The mission of the Washington Emergency Management Division’s Cybersecurity Program is to safeguard life‑safety, economic stability, and public services by integrating cybersecurity into statewide preparedness, resilience, and critical infrastructure protection efforts. This includes alignment with federal frameworks and collaboration with public and private sector partners in the pursuit of a whole-of-state approach to cybersecurity.
Whole-of-state cybersecurity means:
Regional collaboration between public, private, and tribal partners
Resilience of networked systems for public safety and commerce
Promoting research, analysis, and sharing of cybersecurity information and best practices across private, public and tribal sectors
Unity of effort for the protection of critical infrastructure
Dedication to workforce development to strengthen our economy and enhance our cybersecurity posture
Federal and State Cybersecurity Plans and Frameworks
The National Cyber Incident Response Plan (NCIRP) describes a national approach to handling significant cyber incidents. It addresses the important role that the private sector, state and local governments, and multiple federal agencies play in responding to incidents. It also describes how the actions of all these stakeholders fit together to provide an integrated response.
DHS CISA defines critical infrastructure as 16 interdependent sectors. The national approach for protecting these sectors is outlined in the National Critical Infrastructure Protection Plan and it’s supporting, sector-specific annexes. Taken together, these documents provide a comprehensive framework for critical infrastructure analysis and protection activities.
State response plan that integrates cybersecurity incident response considerations into existing state emergency response coordination structures for a whole-of-government approach. Guides the overall state response to a significant cybers incident, complementing the existing all-hazards approach to incident management.
A framework for prevention and protection activities designed to reduce the risk of cybersecurity incidents that impact on the security or wellbeing of Washington residents. Includes documentation on cybersecurity prevention and protection activities by each state agency.
Pursuant with Washington State law (RCW 19.255), any person or business that conducts business in this state and that owns or licenses data that includes personal information shall disclose any breach of the security of the system to any resident of this state whose personal information was, or is reasonable believed to have been, acquired by an unauthorized person and the personal information was not secured.
Reporting a cybersecurity incident to the federal government will vary depending on the type of incident and the industry impacted. In some cases, regulatory agencies are required to be notified. In other cases, an affected entity may seek technical assistance from DHS CISA or law enforcement action from the FBI.
Cyber Incident Response Team (CIRT)
Operating under the state’s Emergency Worker Program, the CIRT exists to preregister volunteers to provide coordinated assistance to local governments, critical infrastructure, and not-for-profit entities within Washington in mitigating and responding to cyberattacks and cybersecurity incidents. It shall leverage a pool of qualified volunteers from across the state to enhance the cyber resilience of local governments and critical infrastructure, including:
Local units of government (e.g. municipalities, counties.
Public sector critical infrastructure (e.g. public utilities).
Cybersecurity and Infrastructure Security Agency-designated critical infrastructure owners and operators (e.g. small agribusiness, emergency fuel suppliers, healthcare facilities, etc.).
School districts and private schools.
Washington Universities, Technical Colleges, and similar institutions of higher education.
Tribes and tribal communities located in Washington state.
For more information, to apply to join the CIRT, or to request CIRT assistance, visit the CIRT webpage. CIRT webpage is currently under development. Please check back soon.
Cybersecurity Planning, Training, and Exercise Development
Cybersecurity audits examine information technology systems used in government operations. They look for weaknesses in that technology and propose solutions to help strengthen those systems. Cybersecurity audits are a type of performance audit and are provided at no cost to state and local governments, thanks to 2005's voter-approved Initiative 900.
CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS) and information technology (IT) network security practices. Users can evaluate their own cybersecurity stance using many recognized government and industry standards and recommendations.
Developed in conjunction with the State and Local Cybersecurity Grant Program (SLCGP), this template provides a basic structure for an organization to develop a cybersecurity incident response plan. While it allows users the option to simply populate the template with their information, it is highly recommended that this be done in conjunction with a structured planning effort with all necessary internal and external partners to ensure a comprehensive and relevant product.
Organization’s seeking assistance with conducting a planning process may submit their request for support to EMD. EMD supports planning efforts at the state and local level for an array of different topics, including cybersecurity.
The NCPC is a partnership of nationally recognized universities that design and deliver cybersecurity training for leadership, end user and technical roles in the State, Local, Tribal and Territorial (SLTT) communities. Washington EMD may request cybersecurity training through any of the partnering Universities part to the NCPC.
If you are interested in enrolling in a scheduled NCPC course, visit the State Training Calendar.
If you are interested in hosting a NCPC course, email training@mil.wa.gov with your request.
CISA Tabletop Exercise Packages (CTEP) are a comprehensive set of resources designed to assist stakeholders in conducting their own exercises. Partners can use CTEPs to initiate discussions within their organizations about their ability to address a variety of threat scenarios.
Organization’s seeking assistance with designing and/or conducting a cybersecurity exercise may submit their request for support to EMD. EMD supports exercises at the state and local level for an array of different topics, including cybersecurity.
An internationally recognized standard, the NIST Cybersecurity Framework provides a roadmap for any organization to structure and implement a cybersecurity program according to best practices. Whether an organization is looking to improve its current cybersecurity program, or develop one from scratch, this framework provides a wholistic guide to the different aspects of cybersecurity to ensure a comprehensive program is achieved.
The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices used to strengthen an organization’s cybersecurity posture. CIS Controls are often used as a benchmark against which to audit cybersecurity programs and capabilities.
CISA's Cross-Sector Cybersecurity Performance Goals (CPGs) are a subset of cybersecurity practices, selected through a thorough process of industry, government, and expert consultation, aimed at meaningfully reducing risks to both critical infrastructure operations and the American people. These voluntary Cross-Sector CPGs strive to help small- and medium-sized organizations kickstart their cybersecurity efforts by prioritizing investment in a limited number of essential actions with high-impact security outcomes.
The NICE Workforce Framework for Cybersecurity, commonly referred to as the NICE Framework, is a nationally focused resource to help employers develop their cybersecurity workforce. It establishes a common lexicon that describes cybersecurity work and workers regardless of where or for whom the work is performed. The NICE Framework applies across public, private, and academic sectors.
InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats. InfraGard’s membership includes: business executives, entrepreneurs, lawyers, security personnel, military and government officials, IT professionals, academia and state and local law enforcement—all dedicated to contributing industry-specific insight and advancing national security.
Information Sharing and Analysis Centers help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency. ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness.
The mission of the Washington State Fusion Center (WSFC) is to support the public safety and homeland security missions of state, local, tribal agencies and private sector entities. The WSFC is Washington State’s single fusion center and concurrently supports federal, state, and tribal agencies, regional and local law enforcement, public safety and homeland security by providing timely, relevant and high-quality information and intelligence services.
Help Safeguard Lives & Property!
The Washington Military Department offers both state and federal job opportunities. Learn more and join our team!
