effects of Cyber Security on Ohio Patrick Sheehan, Plans Branch Chief (Interim) Ohio Emergency Management Agency September 19, 2012
  • 2. Today’s Cyber Threat • Cyber threats to critical infrastructure continue to evolve: – Foreign nationalists – Criminals – Hackers – Disgruntled employees • Attacks on government have increased 680% over the past five years – Cyber incidents happen every day – Negative impact to both economic and national security – Loss of classified information and intellectual property worth millions The “cyber threat is one of the most serious economic and national security challenges we face as a nation…America’s economic prosperity in the 21st century will depend on cyber security.” – President Barack Obama
  • 3.
  • 4. Planning Efforts • Cyber response requires a rapid response, which is highly dependent upon the development of trusted relationships between the public and private sector • May 2009 – Federal Cyberspace Policy Review document recommends development of cyber security incident response plans, but agencies have been slow to react • September 2010 – National Cyber Incident Response Plan (NCIRP) is developed by DHS, providing a federal strategy for coordinating operational response activities among all forms of government; however… • 85% of infrastructure is owned by the private sector No single agency has authority over cyberspace.
  • 5. Critical Infrastructure Sectors • 17 sectors federally identified by Homeland Security Presidential Directive-7 (HSPD-7) in 2003 – An 18th sector, Critical Manufacturing, was added in 2008 • Similar to Emergency Support Functions within EMA, each sector is managed by a lead or Sector-Specific Agency (SSA) • In accordance with the National Infrastructure Protection Plan (NIPP), each SSA is responsible for: – Developing and implementing a Sector-Specific Plan (SSP) – Encouraging the development of appropriate information- sharing and analysis mechanisms throughout the sector
  • 6. Critical Infrastructure Sectors • Food and Agriculture • Banking and Finance • Chemical Facilities • Commercial Facilities • Communications • Critical Manufacturing • Dams • Defense Industrial Base • Emergency Services • Energy • Government Facilities • Healthcare and Public Health • Information Technology • National Monuments and Icons* • Nuclear Reactors, Materials, and Waste • Postal and Shipping • Transportation Systems • Water *Not applicable to Ohio
  • 8. Food and Agriculture • Critical interdependencies with Water, Transportation, Energy, Banking and Finance, Chemical, Dams • Sector accounts for 1/5th of the nation's economic activity • 75,000 mostly privately owned farms in Ohio • Contributes $93 billion to state’s economy and 33.5K jobs • Ohio’s diagnostic labs play a vital role in health and human safety: – Reducing food-borne illness by 10% would keep about 5 million Americans from getting sick each year – Preventing a single fatal case of E. coli O157 infection saves an estimated $7 million • More farms with automated systems “on-line”
  • 9. Banking and Finance • Critical interdependencies with Energy, Information Technology, Transportation Systems, and Communications Sectors • Especially vulnerable to large-scale power outages, echoing effects of natural disasters, and cyber attacks demonstrate the wide range of potential risks facing the sector • SSA – Ohio Department of Commerce • More than 4.5K Ohio-based financial institutions move money throughout and beyond the state and country • Public-private partnerships already in place – Financial Services-Information Sharing and Analysis Center (FS-ISAC • Highly-automated industry
  • 10. Chemical Facilities • Dependent on, depended upon by, and interdependent with Communications, Critical Manufacturing, Emergency Services, Energy, Food and Agriculture, Healthcare and Public Health, Information Technology, Transportation Systems, and Water Sectors • Majority of industry is privately owned • Employs nearly 46K Ohioans; contributes $20 billion to state • Products are used in thousands of applications, including medical devices, food processing, construction materials, paints, paper, plastics, pharmaceuticals, electronics, water treatment, and clothing. • Highly-regulated and increasingly web-based processes
  • 11. Commercial Facilities • Further sub-divided into: – Public assembly, sports league, gaming, lodging, outdoor events, entertainment and media, real estate, and retail venues • More vulnerable to cyber attacks because the general public can move freely throughout venues without the deterrent of highly visible security barriers • Majority of facilities are privately owned and operated, with minimal interaction with the Federal government and other regulatory entities. • Work closely with local law enforcement
  • 12. Communications • Critical interdependencies with: – Energy, Information Technology, Banking and Finance, Emergency Services, and Postal and Shipping Sectors • Underlying backbone for all day-to-day operations – public sector, private sector, and non-profit • Providers routinely share facilities and technology to ensure interoperability, leading to shared cyber vulnerabilities • Again, the private sector are owners and operators of the majority of communications infrastructure • Public safety HIGHLY dependent upon this sector!
