Skip to Main Content

Cybersecurity Program

Mission

The mission of the Washington Emergency Management Division’s Cybersecurity Program is to safeguard life‑safety, economic stability, and public services by integrating cybersecurity into statewide preparedness, resilience, and critical infrastructure protection efforts. This includes alignment with federal frameworks and collaboration with public and private sector partners in the pursuit of a whole-of-state approach to cybersecurity.

Whole-of-state cybersecurity means:

  • Regional collaboration between public, private, and tribal partners
  • Resilience of networked systems for public safety and commerce
  • Promoting research, analysis, and sharing of cybersecurity information and best practices across private, public and tribal sectors
  • Unity of effort for the protection of critical infrastructure
  • Dedication to workforce development to strengthen our economy and enhance our cybersecurity posture


Federal and State Cybersecurity Plans and Frameworks

    Federal

    National Cybersecurity Incident Response Plan

    The National Cyber Incident Response Plan (NCIRP) describes a national approach to handling significant cyber incidents. It addresses the important role that the private sector, state and local governments, and multiple federal agencies play in responding to incidents. It also describes how the actions of all these stakeholders fit together to provide an integrated response.

    Critical Infrastructure Security and Resilience

    DHS CISA defines critical infrastructure as 16 interdependent sectors. The national approach for protecting these sectors is outlined in the National Critical Infrastructure Protection Plan and it’s supporting, sector-specific annexes. Taken together, these documents provide a comprehensive framework for critical infrastructure analysis and protection activities.

    State

    Washington State Significant Cyber Incident Response Plan

    State response plan that integrates cybersecurity incident response considerations into existing state emergency response coordination structures for a whole-of-government approach. Guides the overall state response to a significant cybers incident, complementing the existing all-hazards approach to incident management.

    Washington Cybersecurity Prevention Framework

    A framework for prevention and protection activities designed to reduce the risk of cybersecurity incidents that impact on the security or wellbeing of Washington residents. Includes documentation on cybersecurity prevention and protection activities by each state agency.

    Cybersecurity Incident Reporting

    Washington Attorney General Data Breach Notification

    Pursuant with Washington State law (RCW 19.255), any person or business that conducts business in this state and that owns or licenses data that includes personal information shall disclose any breach of the security of the system to any resident of this state whose personal information was, or is reasonable believed to have been, acquired by an unauthorized person and the personal information was not secured.

    Reporting to Federal Entities (Including FBI and DHS CISA)

    Reporting a cybersecurity incident to the federal government will vary depending on the type of incident and the industry impacted. In some cases, regulatory agencies are required to be notified. In other cases, an affected entity may seek technical assistance from DHS CISA or law enforcement action from the FBI.

      Cyber Incident Response Team (CIRT)

      Operating under the state’s Emergency Worker Program, the CIRT exists to preregister volunteers to provide coordinated assistance to local governments, critical infrastructure, and not-for-profit entities within Washington in mitigating and responding to cyberattacks and cybersecurity incidents. It shall leverage a pool of qualified volunteers from across the state to enhance the cyber resilience of local governments and critical infrastructure, including:

      1. Local units of government (e.g. municipalities, counties.
      2. Public sector critical infrastructure (e.g. public utilities).
      3. Cybersecurity and Infrastructure Security Agency-designated critical infrastructure owners and operators (e.g. small agribusiness, emergency fuel suppliers, healthcare facilities, etc.).
      4. School districts and private schools.
      5. Washington Universities, Technical Colleges, and similar institutions of higher education.
      6. Tribes and tribal communities located in Washington state.

      For more information, to apply to join the CIRT, or to request CIRT assistance, visit the CIRT webpage. CIRT webpage is currently under development. Please check back soon.

      Cybersecurity Planning, Training, and Exercise Development

      Vulnerability Assessments

      State Auditor’s Office Cybersecurity Audits

      Cybersecurity audits examine information technology systems used in government operations. They look for weaknesses in that technology and propose solutions to help strengthen those systems. Cybersecurity audits are a type of performance audit and are provided at no cost to state and local governments, thanks to 2005's voter-approved Initiative 900.

