Local Jurisdictions Guide to Cybersecurity Strategy

Transcription

1 Local Jurisdictions Guide to Cybersecurity Strategy Local Jurisdictions Guide for Cybersecurity i

2 Table of Contents Step 1: Identify Work Group Members Step 2: Form Cybersecurity Working Group Step 3: Conduct Work Group Meetings Step 4: Launch Media Campaign Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event & Common Scenario Step 7: Finalize Cybersecurity Strategy Local Jurisdictions Guide for Cybersecurity i

3 Welcome letter from the Central Ohio Cybersecurity Working Group Co Chairs Dear emergency management professional, We are proud to present this guide for you to use in helping your community s businesses, government agencies, institutions and families manage the risks associated with the increasing cybersecurity threats to our interconnected infrastructure. The Central Ohio Cybersecurity Working Group developed a cybersecurity strategy over the course of a six month effort involving more than 40 participants from across the region. We had the privilege of chairing this group through a series of meetings and discussions. We thank Ohio EMA for providing State Homeland Security Grant funding to support this initiative. The group took several major steps toward assuring that our region s cyber infrastructure is resilient. The group s tangible achievements include defining a mission and core objectives, analyzing cybersecurity best practices already in place, reviewing cyber incidents that have occurred and determining a way to partner and promote cybersecurity awareness with public and private stakeholders. The group s greatest achievement was the establishment of trusted communication paths. between the public and private sectors to enable collaboration and information sharing as the process moves forward. We have summarized our efforts as part of this guide to assist you in replicating this process in your own communities. Our information systems which sustain everything from our financial institutions to the electric grid are exposed to a growing threat from natural disasters, terrorists, organized crime and foreign governments. We hope you find this document useful as you help guard your community against these current and emerging challenges of operating in a secure and trusted cyberspace. Ms. Paula Brooks Franklin County Commissioner Mr. Zach Klein City of Columbus Council Member Mr. Jack Partridge Chief Policy Officer, NiSource Local Jurisdictions Guide for Cybersecurity ii

4 Introduction The threat against cyberspace is rapidly increasing in both scale and diversity. Cyber criminals, terrorists, and nation states are showing increased interest in attacking and exploiting our nation s critical infrastructure, intellectual property, and healthcare system. It is imperative that the public and private sectors work together to develop a plan of action to combat this growing epidemic. The process to establish a working group comprised of key public and private sector partners to develop a strategy is broken down into a seven (7) step process. The end product of the working group will be the development of a strategy document that will guide future efforts to increase cybersecurity preparedness in your community. Franklin County Emergency Management and Homeland Security (FCEM&HS) completed this process with the support and engagement of key members of both the private sector and public sector. Cyber preparedness is not simply a government problem or private industry problem, but is the definition of a whole community problem. Steps need to be taken now to ensure that when a cyber event takes place, the relationships have been built and matured. over the years. The development of this guide, along with the Central Ohio Cybersecurity Strategy, Overview and Tri-Fold brochure for First Responders is a direct result of the detailed planning that took place during 2011 and 2012 during the Integrated Risk Management (IRM) project. At the conclusion of the IRM project, it was determined that a gap existed in cybersecurity regarding public and private sector partnerships. This project has mitigated that gap and has set the foundation for continued dialogue, planning, training and exercises. This guide has been developed to provide a starting point for the other 78 counties outside of the Columbus Metropolitan Statistical Area. Using the tools found in this document as well as accompanying planning CD will provide any jurisdiction regardless of population or private sector presence with an appropriate starting point for the important discussion of cybersecurity preparedness. Local Jurisdictions Guide for Cybersecurity iii

5 Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 4: Launch Media Campaign Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy Step 1: Identify Work Group Members Purpose: A key component to successful cybersecurity preparedness is the complete integration of public and private sector stakeholders. Ensuring that the appropriate private sector stakeholders are engaged in the work group process is vital to the overall success of your planning efforts. Additionally, the identification of working group chairs should be conducted during this phase. During the establishment of the Central Ohio Cybersecurity Work Group, two public and one private sector representatives were asked to co-chair the work group. Additional, appropriate workgroup partners can come from any industry, including but not limited to: Large Area businesses Institutions of Higher Education Key Local Government Agencies Key State Government Agencies Key Federal Government Agencies Other Critical Infrastructure owners Process: 1. Prepare a list of key public sector stakeholders within your community that should have a role in cybersecurity preparedness. 2. Prepare a list of key private sector stakeholder within your community that should have a role in cybersecurity preparedness. 3. Develop talking points, using the Cybersecurity Talking Points tool found on the Cybersecurity CD as a starting point. 4. Contact potential Workgroup members and invite them to participate in the initial meeting, follow up that phone call with a Save the Date document, using the Cybersecurity Save the Date tool as a starting point. 5. Open the online registration portal (if available) using the Registration portal screen shot as a starting point. 6. Continue through Steps 2-7 of the Cybersecurity process. Supporting Documents (found on Cybersecurity CD): 1. Cybersecurity Talking Points 2. Save the Date 3. Registration portal screen shot Local Jurisdictions Guide for Cybersecurity 1-1

6 Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 1: Identify Work Group Members Support Documents Step 4: Launch Media Campaign Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy 1-2