  • 13. Critical Manufacturing • Added as a critical sector in 2008 • Critical interdependencies with all other sectors • Subdivided into Metal, Machinery, Electrical, and Transportation Manufacturing • Highly-automated, computerized manufacturing processes – More than $12.5 million recently approved for innovation in manufacturing technology through “Third Frontier Initiative” • Home to one of two “centroid” cities in the country (Dayton) – Within a one-day drive of 50% of North America’s population and near 70% of manufacturing capacity – Numerous seaports along Lake Erie
  • 14. Dams • Critical interdependencies with Emergency Services, Energy, Food and Agriculture, Transportation Systems, and Water • More than 1550 dams in Ohio, from temporary to Class 4 (small to large) • More than half (65%) are privately owned; 85% regulated • Increasingly computerized systems provide economic, environmental, and social benefits including: – Hydroelectric power, river navigation, water supply, wildlife habitat, waste management, flood control, and recreation
  • 15. Defense Industrial Base • Critical interdependencies with all other Sectors – Government is highly dependent upon this sector • Especially vulnerable to cyber attack due to nature of sector (military weapons manufacturing, research, & development) • Ohio is home to many bases, manufacturers, and research and development companies – GE Aviation, Joint Systems Manufacturing Center, Timken, Goodrich, Boeing, Honeywell, L3 Communications, Lockheed Martin, Armor Holdings • Dayton is designated as a national aerospace hub, ranking 5th in U.S. in production – Aircraft engine manufacturing accounts for nearly 75% – Wright-Patterson Air Force Base contributes $5.1 million to economy
  • 16. Emergency Services • Critical interdependencies with Communications, Information Technology, and Transportation Systems • All other sectors depend upon the ESS for protection – Presents unique challenges in protecting the ESS itself • SSA – Ohio Department of Public Safety • Broken down into subcategories of: – Law Enforcement, Fire and Emergency Services, Emergency Management, Emergency Medical Services, and Public Works • Complex and dispersed nature of the sector makes it difficult to disable the entire nationwide system; HOWEVER, this presents challenges in coordinating emergency responses across disciplines, regions, and levels of government
  • 17. Energy • Critical interdependencies with Transportation Systems – Highlighted by heavy reliance on pipelines to distribute products – All other sectors dependent upon Energy Sector for power and fuel • 80% privately owned • Many owners and operators have extensive experience abroad with infrastructure protection and have more recently focused their attention on strengthening industry cyber security • Ohio, or “The Solar Valley, is #2 in solar manufacturing • Home to Columbia Gas, Marathon, and AEP • 5th largest consumer of electricity in U.S. • “Shale Rush” (frocking) in last two years
  • 18. Government Facilities • SSA – Ohio Department of Administrative Services • More vulnerable to cyber attacks because many facilities are open to the public for business activities, commercial transactions, or recreational activities; while others contain highly sensitive information, materials, processes, and equipment • In addition to physical structures, the sector includes cyber elements that contribute to the protection of assets • Education Facilities Subsector – pre-K through 12th grade schools, higher education, business and trade schools – Recent rise in “cyber charter” schools presenting their own set of concerns
