cybersecurity.jpg

Cybersecurity Program

“Status quo is no longer acceptable -- not when there's so much at stake.  We can and we must do better.”  President Barack Obama

It was during his address on Securing Our Nation’s Cyber Infrastructure in May of 2009, that the President of the United States first made the above remark and described cybersecurity as “a matter of public safety and national security.”  Acknowledging the nation’s dependence on “computer networks to deliver our oil and gas, our power and our water…public transportation and air traffic control,” the president ominously declared that “the cyber threat is one of the most serious economic and national security challenges we face as a nation.”  

For the last several years, the Washington State Military Department has worked aggressively to prepare the state for cyber emergencies.  Extensive outreach and program development efforts by the National Guard and other state agencies culminated in the creation of a Cybersecurity Program within the Emergency Management Division.  The manager of the program functions as the state’s cybersecurity policy leader and strategist for emergency management. 

ezelleinsleeimg_0241.jpg

Emergency Management Director Robert Ezelle shakes the hand of Gov. Jay Inslee.
In the center is Major General Bret D. Daugherty. Inslee spoke April 7 at the
Cyber Executive Seminar on Camp Murray.

The primary goals of the program are to fully integrate cybersecurity into statewide emergency planning, training, preparation, and response procedures to address the unique (and ever-increasing) risks and vulnerabilities that have surfaced as a result of society’s growing dependence on networked systems. In addition to developing/expanding internal procedures, the cybersecurity program includes extensive outreach with the private and public sectors to further state emergency preparedness. 

“[Cybersecurity] is a matter of public safety, not just embarrassment or inconvenience. It requires a total community effort to stay ahead of those, who want to do us harm.”  — Gov Jay Inslee, April 7 Cyber Executive Seminar, Camp Murray, Wash.

The cybersecurity program focuses on four main areas: people, preparedness, policy and partnerships.

People: Working closely with the Washington State Emergency Management Training program and multiple jurisdictions across the state, the cybersecurity program identifies and schedules multiple training events and seminars aimed at raising awareness of emergency managers across the state to better prepare them to address incidents involving cyber systems.  Training seminars are scheduled and documented within the agency’s annual Training and Exercise Plan and made available statewide.

Preparedness:  Working closely with the Washington State Emergency Management Exercise Program and multiple jurisdictions across the state, the cybersecurity program has developed an aggressive exercise schedule which includes six separate state-level exercises that will include cyber scenarios and injects in 2015/2016.  This schedule includes a state cabinet level tabletop exercise. In every case, these exercises will involve public and private sector participation at both the policy and execution levels.

Policy: The Washington State Comprehensive Emergency Management Plan (CEMP) includes an Annex to specifically address response planning and a framework for significant cyber incidents. The Cybersecurity Annex has been distributed statewide to help encourage cybersecurity preparedness and unity of effort. Additionally, cybersecurity has been updated as a core capability in all phases of emergency management planning and has been incorporated into the State Preparedness Report and the Threat and Hazard Identification and Risk Assessment (THIRA). Additionally, working with a local university, EMD recently published a comprehensive cyber threat profile for the Hazard Identification and Vulnerability Assessment (HIVA). Links to the CEMP, Threat Profile, and other relevant Washington State Governor’s letters on cybersecurity can be found at the bottom of this page

Partnerships: The cybersecurity program is a statewide, interagency, public/private/tribal endeavor.  It is a holistic and collaborative program that brings together all key partners from the National Guard to multiple state agencies, from the private sector critical infrastructure operators to the small utility companies, from the global private sector IT companies to the rural community service providers. The world’s cyber infrastructure is a shared resource that is mostly owned, operated and maintained by the private sector. Significant outages or incidents can impact the entire region and failure to properly respond could be devastating to the people, property, environment and economy of Washington State. A response to cyber catastrophe requires extensive collaboration and unity of effort throughout the entire emergency management cycle. Therefore, a key and foundational component of the Emergency Management cybersecurity program is outreach and development of meaningful and lasting partnerships.

The Five Points of Cybersecurity

5-points-of-community-cybersecurity.png

What's the plan?

Cyber Incident Annex – March 2015 (PDF)

Click here to read Governor Jay Inslee’s Aug. 19, 2015 Letter on Cybersecurity to the Deputy Secretary of the U.S. Department of Homeland Security

Click here to see Governor Inslee’s designation letter for significant cyber incident response preparedness.

To view the current Hazard Profile for the Cyber Threat to Washington State, click here.

For more information, contact CCIP@mil.wa.gov