7 CYBER TALKING POINTS Partnerships: Collaboration, trust, and mutual support Cybersecurity is truly a shared responsibility amongst public and private sectors and private citizens; it is essential to build a coalition with multiple stakeholders. The opportunity in bringing stakeholders together is to leverage and share resources and ultimately create more success for all. Initiative Justification: While for the most part cybersecurity has been the purview of the Federal Government and large enterprise, we need to build efforts at local level that embrace the cybersecurity challenges, tap local resources and create public private partnerships for education and awareness, critical infrastructure and key resource protection, securing and protecting small and medium sized businesses, and help communities protect their citizens from cyber-attacks and cybercrime. A major cyber incident, while possibly national, regional, or industry specific in nature, citizens will most likely look to their local responders and resources much in the same way they would during a major weather event or other disaster. In short, local communities need to be prepared. Win-Win: We believe that communities that embrace cybersecurity awareness and education for their citizenry, develop a strong cyber-consciences workforce, take steps to protect critical infrastructure and key resources from attacks, and foster cyber innovation, can make themselves more attractive to employers and businesses and strengthen the local economy. Smart cybersecurity practices have positive implications for our economy, our communities, our competitiveness and your business. What we hope to gain through the workgroup: Addressing cybersecurity at the community level requires a holistic, broad based approach. Leadership, engagement of all community stakeholders, a shared vision along with goals and objectives for improved preparedness. Bring together public and private entities on cybersecurity risk management within our communities. What this initiative is NOT: Replicating or replacing current efforts or concurrent cyber security initiatives. R 1-3

8 Insert County County Emergency Management Cyber Security Initiative Save the Date Primary Date: Location: Insert County County Emergency Agency invites you and/or your appropriate representative to attend the inaugural meeting of the Insert County County Cybersecurity Work Group. The purpose of this workgroup is to begin the dialogue between key private and public sector stakeholders of Insert County County. The risk of cyber-attacks is ever increasing and requires strong partnerships between private industry, local government and state government. Through this working group, we will begin chart the course for the development of a Insert County County Cybersecurity Strategy. This strategy document will not be an operational plan, but rather a guidance document for future preparedness, planning and response efforts as it relates to cybersecurity. If you have any questions regarding this effort, please do not hesitate to contact our office. We look forward to your involvement and engaged participation in this very important process. In order to ensure proper meeting materials are provided, please take a few seconds to register for this meeting. Please confirm your attendance by Clicking Here (The Click Here link can take attendees to a website or simply populate an ) 1-4

9 Registration Portal Screen Shot Local Jurisdictions Guide to Cybersecurity Step 1: Identify Work Group Members 1-5

10 Step 2: Form Cybersecurity Working Group Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Purpose: The purpose of this step is to ensure persistence with regards to the recruitment of appropriate, identified working group members. To ensure an adequate representative of both public and private sector partners attend the initial and subsequent working group meetings, attention detail and persistence will be required. Process: Step 3: Conduct Work Group Meetings Step 4: Launch Media Campaign 1. Provide confirmed attendees with an advanced copy of the meeting agenda, using the Cybersecurity Working Group Agenda as a starting point. 2. Using meeting materials developed in Step 3: Conduct Workgroup Meetings, building participant binders that will be returned at the end of each meeting and updated with new materials. 3. Develop an ongoing list of stakeholder contact information for easy use during invitations to future workgroup meetings. Supporting Documents (found on Cybersecurity CD): 1. Cybersecurity Working Group Agenda Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy Local Jurisdictions Guide for Cybersecurity 2-1

11 Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 4: Launch Media Campaign Step 2: Form Cybersecurity Working Group Support Documents Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy 2-2

12 Central Ohio Cybersecurity Initiative Work Group Meeting January 28, :30 3:00pm Agenda 1. Welcome and Introductions of Participants (1:30 1:45) Director Michael R. Pannell, FCEM&HS 2. Facilitated Discussion by Work Group to Finalize Mission/Vision/Goals (1:45 2:30) Mr. Paul Troncone, ARMADA Ltd. 3. Adoption of Mission, Vision & Goals Discussion: (2:30 2:35) Central Ohio Cybersecurity Initiative Work Group 4. Introduction and Overview of InfraGard (2:35 2:45) Mr. Clifford Collins, Franklin University & InfraGard 5. Current Events in Cyber Security (2:45 2:55) Mr. Paul Troncone, ARMADA Ltd. 6. Next Steps / Closing Comments (2:55 3:00) Director Michael R. Pannell, FCEM&HS NEXT MEETING(S): What When Where Who Workgroup Mtg. #3 February 27 1:30p FCEM&HS Workgroup Attendees Workgroup Mtg. #4 March 24 1:30p FCEM&HS Workgroup Attendees Workgroup Mtg. #5 April 21 1:30p FCEM&HS Workgroup Attendees ACTION ITEMS Item Assigned To Follow-Up Date 2-3

