wa state cyber response
TRANSCRIPT
Washington Military DepartmentCyber Perspectives and Response Planning
Lt Col Gent WelshChief Information Officer/J6
Agenda
• National Perspectives & Background
• WA State Cyber Planning
• Steady State/Significant Relationships
• WA State Cyber CONOPS
• Washington State Significant Cyber Incident Annex
• Exercise Concepts
• Accomplishments
• Questions
National Perspectives
– 9/11 Commission Report (22 July 2004, Chapter 11, Foresight and Hindsight): “We believe that the 9/11 attacks revealed four kinds of failures—in imagination, policy, capabilities, and management.”
– Senator Joe Lieberman (14 Feb 12, Senate Floor): “I know it is February 14, 2012, but I fear that when it comes to protecting America from cyber-attack it is September 10, 2001, and the question is whether we will confront this existential threat before it happens?”
– Secretary of Defense Panetta (11 Oct 12, New York): “…the collective result of these kind of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability.”
– President Obama (21 Nov 12): “The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront.”
– Defense Science Board (Jan 13): “The US cannot be confident that our critical IT systems will work under attack from a sophisticated and well-resourced opponent…”
Background
• In Jan of 2012…– Washington State did not have a comprehensive strategy to confront the
challenges of cyber security– No “whole of government” dialogue on the issue– Any plans existed solely at the individual state agency level– Cyber was an IT problem…not an Operational issue– The Comprehensive Emergency Management Plan (CEMP) mentioned cyber
twice in 119 pages– We lacked imagination, policy, capabilities, and management on the cyber
issue
• By March of 2012…– TAG/Homeland Security Advisor sponsored a Cyber Integrated Project Team
along the lines of the Domestic Security Executive Group (DSEG) model– Used Emergency Support Function 2 (Communications) as the foundation– State CIO established “Security” as his #1 priority in Technology Strategy
Document
Washington State Cyber Integrated Project Team
TAG/Homeland Security Advisor rapidly organizing key state agencies involved in cyber planning, response, mitigation
Objectives:1. Develop a Washington State Cyber
Incident Annex based on National Cyber Incident Response Plan
2. Develop a domestic Cyber Planning and Response Concept of Operations that crosswalks National Guard cyber capabilities with state domestic cyber requirements
3. Create a “bottom up” state cyber response planning forum (requirements, capabilities, action plan) for others in FEMA Region X and nationally that leverages the “Cyber Center of Excellence” found in the Pacific Northwest
…already accomplishing 8 of the 12 objectives in the NGA “12 Steps to Secure Cyberspace”
Steady State - Cyber
Day to day operationsIndependent plans and processesLimited coordinationMultiple lines of communication
Private Industry
Critical Infrastructure
State Government
Other Governments(County, Local)
Department of Homeland Security(NCCIC)
Military Department
Significant Event - Cyber
Post State of EmergencyCoordinated processesSimplified lines of communication
Private Industry
Critical Infrastructure
State Government
Other Governments(County, Local)
Department of Homeland Security(NCCIC)
Military Department(Cyber Unified Coordination
Group)
View Cyber as a Continuum
How can the National
Guard support the domestic
cyber continuum?
• Disaster Recovery• Cyber Continuity of
Government (COOP)
• Law Enforcement Support• Incident Response Teams
• Forensics• Root Cause• Attribution
• Vulnerability Identification and
Remediation
• System Security standard consultation• Compliance reviews
• Exercise support• Project team
NG Domestic Cyber CONOPS – Now OPLAN
• Defines the requirement• Matches requirement to NG capabilities• Addresses “cyber resource type” issues• Takes a holistic perspective
WA State Significant Cyber Incident Annex
CEMP designed as an “All Hazards” Emergency Management Plan
- Domestic cyber issues managed as “All Hazard” along with other natural and manmade disasters
Significant Cyber Incident Annex (Annex D - under development)
- Working draft ready now- Validation during DHS tabletop exercises
in Sept and Nov 2013
Significant Cyber Incident Escalation Pathway
Cyber UCG Activation(CEMP Annex D - Cyber)
State of Emergency Declaration
(Significant Cyber Incident)
EOC Activation(Local Govt or Private Sector)
Addl Resources Needed
Cyber Incident(Not able to be contained locally)
Cyber Unified Coordination Group
Governor
Cyber Unified Coordination Group
WMD/CIO
OCIOTAG/HSA
WSPCity of
Seattle/CISOWSFC
FBICTS/CISO
OperationsFinance/Admin
LogisticsPlanning
Coordinate resource requests
Cyber Resource Types
Set priorities
Set objectives
• Prioritize, allocate, and deconflict resources
• Manage key Federal and State resources
• Develop and maintain statewide situational awareness
Incident Site Command
Mission Tasks/Assignments
Federal Agencies/
DOD
National Guard
Resources placed under direct control of recipient
Resources remaining under Federal/State control
Logistical support for integration and utilization of resources
Regional Mutual Aid Coordinators
Operational Area EOCs and Mutual Aid Coordinators
Other Resource
Types
Incident Response Teams
Command and control of incident response
Affected CIKR Sectors
Cyber UCG Coordination Framework
Private Industry
Critical Infrastructure
State Government
Other Governments(County, Local)
Department of Homeland Security(NCCIC)
Cyber Unified Coordination Group
WA State EOC
NSA/CYBERCOM
Federal Interagency
Resource Types
Priorities1. Prioritize, allocate, and
deconflict resources
2. Manage key Federal and State resources
3. Develop and maintain statewide situational awareness
Cyber Exercises - 2013
Dates: Sept and Nov 2013Locations: Fusion Center, participating sitesFacilitator/Planner: DHS, WMD, IndustryParticipants: Cyber UCG, DHS, CIKR Sector Reps (SnoPUD, Avista)
Objectives:1. Validate WA State UCG Concept and WACIA
plan 2. Integrate actual WA CIKR (energy) sector
player3. Validate communications processes4. Develop WA state cyber resource types5. Validate WNG response CONOPS for a
significant cyber incident response
Accomplishments to date
FY12 DHS HLS Grant – $80k to OCIO for domestic cyber planning (June 12)
– $40k matching funds to hire state Cyber Policy Coordinator
– $25k for National Guard penetration testing of cyber critical infrastructure (in State Active Duty)
– $15k to begin development of state-wide cyber critical infrastructure response plan
DHS Cyberstorm IV exercise (14-15 Aug 12)– Hosted by WA Consolidated Technology
Services– Capture issues/gaps for potential FY13 DHS
grant funding– Left participants “wanting more…”
TAG/HSA appointment letter (1 Apr 13)– TAG/HSA “Senior Official” and Military
Department “Lead Agency” for Cyber coord
Three Final Points
• The Washington Military Department/National Guard has a unique role in domestic cyber…
• Information sharing/formalize relationships
• Partnerships, partnerships, partnerships…
Questions?