  • 19. Healthcare and Public Health • Critical interdependencies with Communications, Emergency Services, Energy, Food and Agriculture, Information Technology, Transportation Systems, and Water Sectors • SSA – Ohio Department of Health • Protects all sectors from hazards such as terrorism, infectious disease outbreaks, and other natural disasters • Collaboration and information sharing between the public and private sectors is essential to increasing resilience of the nation's HPH critical infrastructure. • Plays significant role in response and recovery across all other sectors in the event of disaster • Many medical manufacturers, pharmaceutical companies, and universities
  • 20. Information Technology • Critical interdependencies with the Communications Sector, first and foremost (the internet); although all other sectors, and even the general public, are highly dependent upon the sector itself • SSA – Ohio Department of Administrative Services, OIT • Complex and dynamic environment makes identifying threats and assessing vulnerabilities difficult and requires that tasks be addressed in a collaborative and creative fashion • Operated by a combination of owners, operators, and associations that maintain and reconstitute networks • Ohio Supercomputer Center in Columbus is largest in country • Blurring of the lines between communications & IT providers
  • 21. National Monuments & Icons • Not particularly applicable to Ohio, as our state has no nationally-recognized national monuments or icons located in or near it • Of more importance to national identity, as the sector is essentially composed of physical structures which are of greater vulnerability to intentional attacks. • While the public nature of the sector limits the range of protective measures available, there are minimal cyber issues associated with national monuments due to the nature of the mainly federally-owned assets
  • 22. Nuclear Reactors, Materials, and Wastes • Critical interdependencies with Chemical, Energy, Healthcare and Public Health, and Transportation Systems Sectors • Highly regulated sector – Cyber security of sector is of utmost importance due to the nature of the sector – Cyber Systems Security Roadmap • Two nuclear power plants, both located along Lake Erie and owned by FirstEnergy: – Davis-Besse Nuclear Power Plant in Oak Harbor, pressurized water reactor, license expiring in 2017 – Perry Nuclear Power Plant in North Perry, one of largest boiling water plants in the country, license expiring in 2026
  • 23. Postal and Shipping • Critical interdependencies with all sectors, in particular: – Banking and Finance, Commercial Facilities, Government Facilities, Healthcare and Public Health, Communications, Energy, Information Technology, and Transportation Systems Sectors • Highly regulated and concentrated sector, with only a handful of providers holding 90% of the market share • Assets include over 400 high-volume automated processing facilities, 40K local delivery units, 50K transport vehicles, and dedicated information and communications networks • Vulnerable to cyber attacks because the sector delivers to virtually all state, national, and international ports
  • 24. Transportation Systems • Critical interdependencies with all sectors • Six key subsectors, or modes: – Aviation, Highway Infrastructure and Motor Carrier, Maritime Transportation Systems, Mass Transit and Passenger Rail, Pipeline Systems, Freight Rail • Many national transportation companies and 99 airports • Increasing cyber concerns, as automated public transit has seen a 4%-10% increase (depending upon metro area) in recent years, due to rising fuel costs
  • 25. Water • Critical interdependencies with all sectors, specifically: – Energy, Food and Agriculture, Transportation Systems, Emergency Services, Healthcare and Public Health • Includes both drinking water and wastewater utilities • Approximately 84% of the U.S. population receives their potable water from drinking water systems; 75% have their sanitary sewerage treated by wastewater systems – Roughly 5,000 facilities service 10.8 million Ohioans • Vulnerable to cyber attacks due to high automation. Disruptions could result in illness, casualties, or denial of service that would impact public health and economic vitality.
  • 26.