13 Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 4: Launch Media Campaign Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy Step 3: Conduct Work Group Meetings Purpose: The purpose of this step is to provide the reader with an understanding of how to structure the initial and future work group meetings. Each meeting of the Central Ohio Cybersecurity work group had two distinct missions. The first mission was to conduct working sessions with group members to develop vision and mission statements as well as goals and objectives for the work group. In between meetings, interactions between work group leadership and membership took place to update the draft vision, mission, goals and objectives. These drafts were then presented to the entire workgroup for discussion and comment. The second mission of work group meetings is to provide area best practices that can be implemented into other private and public sector partners operations. A sample of a work group member presentation has been provided on the Cybersecurity CD. Process: 1. Once the Workgroup has been identified develop the meeting agenda with appropriate topics. Use the Cybersecurity Work Group Agenda template as a starting point. 2. Using pre-registration reports, develop a sign in sheet, with as much prepopulated information as possible. Use the Cybersecurity Work Group Sign-In Sheet template as a starting point. 3. Confirm work group member speaker and ensure their presentation materials are included in the participant binders created in Step 2: Form Working Group. A sample work group member presentation has been provided on the Cybersecurity CD title Cybersecurity Work Group Best Practice. 4. Develop meeting recap and distribute to work group members within 7 days of the meeting. Include any necessary action items, due dates and a schedule of future meetings. Use the Cybersecurity Work Group Recap template as a starting point. 5. Develop meeting recap for inclusion into web production. Use the Cybersecurity Work Group Website Recap template (Microsoft Publisher) as a starting point. Supporting Documents (found on Cybersecurity CD): Cybersecurity Work Group Agenda Cybersecurity Work Group Sign-In Sheet Cybersecurity Work Group Best Practice Presentation Sample Cybersecurity Work Group Recap Cybersecurity Work Group Website Recap Local Jurisdictions Guide for Cybersecurity 3-1

14 Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 4: Launch Media Campaign Step 3: Conduct Work Group Meetings Support Documents Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy 3-2

15 Central Ohio Cybersecurity Initiative Work Group Meeting January 28, :30 3:00pm Agenda 1. Welcome and Introductions of Participants (1:30 1:45) Director Michael R. Pannell, FCEM&HS 2. Facilitated Discussion by Work Group to Finalize Mission/Vision/Goals (1:45 2:30) Mr. Paul Troncone, ARMADA Ltd. 3. Adoption of Mission, Vision & Goals Discussion: (2:30 2:35) Central Ohio Cybersecurity Initiative Work Group 4. Introduction and Overview of InfraGard (2:35 2:45) Mr. Clifford Collins, Franklin University & InfraGard 5. Current Events in Cyber Security (2:45 2:55) Mr. Paul Troncone, ARMADA Ltd. 6. Next Steps / Closing Comments (2:55 3:00) Director Michael R. Pannell, FCEM&HS NEXT MEETING(S): What When Where Who Workgroup Mtg. #3 February 27 1:30p FCEM&HS Workgroup Attendees Workgroup Mtg. #4 March 24 1:30p FCEM&HS Workgroup Attendees Workgroup Mtg. #5 April 21 1:30p FCEM&HS Workgroup Attendees ACTION ITEMS Item Assigned To Follow-Up Date 3-3

16 Last Name: First Name: Company/Organization: Job Title: Initial: Central Ohio Cybersecurity Workgroup #2 January 28,

17 NiSource Cybersecurity Awareness Central Ohio Cybersecurity Initiative Kimberly Jones, IT Security February 27, 2015 NiSource Organization As one of America s premier regulated energy providers, the services we provide are vital to millions of residential consumers, businesses and industries across 16 states who depend on reliable, affordable energy as a fundamental building block of economic vitality and growth 9,000 employees and contractors Safety is a core value 6 Why Cybersecurity Awareness Campaign? Finding: The biggest vulnerability lies with end users NiSource phishing results show that users do not recognize attempts to obtain company info via s or phone calls Challenge: Make users understand that they are risk and that their actions put the company at risk Objective: Develop and implement an awareness program to educate NiSource employees and contractors about the personal power they have to keep themselves and NiSource safe from cybersecurity threats, at work and at home Empower employees and contractors to proactively recognize, prevent and report security incidents 7 3-5

18 NiSource weaves security across all management levels Governance is primarily a function of the Core Team, but a result of all of the organizational bodies working together Information flows up from the working group. Authority and approval flows down Cybersecurity Subcommittee (CEOs, CIO, CLO) Sponsorship/ Budget Cybersecurity Core Team BU Ops Leaders,, IT Security Officer, Safety Officer, NERC CIP Officer, Legal Approvals/ Guidance Cybersecurity Working Group (Security team members, communication, legal) Information/ Reports/Metric 8 Cybersecurity awareness is a shared responsibility Everyone has a stake in cybersecurity and everyone has a role to play in keeping our networks safe - Secretary Napolitano NiSource s has a layered defense and depth strategy Policies and Standards Internal Defenses and Cyber Tools System Access and Strong Passwords Incident and Investigation However, we know that the biggest vulnerability lies with end users 9 Steps we took to implement the campaign 1. Assessed current knowledge and awareness of employees and contractors Awareness survey Phishing exercise 2. Developed topics for campaign based on Business Impact (seriousness of consequences) Frequency (how often specific incidents actually occur?) Detection (visibility to vulnerabilities) Risk 3. Created modules on the top 5 topics: Remote and Mobile Access Passwords and User IDs Safe Behavior Online Security/Identifying a Phishing Data Security Be suspicious. Think before you click. 4. Selected training modules (LMS) to accompany content Does the level of information fit our audience s awareness? Is the format engaging? Are the lessons easy to understand? Cost? Can we customize? Can we repurpose the content?

