Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Integration of Cyber Events into Emergency Planning

David Sweigert
David Sweigert

This document discusses how to integrate cybersecurity plans into broader emergency management plans. It recommends establishing cross-functional planning teams to identify resources and procedures. The planning process should develop common vocabulary, identify community partners, and use scenarios to incentivize participation. Cybersecurity plans should be considered as annexes to Emergency Operations Plans and aligned with partners' plans through gap analysis and crosswalks. Integrating cybersecurity plans in this way can help reduce impacts from cyber incidents.

Related slideshows

Impress redes sociales
Impress redes socialesImpress redes sociales
Impress redes sociales
 
AIESEC international school project
AIESEC international school projectAIESEC international school project
AIESEC international school project
 
格安ラルフローレンのシャツ個々のソリューションの保護
格安ラルフローレンのシャツ個々のソリューションの保護格安ラルフローレンのシャツ個々のソリューションの保護
格安ラルフローレンのシャツ個々のソリューションの保護
 
1 of 23
Weaving cyber events into emergency management plans Dave Sweigert, CISSP, CISA, PMP January, 2014 1/14/2014
Intended audience • Cyber security personnel working with emergency planners, Crisis Management Teams (CMT), Emergency Operation Plan developers and business continuity planners relying on current best practices 1/14/2014
Objective • Assist cyber practitioners in leveraging techniques to integrate cyber specific plans into larger basic plans • Provide background in best practice planning processes • Foster inter-disciplinary dialogue in the emergency planning domain 1/14/2014
BACKGROUND 1/14/2014
Different plans for different objectives • Strategic, Operational, Tactical Plans i. Strategic – goals and objectives set by senior leadership ii. Ops – roles and responsibilities, integrated with partners (state, regional, local, contractors, utilities) iii. Tactical – personnel, equipment, resources (standard operating procedures (SOP)) 1/14/2014
Planning backdrop • Comprehensive Preparedness Guide (CPG) 101, Developing and Maintaining Emergency Operations Plans as a guide • Three types of threats: natural, adversarial, technology (cyber) • FEMA’s Emergency Support Function # 2 addresses cyber security (drafting ESF #18 Cyber) 1/14/2014
Plans that support and supplement the comprehensive basic plan • • • • • • Administrative Plans Preparedness Plans Continuity Plans Recovery Plans Mitigation Plans Prevention and Protection Plans 1/14/2014
Terms: CIKR, COOP , COG & DRP Critical Infrastructure/Key Resources (CIKR) Continuity of Operations (COOP) Continuity of Government (COG) Disaster Recovery Planning (DRP) (I.T. specific recovery) • DRP defines knowledge, skills and abilities of technical personnel • DRP defines specific guidelines to carryout specific functions • • • • 1/14/2014
Other plans orbiting the basic plan • Organizational/agency specific plans (planning can be to department level) • Business Continuity (memorandums of understanding/agreement (MOU/A)) • Business Safety plans (OSHA) • Hazard Mitigation (identified major threats, union strikes, terrorism) • Home Safety Plans for essential personnel (develop family preparedness mindset) 1/14/2014
Emergency Operations Plans (EOPs) • Potential integration with National Incident Management System (NIMS) and National Response Framework (NRF) • Describes how incidents are handled • Base plan (organization-wide) with hazard specific annexes (cyber specific) • Information sharing between private-public partners 1/14/2014
EOPs: • Identification of response and recovery actions, agencies, key resources • Direction, control, sequence of events • Specific communications procedures • Identify triggers and processes to activate personnel, resources, partners • Times, periods, anticipation of needs • Appendix (support material) • Annex (threat / capability specific) 1/14/2014
PLANNING PROCESS 1/14/2014
The Planning table • Identify community partners (law enforcement, utilities, colleges) • Build relationship (cross-functional) • Identify resources (needed capabilities) • Know the processes needed and specialized procedures to acquire timely resources (pre-existing vendor agreements) 1/14/2014
Planning process issues • Get the right folks at the table • Walk thru your organizational structure • Develop common vocabulary (avoid use of career specific jargon and buzz words) • Incentivizing participants: developing a “hook” to retain participants • Develop team around a planning scenario common to all participants (72 hour power black-out) 1/14/2014
Best practices • • • • • • • • Project objective (create living document) Core planning team (stakeholders) Project schedule (tasks, durations) Plan development (templates) Plan preparation and review Plan vetting and commentary Final draft reviewed in workshop Approval 1/14/2014
Project Management issues • Need buy-in from top management (compliance issues HIPAA, SOX, PCI) • Scope statement (catalyst) • Define clear objectives • Project manager’s role defined • Scope creep (focus on a functional plan) 1/14/2014
Planning Characteristics • Reduction of unknowns • Continual process (living document) • Appropriate actions based on what is likely to happen based on facts, typical behavior, capabilities • Training, education, exercises • Testing the plans, revise and improve 1/14/2014
INTEGRATING PLANS 1/14/2014
Integrated Emergency Planning • Horizontal integration: developing partnerships across your organization • Synchronization and integration of plans (your plan may be part of another) • Promotes complementary goals • Reduces fragmentation • Ensures common focus • Work out MOUs/MOAs (legal review) 1/14/2014
Linkages to promote integration • Conduct gap analysis to determine shortfalls • Convert needs to capabilities (need 72 hours of power  mobile generators with fuel) • Understand the missions of public-private partners (law enforcement, contractors) • Developing crosswalk of plan components with partner plans to improve integration • Identify all appropriate stakeholders 1/14/2014
CONCLUSION 1/14/2014
Planning for the cyber incident • Understand that the cyber event plan is part of a broader integrated approach to emergency management • Pre-response planning with partners can greatly reduce impact (ounce of prevention) of the event • Strive to ensure your cyber plan is integrated into the total response 1/14/2014
About the author: An Air Force veteran, Dave Sweigert acquired significant security engineering experience with military and defense contractors before earning two Masters’ degrees (Project Management and Information Security). He holds the Certified Information Security Systems Professional (CISSP), Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) certifications. Mr. Sweigert has over twenty years experience in information assurance, risk management, governance frameworks and litigation support. 1/14/2014