  • 27. Implications on Infrastructure • Increased Online Control = Greater Vulnerability – Electrical power grids – Water and transportation systems – Oil pipelines – Refineries – Power-generation plants – Water/Wastewater plants • Aging infrastructure is more vulnerable to sophisticated cyber crime
  • 28. Implications on Infrastructure “When transformers fail, so too will water distribution, waste management, transportation, communications, and many emergency and government services…Given the average of twelve month lead that is require to replace a damaged transformer today with a new one the economic and society disruption would be enormous.” –Dr. Stephen Flynn, Northeastern University
  • 29. Connecting Ohio’s Infrastructure • Strengthening our cyber security is imperative because of the delicate balance between critical infrastructure sectors. A cyber attack on one sector can have cascading effects across all 18 infrastructure sectors. • More public-private partnerships in the following sectors: – Banking and Finance – Commercial Facilities – Critical Manufacturing – Defense Industrial Base – Energy – Information Technology – Postal and Shipping • Interdependencies among the critical sectors have been identified; however, a means to strengthen them must be developed
  • 30. Moving Forward • Cyber security will play a greater role on emergency in the foreseeable future as cyber attacks continue to grow in numbers and sophistication • Consider societal, technological, and environmental changes in planning • Understand the impacts of new technology and how best to implement it • Incorporate cyber security into governance and response plans • Seek technologically-savvy employees who can model data, run analytics, and track mission effectiveness to enhance decision-making • Build interdependent information technology capabilities with redundancies • Incorporate technologies based on simulation into exercises It is imperative that we all work together – government, private sector, non- profit, and the public
  • 31. Questions? Patrick Sheehan, Plans Branch Chief (Interim) Ohio Emergency Management Agency (614) 799-3693 Office pcsheehan@dps.state.oh.us Thank You

Editor's Notes

  1. Presentation made by FEMA to the Northeast Disaster Recovery Information X-Change (NEDRIX) re: NLE 2012 March 14, 2012 According to InfoSec (http://www.infosecisland.com/blogview/21131-GAO-680-Percent-Increase-in-Government-Cyber-Attacks.html), cyber attacks on government have increase 680% over the past half decade. Quote from President Obama found in following article, no reference given (http://mccaul.house.gov/press-releases/house-passes-mccaullipinski-cybersecurity-enhancement-act-to-secure-federal-networks-critical-infrastructure-and-americas-competitive-edge/)
  2. Presentation made by FEMA to the Northeast Disaster Recovery Information X-Change (NEDRIX) re: NLE 2012 March 14, 2012 NCIRP is not enough! According to the U.S. Government Accountability Office, 85% of infrastructure is owned by the private sector, so security must start there. This figure can be found in the US. GAO’s report to congressional requestors on Critical Infrastructure Protection: Progress Coordinating Government and Private Sector Efforts, released in 2006. http://www.gao.gov/assets/260/252603.pdf Cyberspace Policy Review http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf NCIRP available at http://www.federalnewsradio.com/pdfs/NCIRP_Interim_Version_September_2010.pdf
  3. From DHS critical infrastructure website: http://www.dhs.gov/critical-infrastructure
  4. The 18 federally identified critical infrastructure sectors. The National Monuments and Icons sector is not Ohio-specific, as our State has no federally-identified monuments or icons.
  5. Ohio’s critical infrastructure is so interconnected that only by working together can government and business be successful in securing our state. The delicate balance of interdependency between sectors can cause cascading effects: when an event impacts one, it may affect other sectors as well. The link between Ohio’s infrastructure and national security is profound, as Ohio’s economy is the 8th largest in the country. Protecting Ohio’s infrastructure is a means to ensure the continuity of our way of life and mitigate money lost through criminal acts such as cyber crime, through either attacks on virtual or physical structures. Investment in cyber security can help all of our critical infrastructure sectors become more secure and resilient, since infrastructure is a system of systems where disruption in one sector seriously impacts another or potentially causes a delay in recovery, causing an escalation of impact. Today’s businesses utilize just-in-time inventories and disruption would have significant consequences. In all critical sectors, protective plans, procedures, and policies should be in place to enhance physical deterrence, cyber security, assess geographic effects, and understand financial impact of techniques to reduce vulnerability, not just within a single sector, but across the system of critical sectors. Ohio Homeland Security Look Back to Move Forward, released on the 10th anniversary of 9/11 http://www.publicsafety.ohio.gov/links/LBtMF.pdf
  6. Sector overview from DHS’s website: http://www.dhs.gov/food-and-agriculture-sector. Specific Ohio facts from the Ohio Department of Agriculture. Quick sheet: http://www.agclassroom.org/kids/stats/ohio.pdf and 2010 annual report.