19 2014 Campaign highlights In March, an initial survey was conducted to gauge employee awareness, aptitude and interest and a second survey in December helped assess progress 4 informational events were held at major locations to heighten awareness and interest 13 MySource articles were published to educate employees 16 LMS training courses were made available for employees to increase education. Two training courses were identified as critical and assigned to employees and contractors and required by the end of 2014 A dedicated mailbox was created to answer cyber specific questions and concerns A cybersecurity working group was formed 11 Road shows Informational tips and tricks Material for users to share with family members. 12 And the branding continues

20 How we are measuring the campaign? Required training 95% completion rate for employees Phishing Detection using Phishme tool quarterly Awareness Survey pre and post campaign, and ongoing Significant increase in incidents reported to security hotline Number of questions posted to box, requests for presentations at staff meetings General increased awareness of the user base 14 Lessons Learned The message needs to be ongoing, not just a 6 month campaign Spread the frequency of messages out; running weekly messages becomes noise and the user stops paying attention Use personal stories from employees Leverage materials from national orgs (like Dept of Homeland Security (Stop.Think.Connect) and National Cybersecurity Alliance (Stay Safe Online) and SANS tip of the day Select training modules that are short and to the point Make the training mandatory 15 Appendix

21 2015 Training Modules Available Modules o You Are The Target o Social Engineering o Browsing o Protecting Your Personal Computer o Protecting Your Home Network o Social Networking o WiFi Security o Passwords o o o o o o o o Protecting Your Kids Online Working Remotely Data Security & Messaging Data Destruction Mobile Device Security Hacked Encryption 95% completion rate on 2 required courses in Q Red modules are required 17 Communication Tactics: Introductory to managers Manager Reference Guides Intranet feature articles Information Days (trade show like events in each of the larger buildings) Giveaways (mousepad), relevant literature Online security mailbox Training videos MySource Security and Online Safety technology site Video from CIO

22 Central Ohio Cybersecurity Initiative Work Group Meeting January 28, :30 3:00pm Recap 1. Welcome and Introductions of Participants (1:30 1:45) Director Michael R. Pannell, FCEM&HS Director Pannell welcomed participants and provided a high level overview of the meeting. Commissioner Brooks welcomed attendees on behalf of the Working Group Chairs. 2. Facilitated Discussion by Work Group to Finalize Mission/Vision/Goals (1:45 2:30) Mr. Paul Troncone, ARMADA Ltd. A significant portion of the meeting was dedicated to the facilitated discussion surrounding the Mission, Vision and Goals of this workgroup. The workgroup provided copious amounts of information that will be processed, implemented into Draft 2 of the Mission/Vision/Goals and Objectives and sent out to the workgroup, with a 5 day comment period for feedback. During the course of the February workgroup meeting, the Mission/Vision/Goals & Objectives will be finalized and adopted for inclusion into the Central Region Strategy. Some discussion highlights that either need to be remembered as we move through this project or further discussion is required: Defining Large Scale Cyber-attack (will be defined at February workgroup meeting) FCEM&HS primary mission is to coordinate communication, facilitate resources, develop a 24 hour common operating picture and situational awareness for the Incident Commander on the ground as they do for all other incidents and hazards in Franklin County. The recently completed NIST National Cyber Security Framework should serve as a valuable tool in the furtherance of this group and any work product 3. Adoption of Mission, Vision & Goals Discussion: (2:30 2:35) Central Ohio Cybersecurity Initiative Work Group 4. Introduction and Overview of InfraGard (2:35 2:45) Mr. Clifford Collins, Franklin University & InfraGard Mr. Clifford Collins, President of the Central Ohio Chapter of InfraGard provided an educational overview of InfraGard and the various resources that are available to InfraGard members. 3-10

23 5. Current Events in Cyber Security (2:45 2:55) Mr. Paul Troncone, ARMADA Ltd. The meeting concluded with Mr. Paul Troncone offering current events related to Cyber security. The events included: Sony Hack North Korea s Internet shut down CENTCOM s Twitter Hacking New approach to ATM fraud 6. Next Steps / Closing Comments (2:55 3:00) Director Michael R. Pannell, FCEM&HS Closing comments surrounded the importance of the February meeting as we will be delving into reviewing the draft Cybersecurity Strategy for the Central Ohio Region. The draft strategy will be sent out to meeting registrants at least one week before the February meeting. NEXT MEETING(S): What When Workgroup Mtg. #3 February 1:30p Where FCEM&HS Who Workgroup Attendees Workgroup Mtg. #4 March 1:30p FCEM&HS Workgroup Attendees Workgroup Mtg. #5 April 1:30p FCEM&HS Workgroup Attendees ACTION ITEMS Item Update the Mission, Vision and Goals document and send it out to the Workgroup members Provide feedback on Draft 2 of the Mission, Vision and Goals document Provide Draft Central Region Strategy to Meeting 3 registrants Assigned To Follow-Up Date ARMADA 2/12/15 Work Group Membership 2/20/15 ARMADA 2/20/

24 Information Technology Solutions Central Ohio Cybersecurity Initiative Work Group Meeting 2 - Summary It is essential for the business community and public sector to forge relationships that protect all of our interests. Our businesses and public institutions are fundamentally connected in our communities and a cyber-threat to one of us is a threat to all of us - Jack Partridge, President of Columbia Gas of Ohio. The second work group meeting of the Central Ohio Cybersecurity Initiative was held on January 28, 2015 at FCEM&HS. Approximately 25 participants from local, state and federal government as well as business leaders from higher education, utility and financial industries discussed the importance of a public/private partnership to increase regional preparedness. Developing this initiative at the local level will enable both the public and private sectors to strengthen the Homeland Security Enterprise and build efforts to protect the whole community. - Michael R. Pannell Director Franklin County Emergency Management & Homeland Security. FCEM&HS 5300 Strawberry Farms Blvd Columbus, Ohio On the Web: Follow us on Like us on Facebook: www/ facebook.com/fcemhs The meeting featured important discussion surrounding the: Review and comment by workgroup stakeholders surrounding the development of a Vision, Mission, Goals and Objectives to help guide the workgroup and the development of the Central Ohio Region Cybersecurity Strategy Process to define a Large Scale cybersecurity Attack. The importance of implementing best practices from Federal guidance, such as the recently completed National Cybersecurity Framework The role of InfraGard in cybersecurity preparedness across the nation During the next meeting, the work group will be charged with finalizing the vision, mission, goals and objectives as well as beginning the process to defining a large scale cyber attack. 3-12

