2. Agenda
• National Perspectives & Background
• WA State Cyber Planning
• Steady State/Significant Relationships
• WA State Cyber CONOPS
• Washington State Significant Cyber Incident Annex
• Exercise Concepts
• Accomplishments
• Questions
3. National Perspectives
– 9/11 Commission Report (22 July 2004, Chapter 11, Foresight and Hindsight):
“We believe that the 9/11 attacks revealed four kinds of failures—in
imagination, policy, capabilities, and management.”
– Senator Joe Lieberman (14 Feb 12, Senate Floor): “I know it is February 14,
2012, but I fear that when it comes to protecting America from cyber-attack
it is September 10, 2001, and the question is whether we will confront this
existential threat before it happens?”
– Secretary of Defense Panetta (11 Oct 12, New York): “…the collective result
of these kind of attacks could be a cyber Pearl Harbor; an attack that would
cause physical destruction and the loss of life. In fact, it would paralyze and
shock the nation and create a new, profound sense of vulnerability.”
– President Obama (21 Nov 12): “The cyber threat to critical infrastructure
continues to grow and represents one of the most serious national security
challenges we must confront.”
– Defense Science Board (Jan 13): “The US cannot be confident that our
critical IT systems will work under attack from a sophisticated and well-
resourced opponent…”
4. Background
• In Jan of 2012…
– Washington State did not have a comprehensive strategy to confront the
challenges of cyber security
– No “whole of government” dialogue on the issue
– Any plans existed solely at the individual state agency level
– Cyber was an IT problem…not an Operational issue
– The Comprehensive Emergency Management Plan (CEMP) mentioned cyber
twice in 119 pages
– We lacked imagination, policy, capabilities, and management on the cyber
issue
• By March of 2012…
– TAG/Homeland Security Advisor sponsored a Cyber Integrated Project Team
along the lines of the Domestic Security Executive Group (DSEG) model
– Used Emergency Support Function 2 (Communications) as the foundation
– State CIO established “Security” as his #1 priority in Technology Strategy
Document
5. Washington State Cyber Integrated Project Team
TAG/Homeland Security Advisor
rapidly organizing key state
agencies involved in cyber
planning, response, mitigation
Objectives:
1. Develop a Washington State Cyber
Incident Annex based on National Cyber
Incident Response Plan
2. Develop a domestic Cyber Planning and
Response Concept of Operations that
crosswalks National Guard cyber
capabilities with state domestic cyber
requirements
3. Create a “bottom up” state cyber
response planning forum (requirements,
capabilities, action plan) for others in
FEMA Region X and nationally that
leverages the “Cyber Center of
Excellence” found in the Pacific
Northwest
…already accomplishing 8 of the 12 objectives in
the NGA “12 Steps to Secure Cyberspace”
6. Steady State - Cyber
Day to day operations
Independent plans and processes
Limited coordination
Multiple lines of communication
Private Industry Critical Infrastructure State Government Other Governments
(County, Local)
Department of Homeland
Security
(NCCIC)
Military Department
7. Significant Event - Cyber
Post State of Emergency
Coordinated processes
Simplified lines of communication
Private Industry Critical Infrastructure State Government Other Governments
(County, Local)
Department of Homeland
Security
(NCCIC)
Military Department
(Cyber Unified Coordination
Group)
8. View Cyber as a Continuum
How can
the National
Guard
support the
domestic
cyber
continuum?
• Disaster Recovery
• Cyber Continuity of
Government (COOP)
• Law Enforcement Support
• Incident Response Teams
• Forensics
• Root Cause
• Attribution
• Vulnerability
Identification and
Remediation
• System Security standard consultation
• Compliance reviews
• Exercise support
• Project team
9. NG Domestic Cyber CONOPS – Now OPLAN
• Defines the requirement
• Matches requirement to NG capabilities
• Addresses “cyber resource type” issues
• Takes a holistic perspective
10. WA State Significant Cyber Incident Annex
CEMP designed as an “All
Hazards” Emergency
Management Plan
- Domestic cyber issues managed as “All
Hazard” along with other natural and
manmade disasters
Significant Cyber Incident Annex
(Annex D - under development)
- Working draft ready now
- Validation during DHS tabletop exercises
in Sept and Nov 2013
11. Significant Cyber Incident Escalation Pathway
Cyber UCG Activation
(CEMP Annex D - Cyber)
State of Emergency
Declaration
(Significant Cyber Incident)
EOC Activation
(Local Govt or Private Sector)
Addl Resources Needed
Cyber Incident
(Not able to be contained locally)
12. Cyber Unified Coordination Group
Governor
Cyber Unified Coordination Group
WMD/CIO
OCIOTAG/HSA
WSP
City of
Seattle/CISO
WSFC
FBICTS/CISO
Operations
Finance/
Admin
LogisticsPlanning
Coordinate resource requests
Cyber Resource Types
Set priorities
Set objectives
•Prioritize, allocate, and
deconflict resources
• Manage key Federal
and State resources
•Develop and maintain
statewide situational
awareness
Incident Site Command
Mission Tasks/Assignments
Federal
Agencies/
DOD
National
Guard
Resources placed under direct control of recipient
Resources remaining under Federal/State control
Logistical support for integration and utilization of resources
Regional Mutual Aid
Coordinators
Operational Area EOCs
and Mutual Aid
Coordinators
Other
Resource
Types
Incident Response Teams
Command
and control
of incident
response
Affected CIKR Sectors
13. Cyber UCG Coordination Framework
Private Industry Critical Infrastructure State Government Other Governments
(County, Local)
Department of Homeland
Security
(NCCIC)
Cyber Unified
Coordination Group
WA State EOC
NSA/CYBERCOM
Federal
Interagency
Resource Types
Priorities
1. Prioritize, allocate, and
deconflict resources
2. Manage key Federal and State
resources
3. Develop and maintain statewide
situational awareness
14. Cyber Exercises - 2013
Dates: Sept and Nov 2013
Locations: Fusion Center, participating sites
Facilitator/Planner: DHS, WMD, Industry
Participants: Cyber UCG, DHS, CIKR Sector Reps
(SnoPUD, Avista)
Objectives:
1. Validate WA State UCG Concept and WACIA
plan
2. Integrate actual WA CIKR (energy) sector
player
3. Validate communications processes
4. Develop WA state cyber resource types
5. Validate WNG response CONOPS for a
significant cyber incident response
15. Accomplishments to date
FY12 DHS HLS Grant – $80k to OCIO for domestic
cyber planning (June 12)
– $40k matching funds to hire state Cyber Policy
Coordinator
– $25k for National Guard penetration testing of
cyber critical infrastructure (in State Active
Duty)
– $15k to begin development of state-wide
cyber critical infrastructure response plan
DHS Cyberstorm IV exercise (14-15 Aug 12)
– Hosted by WA Consolidated Technology
Services
– Capture issues/gaps for potential FY13 DHS
grant funding
– Left participants “wanting more…”
TAG/HSA appointment letter (1 Apr 13)
– TAG/HSA “Senior Official” and Military
Department “Lead Agency” for Cyber coord
16. Three Final Points
• The Washington Military Department/National Guard has
a unique role in domestic cyber…
• Information sharing/formalize relationships
• Partnerships, partnerships, partnerships…