  7. Sector overview from DHS’s website. Specific Ohio facts from the Ohio Department of Commerce, Division of Financial Institutions.
  8. Sector overview from DHS’s website. Specific Ohio facts from the Ohio Chemistry Technology Council: http://www.ohiochemistry.org/aws/OCTC/pt/sp/home_page
  9. Sector overview from DHS’s website.
  10. Sector overview from DHS’s website.
  11. Sector overview from DHS’s website. Ohio-specific facts from the Ohio Department of Development’s website:
  12. Sector overview from DHS’s website. Ohio-specific facts from the Ohio Department of Natural Resources.
  13. Sector overview from DHS’s website, Ohio Department of Development
  14. Sector overview from DHS’s website, Ohio Department of Development
  15. Sector overview from DHS’s website, Ohio specific facts from Energy Industries of Ohio
  16. Sector overview from DHS’s website, DAS’s website
  17. Sector overview from DHS’s website, Ohio Department of Health
  18. Sector overview from DHS’s website, DAS’s website
  19. Sector overview from DHS’s website
  20. Sector overview from DHS’s website, Ohio specific facts from FirstEnergy’s website
  21. Sector overview from DHS’s website
  22. Sector overview from DHS’s website, Ohio Department of Transportation
  23. Sector overview from DHS’s website, Ohio EPA, and Ohio WARN
  24. Our country’s greatest vulnerability is in the security of privately owned infrastructure. All of the examples listed are interconnected, which will be explained in the following slides. Comments by Dr. Flynn in testimony to Congress, on April 24, 2012, urging for the passage of four bills scheduled for vote, including the Cyber security Enhancement Act. http://mccaul.house.gov/hidden-section/cascading-effect-of-cyber-attack-could-cost-lives-devastate-economy/ Testimony available on YouTube
  25. Our country’s greatest vulnerability is in the security of privately owned infrastructure. All of the examples listed are interconnected, which will be explained in the following slides. Comments by Dr. Flynn in testimony to Congress, on April 24, 2012, urging for the passage of four bills scheduled for vote, including the Cyber security Enhancement Act. http://mccaul.house.gov/hidden-section/cascading-effect-of-cyber-attack-could-cost-lives-devastate-economy/ Testimony available on YouTube
  26. Ohio Homeland Security Look Back to Move Froward
  27. Cyber security will continue into and may even play a greater role on emergency management in the foreseeable future. Assessing future factors challenging our State includes considering the societal, technological, and environmental changes as well as reasonable threats and hazards Ohio may face. To ensure we learn from the past, it is imperative that we continuously update our plans so that our state is well prepared to confront future threats, risks, and hazards. Global economic conditions are fragile, and recent events have caused us to focus on necessity – whether at home or in our operations. In an uncertain environment, it is imperative that we all work together – government, private sector, non-profit, and the public. The echoing effects of 9/11 on the emergency and first responder community may have originated with the threat of a major terrorist attack launched by al Qaeda from overseas, but homegrown cyber criminals such as “hactivists” or identity thieves, are growing in numbers. We must understand the impacts of new technology and how best to implement it to respond to and recover from events. One way to accomplish this is by seeking out a new generation of technologically-savvy employees who can model data, run analytics, and track mission effectiveness to enhance decision-making. We will need to build interdependent information technology capabilities with redundancies, while incorporating cyber security into governance, plans, policies, and procedures. Technologies incorporating simulation will lead to improved participation in exercises and increased responsiveness. The essentials of emergency management – communication, coordination, collaboration – will not and should not change, but the tactics, techniques, and procedures affected by the factors listed above will significantly test Ohio’s ability to respond and protect infrastructure that is integrated into every aspect of the life of an Ohioan. Ohio Homeland Security Look Back to Move Forward