25 Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 4: Launch Media Campaign Step 5: Develop Vision, Mission, Goals & Objectives Step 4: Launch Media Campaign Purpose: Cybersecurity is consistently in the news. Engaging your local media and providing details and work product for publication will ensure continued support for the cybersecurity effort and show a proactive status taken by the county to address the ever growing concern related to cybersecurity. Process: 1. Draft language that can be used by the Work Group Chair(s) to develop an op-ed suitable to publication in multiple formats (print / web). Use Partridge Op-Ed as a starting point. 2. Using local career centers or institutions of higher education, produce a public service announcement to encourage citizens to take steps to prevent cyber-crime. Use PSA Script and PSA Final as a starting point. 3. The use of social media to distribute cybersecurity news and important tips is a key component of engaging the citizens in cybersecurity preparedness. Maintaining consistent message via available social media outlets will maintain momentum of the working group. Use Social Media Posts as a starting point. 4. Finally, to ensure entities that are not able to attend every working group meeting has an avenue to review materials, consider developing a cybersecurity focused webpage that is part of your County s site. See FCEM&HS Cyber Portal website for examples. Supporting Documents (found on Cybersecurity CD): Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy Local Jurisdictions Guide for Cybersecurity Partridge Op-Ed PSA Script PSA Final Social Media Posts FCEM&HS Cyber Portal Interview with Local Media (WBNS 10TV Clip CD Only) 4-1

26 Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 4: Launch Media Campaign Support Documents Step 4: Launch Media Campaign Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy 4-2

27 Op-Ed published in Columbus Dispatch & Columbus Business First Strengthening our Cybersecurity by Jack Partridge, CEO Columbia Gas of Ohio As Central Ohioans, we know we must constantly prepare for natural disasters such as storms and floods. Our government in Franklin County, law enforcement, educational and private institutions have developed and regularly exercise our plans for dealing with both natural and man-made incidents including acts of terrorism. We re now in the midst of building a strong network to assure that we provide the same levels of preparedness and protection against cyber threats that could damage or destroy the vast amounts of personal and financial information stored in our homes as well as in our commercial, financial, educational and medical institutions. According to Franklin County Emergency Management and Homeland Security (FCEM&HS) Cyberterrorism is one of the top five risks facing Franklin County. An intrusion into the computer systems controlling utilities, financial information, emergency response and the healthcare industry could result in a massive loss of vital services for much of central Ohio and neighboring states for a prolonged period. FCEM&HS has taken the initiative to bring together key stakeholders from both private and public sectors to increase regional preparedness against such cyber threats. I, along with Franklin County Commissioner Paula Brooks and Columbus City Council member Zach Klein, co-chair this Central Ohio Cybersecurity Work Group. When we first met in October, more than 60 participants from local, state and federal government, as well as business leaders from higher education, utility and financial industries discussed the importance of increasing our regional preparedness. We will gather again later this month to continue this discussion. By spring, we plan to have a template for our partners to use in long range planning for cyber preparedness. The working group is exploring simple basic questions such as what current capabilities are available for response to a cyber event? How should public agencies and private businesses measure their performance in combatting intrusions to their cyber systems? What is the best way to educate employees and citizens to recognize a cyber intrusion? and how can the work group members gain a better understanding of how our information systems interconnect? During our first meeting it was obvious we also must balance the legal requirements to protect personal information with the public need to share ways to protect the information. By developing an understanding of best practices and using the expertise available to us, we can help plan for and respond to significant cyber events in order to limit their impact on the region. Local Jurisdictions Guide to Cyber Security Step 4: Launch Media Campaign 4-3

28 Cybersecurity involves the whole community. While recent cyber attacks have targeted large international corporations and the federal government has generally taken the lead in responding to them, our group believes we must build safeguards at the local level as well. These local efforts must embrace our unique cybersecurity challenges, tap local resources for education and awareness, protect our critical infrastructure, key resources and businesses and help communities safeguard our citizens and customers from cyber attacks. As a Co-Chair of the Central Ohio Cybersecurity Initiative Workgroup, we thank FCEM&HS for taking the lead on this important issue. You can learn more about our effort and keep track of what the Cybersecurity Work Group is doing at Franklin County Emergency Management and Homeland Security website at It is essential for the business community and public sector to forge relationships that protect all of our interests. Our businesses and public institutions are fundamentally connected in our communities and a cyber threat to one of us is a threat to all of us Jack Partridge is President of Columbia Gas of Ohio. 4-4

29 30 Second PSA Script PSA SCRIPT :30 We constantly prepare for disasters: floods, storms, fire and tornadoes. But do you, your family or your business have a plan to deal with a disaster or attack on the valuable information in your computers - your cyber-information? A cybersecurity event is one of the top five risks we face here in central Ohio. Some simple things you can do: Protect your identity. Check your credit score at least once a year. Don t make it easy for hackers. Use unique passwords for each of your online accounts. And don t get left empty-handed. Back up your files. For more information on preparedness for cybersecurity, visit the website you see on your screen. Local Jurisdictions Guide to Cyber Security Step 4: Launch Media Campaign 4-5