      DHS CISA Cyber Security Evaluation Tool (CSET)

      CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS) and information technology (IT) network security practices. Users can evaluate their own cybersecurity stance using many recognized government and industry standards and recommendations.

      Cybersecurity Response Plan Development Support

      Cybersecurity Plan Template

      Developed in conjunction with the State and Local Cybersecurity Grant Program (SLCGP), this template provides a basic structure for an organization to develop a cybersecurity incident response plan. While it allows users the option to simply populate the template with their information, it is highly recommended that this be done in conjunction with a structured planning effort with all necessary internal and external partners to ensure a comprehensive and relevant product.

      Request EMD Planning Technical Assistance

      Organization’s seeking assistance with conducting a planning process may submit their request for support to EMD. EMD supports planning efforts at the state and local level for an array of different topics, including cybersecurity.

      Cybersecurity Training

      National Cybersecurity Preparedness Consortium (NCPC)

      The NCPC is a partnership of nationally recognized universities that design and deliver cybersecurity training for leadership, end user and technical roles in the State, Local, Tribal and Territorial (SLTT) communities. Washington EMD may request cybersecurity training through any of the partnering Universities part to the NCPC.

      Exercise Support

      DHS CISA Tabletop Exercise Packages

      CISA Tabletop Exercise Packages (CTEP) are a comprehensive set of resources designed to assist stakeholders in conducting their own exercises. Partners can use CTEPs to initiate discussions within their organizations about their ability to address a variety of threat scenarios.

      Request EMD Exercise Design Support

      Organization’s seeking assistance with designing and/or conducting a cybersecurity exercise may submit their request for support to EMD. EMD supports exercises at the state and local level for an array of different topics, including cybersecurity.

      Additional Resources

      Cybersecurity Best Practices

      NIST Cybersecurity Framework

      An internationally recognized standard, the NIST Cybersecurity Framework provides a roadmap for any organization to structure and implement a cybersecurity program according to best practices. Whether an organization is looking to improve its current cybersecurity program, or develop one from scratch, this framework provides a wholistic guide to the different aspects of cybersecurity to ensure a comprehensive program is achieved.

      Center for Internet Security (CIS) Critical Security Controls

      The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices used to strengthen an organization’s cybersecurity posture. CIS Controls are often used as a benchmark against which to audit cybersecurity programs and capabilities.

      DHS CISA Cross-Sector Cybersecurity Performance Goals (CPGs)

      CISA's Cross-Sector Cybersecurity Performance Goals (CPGs) are a subset of cybersecurity practices, selected through a thorough process of industry, government, and expert consultation, aimed at meaningfully reducing risks to both critical infrastructure operations and the American people. These voluntary Cross-Sector CPGs strive to help small- and medium-sized organizations kickstart their cybersecurity efforts by prioritizing investment in a limited number of essential actions with high-impact security outcomes.

      NICE Workforce Framework for Cybersecurity

      The NICE Workforce Framework for Cybersecurity, commonly referred to as the NICE Framework, is a nationally focused resource to help employers develop their cybersecurity workforce. It establishes a common lexicon that describes cybersecurity work and workers regardless of where or for whom the work is performed. The NICE Framework applies across public, private, and academic sectors.

      Cybersecurity Communities of Interest

      InfraGard

      InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats. InfraGard’s membership includes: business executives, entrepreneurs, lawyers, security personnel, military and government officials, IT professionals, academia and state and local law enforcement—all dedicated to contributing industry-specific insight and advancing national security.

      Information Sharing and Analysis Centers

      Information Sharing and Analysis Centers help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency. ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness.

      Washington State Fusion Center

      The mission of the Washington State Fusion Center (WSFC) is to support the public safety and homeland security missions of state, local, tribal agencies and private sector entities. The WSFC is Washington State’s single fusion center and concurrently supports federal, state, and tribal agencies, regional and local law enforcement, public safety and homeland security by providing timely, relevant and high-quality information and intelligence services.