Washington Military DepartmentCyber Perspectives and Response Planning

Lt Col Gent WelshChief Information Officer/J6

Agenda

• National Perspectives & Background

• WA State Cyber Planning

• Steady State/Significant Relationships

• WA State Cyber CONOPS

• Washington State Significant Cyber Incident Annex

• Exercise Concepts

• Accomplishments

• Questions

National Perspectives

– 9/11 Commission Report (22 July 2004, Chapter 11, Foresight and Hindsight): “We believe that the 9/11 attacks revealed four kinds of failures—in imagination, policy, capabilities, and management.”

– Senator Joe Lieberman (14 Feb 12, Senate Floor): “I know it is February 14, 2012, but I fear that when it comes to protecting America from cyber-attack it is September 10, 2001, and the question is whether we will confront this existential threat before it happens?”

– Secretary of Defense Panetta (11 Oct 12, New York): “…the collective result of these kind of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability.”

– President Obama (21 Nov 12): “The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront.”

– Defense Science Board (Jan 13): “The US cannot be confident that our critical IT systems will work under attack from a sophisticated and well-resourced opponent…”

Background

• In Jan of 2012…– Washington State did not have a comprehensive strategy to confront the

challenges of cyber security– No “whole of government” dialogue on the issue– Any plans existed solely at the individual state agency level– Cyber was an IT problem…not an Operational issue– The Comprehensive Emergency Management Plan (CEMP) mentioned cyber

twice in 119 pages– We lacked imagination, policy, capabilities, and management on the cyber

issue

• By March of 2012…– TAG/Homeland Security Advisor sponsored a Cyber Integrated Project Team

along the lines of the Domestic Security Executive Group (DSEG) model– Used Emergency Support Function 2 (Communications) as the foundation– State CIO established “Security” as his #1 priority in Technology Strategy

Document

Washington State Cyber Integrated Project Team

TAG/Homeland Security Advisor rapidly organizing key state agencies involved in cyber planning, response, mitigation

Objectives:1. Develop a Washington State Cyber

Incident Annex based on National Cyber Incident Response Plan

2. Develop a domestic Cyber Planning and Response Concept of Operations that crosswalks National Guard cyber capabilities with state domestic cyber requirements

3. Create a “bottom up” state cyber response planning forum (requirements, capabilities, action plan) for others in FEMA Region X and nationally that leverages the “Cyber Center of Excellence” found in the Pacific Northwest

…already accomplishing 8 of the 12 objectives in the NGA “12 Steps to Secure Cyberspace”

Steady State - Cyber

Day to day operationsIndependent plans and processesLimited coordinationMultiple lines of communication

Private Industry

Critical Infrastructure

State Government

Other Governments(County, Local)

Department of Homeland Security(NCCIC)

Military Department

Significant Event - Cyber

Post State of EmergencyCoordinated processesSimplified lines of communication

Private Industry

Critical Infrastructure

State Government

Other Governments(County, Local)

Department of Homeland Security(NCCIC)

Military Department(Cyber Unified Coordination

Group)

View Cyber as a Continuum

How can the National

Guard support the domestic

cyber continuum?

• Disaster Recovery• Cyber Continuity of

Government (COOP)

• Law Enforcement Support• Incident Response Teams

• Forensics• Root Cause• Attribution

• Vulnerability Identification and

Remediation

• System Security standard consultation• Compliance reviews

• Exercise support• Project team

NG Domestic Cyber CONOPS – Now OPLAN

• Defines the requirement• Matches requirement to NG capabilities• Addresses “cyber resource type” issues• Takes a holistic perspective

WA State Significant Cyber Incident Annex

CEMP designed as an “All Hazards” Emergency Management Plan

- Domestic cyber issues managed as “All Hazard” along with other natural and manmade disasters

Significant Cyber Incident Annex (Annex D - under development)

- Working draft ready now- Validation during DHS tabletop exercises

in Sept and Nov 2013

Significant Cyber Incident Escalation Pathway

Cyber UCG Activation(CEMP Annex D - Cyber)

State of Emergency Declaration

(Significant Cyber Incident)

EOC Activation(Local Govt or Private Sector)

Addl Resources Needed

Cyber Incident(Not able to be contained locally)

Cyber Unified Coordination Group

Governor

Cyber Unified Coordination Group

WMD/CIO

OCIOTAG/HSA

WSPCity of

Seattle/CISOWSFC

FBICTS/CISO

OperationsFinance/Admin

LogisticsPlanning

Coordinate resource requests

Cyber Resource Types

Set priorities

Set objectives

• Prioritize, allocate, and deconflict resources

• Manage key Federal and State resources

• Develop and maintain statewide situational awareness

Incident Site Command

Mission Tasks/Assignments

Federal Agencies/

DOD

National Guard

Resources placed under direct control of recipient

Resources remaining under Federal/State control

Logistical support for integration and utilization of resources

Regional Mutual Aid Coordinators

Operational Area EOCs and Mutual Aid Coordinators

Other Resource

Types

Incident Response Teams

Command and control of incident response

Affected CIKR Sectors

Cyber UCG Coordination Framework

Private Industry

Critical Infrastructure

State Government

Other Governments(County, Local)

Department of Homeland Security(NCCIC)

Cyber Unified Coordination Group

WA State EOC

NSA/CYBERCOM

Federal Interagency

Resource Types

Priorities1. Prioritize, allocate, and

deconflict resources

2. Manage key Federal and State resources

3. Develop and maintain statewide situational awareness

Cyber Exercises - 2013

Dates: Sept and Nov 2013Locations: Fusion Center, participating sitesFacilitator/Planner: DHS, WMD, IndustryParticipants: Cyber UCG, DHS, CIKR Sector Reps (SnoPUD, Avista)

Objectives:1. Validate WA State UCG Concept and WACIA

plan 2. Integrate actual WA CIKR (energy) sector

player3. Validate communications processes4. Develop WA state cyber resource types5. Validate WNG response CONOPS for a

significant cyber incident response

Accomplishments to date

FY12 DHS HLS Grant – $80k to OCIO for domestic cyber planning (June 12)

– $40k matching funds to hire state Cyber Policy Coordinator

– $25k for National Guard penetration testing of cyber critical infrastructure (in State Active Duty)

– $15k to begin development of state-wide cyber critical infrastructure response plan

DHS Cyberstorm IV exercise (14-15 Aug 12)– Hosted by WA Consolidated Technology

Services– Capture issues/gaps for potential FY13 DHS

grant funding– Left participants “wanting more…”

TAG/HSA appointment letter (1 Apr 13)– TAG/HSA “Senior Official” and Military

Department “Lead Agency” for Cyber coord

Three Final Points

• The Washington Military Department/National Guard has a unique role in domestic cyber…

• Information sharing/formalize relationships

• Partnerships, partnerships, partnerships…

Questions?