30 Final PSA Product PSA Final Product: To view the PSA final product, please visit: Local Jurisdictions Guide to Cyber Security Step 4: Launch Media Campaign 4-6

31 Franklin County Emergency Management & Homeland Security Cybersecurity Tweets 4-7

32 Thursday, April 30, 2015 Search... Search Español Русская Soomaali Home Grants Training Exercises Operations Warning Planning Resources Recovery Citizen Preparedness News & Media Planning Planning Links Planning Home Emergency Operations Plan Franklin County Risk Assessment Natural Hazards Mitigation Plan Hazardous Materials Continuity of Operations/Continuity of Government (COOP/COG) Integrated Risk Management Planning Login Cybersecurity Initiative Point of Contact Jamie Stout Manager Planning/Recovery Central Ohio Cybersecurity Initiative Franklin County Emergency Management and Homeland Security (FCEM&HS) is serving as the lead agency for the development of a regional public/private sector Cybersecurity Work Group. The work group will consist of decision makers from the public and private sectors throughout Central Ohio and provide an additional benefit for Franklin County as it will strengthen coordination and cooperation. According to the largest online daily news publication Homeland Security Newswire (August 2014) Cyberattacks loom as an increasingly dire threat to privacy, national security, and the global economy, and the best way to blunt their impact may be a public private partnership between government and business. The time to act is now, however, rather than in the wake of a crisis, says an expert in law and technology. According to Jay Kesan Law Professor at University of Illinois Information sharing framework is necessary to combat cybersecurity threats. What is Cyberterrorism? Cyberterrorism uses various means to exploit system vulnerabilities in compromising a particular computer, a software application, an IT network, or military and critical infrastructure command and control systems. Individuals or groups may intentionally target a specific cyber asset or indiscriminately attack a broad range of assets using a virus, worm, or malware distributed over the Internet What is Cybersecurity? Cybersecurity is measures taken to protect information systems and data against unauthorized access or an attack against information systems which sustain modern society. Financial institutions, manufacturing, utilities, healthcare, research & development, transportation, critical infrastructure and emergency response and homeland security agencies are some public and private organizations vulnerable to cyber threats. Why is Cybersecurity Collaboration Important for Central Ohio? Cybersecurity involves the Homeland Security Enterprise (HSE), the whole community. It is a shared responsibility amongst the public and private sectors involving partnerships encompassing emergency management, law enforcement, public health, local/state/federal government, private sector, nongovernmental organizations, faith based & communitybased organizations, and the public. Improving cybersecurity and ensuring the resilience of systems will require cooperation between members of the private sector and the government. Although Cybersecurity has been the purview of the Federal Government and large corporations, we must build efforts at the local level which embrace the cybersecurity challenges, tap local resources for education and awareness, protect critical infrastructure, key resources and businesses as well as help communities safeguard their citizens from cyber attacks. Additional Cybersecurity Resources FCEM&HS Cybersecurity Initiative Press Release FCEM&HS Cybersecurity Fact Sheet Cybersecurity Resources for the General Public Cybersecurity Resources for Public and Private Organizations Home About Us Employment Contact Us Copyright Franklin County Emergency Management & Homeland Security Privacy Statement Terms Of Use Login 4-8

33 Step 5: Develop Vision, Mission, Goals & Objectives Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 4: Launch Media Campaign Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy Purpose: The development of a vision, mission, goals and objectives, designed and finalized with work group support is the key first step in establishing a long term workgroup. Through the course of the first 3 5 meetings, the development, vetting, updating and approval of the vision statement, mission statement along with goals and objectives should be an inclusive process. Upon final adoption of these statements, they will form the beginning sections of your County s cybersecurity strategy. Process: 1. Prior to work group meetings, provide attendees with advanced copies of the proposed vision statement, mission statement and goals and objectives. Use Draft Vision, Mission, Goals and Objectives as a starting point. 2. During work group meetings, include planning worksheets in the participant binders created in Step 2: Form Working Group for use in facilitating discussion aimed at adoption of a vision statement, mission statement, goals and objectives. Use respective Vision, Mission, Goals & Objectives Planning worksheet as a starting point 3. Provide a suitable timeframe for an open comment period so stakeholders can process the information and provided insightful and meaningful feedback. 4. Officially adopt work group vision statement, mission statement, goals & objectives. Use Final Vision, Mission, Goals and Objectives as a starting point. Supporting Documents (found on Cybersecurity CD): Draft Vision, Mission, Goals and Objectives Vision Statement Planning Worksheet Mission Statement Planning Worksheet Goals and Objectives Planning Worksheet Final Vision, Mission, Goals and Objectives Local Jurisdictions Guide for Cybersecurity 5-1

34 Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 5: Develop Vision, Mission, Goals & Objectives Support Documents Step 4: Launch Media Campaign Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy 5-2