More Related Content

Integration of Cyber Events into Emergency Planning

  • 1. Weaving cyber events into emergency management plans Dave Sweigert, CISSP, CISA, PMP January, 2014 1/14/2014
  • 2. Intended audience • Cyber security personnel working with emergency planners, Crisis Management Teams (CMT), Emergency Operation Plan developers and business continuity planners relying on current best practices 1/14/2014
  • 3. Objective • Assist cyber practitioners in leveraging techniques to integrate cyber specific plans into larger basic plans • Provide background in best practice planning processes • Foster inter-disciplinary dialogue in the emergency planning domain 1/14/2014
  • 5. Different plans for different objectives • Strategic, Operational, Tactical Plans i. Strategic – goals and objectives set by senior leadership ii. Ops – roles and responsibilities, integrated with partners (state, regional, local, contractors, utilities) iii. Tactical – personnel, equipment, resources (standard operating procedures (SOP)) 1/14/2014
  • 6. Planning backdrop • Comprehensive Preparedness Guide (CPG) 101, Developing and Maintaining Emergency Operations Plans as a guide • Three types of threats: natural, adversarial, technology (cyber) • FEMA’s Emergency Support Function # 2 addresses cyber security (drafting ESF #18 Cyber) 1/14/2014
  • 7. Plans that support and supplement the comprehensive basic plan • • • • • • Administrative Plans Preparedness Plans Continuity Plans Recovery Plans Mitigation Plans Prevention and Protection Plans 1/14/2014
  • 8. Terms: CIKR, COOP , COG & DRP Critical Infrastructure/Key Resources (CIKR) Continuity of Operations (COOP) Continuity of Government (COG) Disaster Recovery Planning (DRP) (I.T. specific recovery) • DRP defines knowledge, skills and abilities of technical personnel • DRP defines specific guidelines to carryout specific functions • • • • 1/14/2014
  • 9. Other plans orbiting the basic plan • Organizational/agency specific plans (planning can be to department level) • Business Continuity (memorandums of understanding/agreement (MOU/A)) • Business Safety plans (OSHA) • Hazard Mitigation (identified major threats, union strikes, terrorism) • Home Safety Plans for essential personnel (develop family preparedness mindset) 1/14/2014
  • 10. Emergency Operations Plans (EOPs) • Potential integration with National Incident Management System (NIMS) and National Response Framework (NRF) • Describes how incidents are handled • Base plan (organization-wide) with hazard specific annexes (cyber specific) • Information sharing between private-public partners 1/14/2014
  • 11. EOPs: • Identification of response and recovery actions, agencies, key resources • Direction, control, sequence of events • Specific communications procedures • Identify triggers and processes to activate personnel, resources, partners • Times, periods, anticipation of needs • Appendix (support material) • Annex (threat / capability specific) 1/14/2014
  • 13. The Planning table • Identify community partners (law enforcement, utilities, colleges) • Build relationship (cross-functional) • Identify resources (needed capabilities) • Know the processes needed and specialized procedures to acquire timely resources (pre-existing vendor agreements) 1/14/2014
  • 14. Planning process issues • Get the right folks at the table • Walk thru your organizational structure • Develop common vocabulary (avoid use of career specific jargon and buzz words) • Incentivizing participants: developing a “hook” to retain participants • Develop team around a planning scenario common to all participants (72 hour power black-out) 1/14/2014
  • 15. Best practices • • • • • • • • Project objective (create living document) Core planning team (stakeholders) Project schedule (tasks, durations) Plan development (templates) Plan preparation and review Plan vetting and commentary Final draft reviewed in workshop Approval 1/14/2014
  • 16. Project Management issues • Need buy-in from top management (compliance issues HIPAA, SOX, PCI) • Scope statement (catalyst) • Define clear objectives • Project manager’s role defined • Scope creep (focus on a functional plan) 1/14/2014
  • 17. Planning Characteristics • Reduction of unknowns • Continual process (living document) • Appropriate actions based on what is likely to happen based on facts, typical behavior, capabilities • Training, education, exercises • Testing the plans, revise and improve 1/14/2014
  • 19. Integrated Emergency Planning • Horizontal integration: developing partnerships across your organization • Synchronization and integration of plans (your plan may be part of another) • Promotes complementary goals • Reduces fragmentation • Ensures common focus • Work out MOUs/MOAs (legal review) 1/14/2014
  • 20. Linkages to promote integration • Conduct gap analysis to determine shortfalls • Convert needs to capabilities (need 72 hours of power  mobile generators with fuel) • Understand the missions of public-private partners (law enforcement, contractors) • Developing crosswalk of plan components with partner plans to improve integration • Identify all appropriate stakeholders 1/14/2014
  • 22. Planning for the cyber incident • Understand that the cyber event plan is part of a broader integrated approach to emergency management • Pre-response planning with partners can greatly reduce impact (ounce of prevention) of the event • Strive to ensure your cyber plan is integrated into the total response 1/14/2014
  • 23. About the author: An Air Force veteran, Dave Sweigert acquired significant security engineering experience with military and defense contractors before earning two Masters’ degrees (Project Management and Information Security). He holds the Certified Information Security Systems Professional (CISSP), Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) certifications. Mr. Sweigert has over twenty years experience in information assurance, risk management, governance frameworks and litigation support. 1/14/2014