35 Central Ohio Cybersecurity Initiative Work Group Vision, Mission, and Goals Working Draft January 28,

36 Proposed Vision, Mission, and Goals Vision To form a trusted public and private sector partnership to develop and exchange ideas and strategies to help the Central Ohio Region prepare for, respond to, and recover from large scale cyber incidents. Mission To ensure ongoing operations and resiliency in the face of large scale cyber attacks in order to protect municipalities in order to: XXXXXX Goals & Objectives Goal 1: Establish trusted communication paths between the public and private sectors to enable collaboration and information sharing on cybersecurity. Objective 1.a: Regularly share and discuss recent cyber events and activity amongst working group members. Goal 2: Leverage specialized knowledge, best practices and lessons learned to enhance the Central Ohio Region s ability to respond to large scale cyber incidents. Objective 2.a: Develop an overarching large scale cyber incident response strategy for the Central Ohio Region. Goal 3: Partner and promote cybersecurity awareness with public and private stakeholders. Objective 3.a: Raise awareness of cyber risk to the Central Ohio Region and associated preparedness measures. 5-4

37 Vision Worksheet To form a trusted public and private sector partnership, developing and exchanging ideas and strategies to help the Central Ohio Region prepare for, respond to, and recover from large scale cyber incidents. Likes Dislikes Notes 5-5

38 Mission Worksheet In the event of a large scale cyber-attack, FCEM&HS and its public and private sector partners, through continued collaboration, will augment and coordinate response capabilities amongst the sectors and emergency services in order to assist in recovery efforts and promote awareness, resiliency and preparedness in the Central Ohio Region. Likes Dislikes Notes 5-6

39 Goal 1 Worksheet Goal 1: Partner and promote cybersecurity awareness with public and private stakeholders. Objective 1.a: Raise awareness of cyber threat the Central Ohio Region and associated preparedness measures. Likes Dislikes Notes 5-7

40 Goal 2 Worksheet Goal 2: Leverage specialized knowledge, best practices and lessons learned to enhance the Central Ohio Region s ability to respond to large scale cyber incidents. Objective 2.a: Develop an overarching large scale cyber incident response strategy for the Central Ohio Region. Likes Dislikes Notes 5-8

41 Goal 3 Worksheet Goal 3: Establish trusted communication paths between the public and private sectors to enable collaboration and information sharing on cybersecurity. Objective 3.a: Regularly share and discuss recent cyber events and activity amongst working group members. Likes Dislikes Notes 5-9

42 Central Ohio Cybersecurity Initiative Work Group Vision, Mission, and Goals Final April 29,

43 Vision, Mission, and Goals Mission To protect the public and private interests of the Central Ohio Region by ensuring ongoing operations and resiliency in the face of large scale cyber incidents. Vision To form a trusted public and private sector collaborative partnership to assist the Central Ohio Region prepare for, respond to, and recover from large scale cyber incidents through the development and exchanging of ideas and strategies and coordination of activities. Goals & Objectives Goal 1: Establish trusted communication paths between the public and private sectors to enable collaboration and information sharing on cybersecurity. Objective 1.a: Through calendar year 2015, hold cyber security working group meetings at least quarterly. Objective 1.b: Compile and distribute a working group member directory including job title and contact information by March Objective 1.c: Exchange information on recent cyber attacks and events, threat intelligence, and members cyber capabilities and resources during working group meetings. Goal 2: Leverage specialized knowledge, best practices and lessons learned to enhance the Central Ohio Region s ability to respond to large scale cyber incidents. Objective 2.a: Develop a high-level large scale cyber incident response strategy for the Central Ohio Region by April Objective 2.b: Review existing cyber strategies such as the NIST Cybersecurity Framework and determine its applicability to the Central Ohio Region by June of Objective 2.c: Facilitate a cyber emergency exercise to test the high-level incident response strategy and gauge the Central Ohio Region resiliency to cyber attack by December Goal 3: Partner and promote cybersecurity awareness with public and private stakeholders. Objective 3.a: Raise awareness of cyber risk to the Central Ohio Region and associated preparedness measures by publishing at least 1 article, op-ed, or press release in local newspapers by March Objective 3.b: Continue to inform the public of the cybersecurity working group activities by soliciting media coverage of the April 2015 working group meeting. Objective 3.c: Publish cybersecurity awareness and preparedness information and links to the FCEM&HS website by April Objective 3.d: Develop a framework for creating a public and private sector cybersecurity working group to be shared with other counties, states, and districts by June

44 Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 4: Launch Media Campaign Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy Step 6: Define Cyber Event & Common Scenario Purpose: A struggle for every group tasked with cybersecurity preparedness is defining what constitutes a cyber event. Standard emergency management principle apply to this process, but unknowns remain. A key component of your working group will be the formulation of a realistic definition of what constitutes a cyber event for your jurisdiction. As with any planning project, having a common scenario to frame planning processes will benefit the entire group. Step 6 is focused on the defining a cyber event and establishing a common scenario for use in future planning, training and exercises within your County. Process: 1. Prior to the work group meeting, project leadership will draft a cyber event threshold that will be presented to full work group membership. 2. During work group meetings, membership will work in breakout sessions using Cybersecurity Threshold Planning worksheets as a guide to develop a realistic threshold for your community. 3. During the work group meetings, membership will use a common scenario in their planning processes to define a threshold for a cyber event. Use Northern Arizona Scenario as a starting point. 4. Provide a suitable timeframe for an open comment period so stakeholders can process the information and provided insightful and meaningful feedback. 5. During the next scheduled work group meeting, finalize the Cybersecurity threshold for inclusion into your strategy. Use Cybersecurity Threshold as a starting point. Supporting Documents (found on Cybersecurity CD): 1. Cybersecurity Threshold Planning Worksheets 2. Northern Arizona Scenario 3. Cybersecurity Threshold Local Jurisdictions Guide for Cybersecurity 6-1

45 Step 1: Identify Work Group Members Step 2: Form Cybersecurity Work Group Step 3: Conduct Work Group Meetings Step 6: Define Cyber Event & Common Scenario Support Documents Step 4: Launch Media Campaign Step 5: Develop Vision, Mission, Goals & Objectives Step 6: Define Cyber Event Step 7: Develop Cybersecurity Strategy 6-2

46 Cybersecurity Working Group Large Scale Cyber Event Incident Response Worksheet <April 29, 2015> 6-3

47 Goals 1. Define what large scale cyber event means to the Region. 2. Describe examples of large scale cyber events for each major sector. 3. Identify incident response participants in the event of a large scale cyber event. 4. Develop a high-level process for responding to large scale cyber events. 6-4

48 Large Scale Cyber Event Purpose To define a threshold for what constitutes a Large Scale Cyber Event. Cyber Event Impact Threshold The following chart is used to determine the impacts of a cyber event that qualify the event as large scale. Event Impact Loss of Revenue < $100K $100K $1M $1M - $5M $5M - $25M $25M - $100M $100M+ Loss of Cellular Service < 10% of Subscribers 10 25% of Subscribers 25 50% of Subscribers 50 75% of Subscribers 75%+ of Subscribers Loss of Landline Service < 10% of Subscribers 10 25% of Subscribers 25 50% of Subscribers 50 75% of Subscribers 75%+ of Subscribers Loss of Gas/Electric < 10% of Subscribers 10 25% of Subscribers 25 50% of Subscribers 50 75% of Subscribers 75%+ of Subscribers Loss of Internet Access < 10% of Subscribers 10 25% of Subscribers 25 50% of Subscribers 50 75% of Subscribers 75%+ of Subscribers Loss of Water < 10% of Subscribers 10 25% of Subscribers 25 50% of Subscribers 50 75% of Subscribers Meets Large Scale Cyber Event Threshold Does not Meet Large Scale Cyber Event Threshold 6-5

49 75%+ of Subscribers Loss of Sewage Processing < 10% of Subscribers 10 25% of Subscribers 25 50% of Subscribers 50 75% of Subscribers 75%+ of Subscribers Loss of Trash Collection < 10% of Subscribers 10 25% of Subscribers 25 50% of Subscribers 50 75% of Subscribers 75%+ of Subscribers Loss of 911 Services Injuries Loss of Life Other Large Scale Cyber Event Examples by Sector Sector Large Scale Cyber Event Example Non-Event Example Emergency Services Water and Sewage Gas and Electric Financial Healthcare Communication Transportation and Shipping 6-6

50 Other Other Definition of a Large Scale Cyber Event 6-7

51 Large Scale Cyber Event Incident Response Process Purpose: To develop a high-level process for the Region to respond to large scale cyber events. Incident Response Participants The following are possible incident response participants in the event of a large scale cyber event. 1. Cybersecurity Working Group 2. Local emergency management organization 3. State and Local Law Enforcement 4. Federal Bureau of Investigation (FBI) 5. Department of Homeland Security (DHS) 6. United States Computer Emergency Readiness Team (US-CERT) 7. Federal Energy Regulatory Commission (FERC) 8. Computer Incident Response Vendors 9. Financial Institutions 10. Citizens

52 Process - Scenario 1: Description: Prior to Event Who What During Event Who What After Event Who What 6-9

53 Process - Scenario 2: Description: Prior to Event Who What During Event Who What After Event Who What 6-10

54 Process - Scenario 3: Description: Prior to Event Who What During Event Who What After Event Who What 6-11

55 Northern Arizona Scenario OUTAGE Cut cable downs Internet service for northern Arizona FEBRUARY 26, :00 AM BY DAILY SUN STAFF AND THE ASSOCIATED PRESS Many people in Flagstaff and other parts of northern Arizona found themselves without Internet access and dropped cell phone calls after vandals cut a fiberoptic cable owned by CenturyLink around noon Wednesday. The company was able to get service back up around 6 p.m. The outage knocked Northern Arizona University s website offline, caused spotty cell phone coverage for a number of providers and caused phone problems for Flagstaff Police Department and businesses that take debit cards. CenturyLink spokesman Alex Juarez said all customers should be back online by 3 a.m. Thursday. He didn't have an estimate of how many were affected. Also affected were AT&T, Verizon and T Mobile cellphone customers. Suddenlink customers should not have been affected by the outage because the company has a different fiberoptic link, said Gene Regan, senior director of corporate communications for Suddenlink. Phoenix police said CenturyLink employees found that the fiberoptic cable in far north Phoenix had been completely cut through. The cable, which CenturyLink owns, is near a riverbed in an area that isn't accessible to vehicles. It carries signals for various cellphone, television and Internet providers that serve northern Arizona. According to Juarez, technicians from Monroe, Louisiana based CenturyLink had to go through a long, tedious process of inspecting the line "mile by mile." Meanwhile, Flagstaff's 69,000 residents tried to go about their daily business. Sgt. Margaret Bentzen said that 911 services for Flagstaff Police Department and the Coconino County Sheriff s Office were rerouted to the Arizona Department of Public Safety, which runs on a different system. At Whole Foods, Associate Store Team Leader Dennis D Andrea said, It s been an interesting day, our company intranet and Internet is down and with the credit cards we can process credit but we can't process debits. A worker at Maverick gas station said they were also having problems processing debit Local Jurisdictions Guide to Cybersecurity Step 6: Define Cyber Event 6-12