Community Cyber Security. Center for Infrastructure Assurance and Security

Community Cyber Security

Overview CIAS program Nevada implementation Get involved

Physical and Cyber Threats Intersect The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at once, in combination with a physical attack on our country. Attackers could also seek to disable or degrade critical military systems and communications networks The collective result of these kinds of attacks could be cyber Pearl Harbor : an attack that would cause physical destruction and loss of life, paralyze and shock the nation, and create a profound new sense of vulnerability. U.S. Secretary of Defense Leon Panetta October 11, 2012

Center for Infrastructure Assurance and Security Center at The University of Texas at San Antonio Small, agile and non-profit, founded in 2001 Focus areas Cyber Security Training Cyber Defense Competition Program Infrastructure Assurance Programs Resources Primarily grant funded (DHS, DoD) Others as requested UTSA is a NSA / DHS National Center of Academic Excellence in Information Assurance Education

Completed as of September 2012 Camp Murray, WA Vancouver, WA Sacramento, CA San Francisco, CA (IT ISAC) Palo Alto, CA Saratoga, CA Las Vegas, NV Fresno, CA Los Angeles, CA Santa Ana, CA Costa Mesa, CA Completed Training and Exercises Reno, NV Honolulu, HI Great Falls, MT Helena, MT El Paso, TX Community and State Exercises Critical Community Infrastructure and State Sectors/ISAC Exercises Exercises Cyber Critical Security Infrastructure Training Sectors/ISAC Courses Exercises Cyber Storm Exercises I & II Exercises Madison, WI Des Moines, IA Oklahoma City, OK Chicago, IL (FS ISAC) Springfield, IL Albany, NY Oriskany, NY Rome, NY Brooklyn, NY New York, NY (FS ISAC) Philadelphia, PA Dayton, OH Richmond, VA Raleigh, NC Charlotte, NC Framingham, MA Augusta, ME Rhode Island Cyber Terrorism Task Force Boston, MA Providence, RI Scotch Plains, NJ Hamilton, NJ West Trenton, NJ West Windsor, NJ Dover, DE Wilmington, DE Baltimore, MD (Chemical ISAC) Virginia Beach, VA Cyber Storm I -III in Washington, D.C. West Columbia, SC Moncks Corner, SC Plano, TX Tyler, TX Montgomery, AL Bossier City, LA Tallahassee, FL Nacogdoches, TX Alexandria, LA (FDLE) Jacksonville, FL (FDLE) Austin, TX Tampa, FL (FDLE) Lakeland, FL (FDLE) Houston, TX (Energy ISAC) West Palm Beach, FL (FDLE) Fort Lauderdale, FL (FDLE) San Antonio, TX St. Petersburg, FL (FS ISAC) Miami, FL (ISAC Congress) Del Rio, TX Corpus Christi, TX Fort Myers, FL (FDLE)

Community Cyber Security Maturity Model Developed by the CIAS Based on our experience across the nation Development supported by Congress and DHS Multi-dimensional Collaboration is key Phases connect levels Provides Common reference Roadmap

Phase One Community Cyber Security Exercise #1 cross-sector tabletop Enhance awareness of threats, issues, vulnerabilities Examine imperatives for policies, procedures, training and awareness Discuss internal / external information sharing Exercise #2 sector-based tabletop Exercise prior event s lessons, emphasize internal information sharing Exercise #3 cross-sector tabletop Exercise prior event s lessons, emphasize external information sharing Transition events before / after each exercise Planning conferences, After Action Report Workshop Voice and Data Security course, On-Site Cyber Security Solutions Workshops Phases Two Four Increase complexity and realism Enhance and explore relationships and fusion

CIAS Program Phase One Implementation Community Exercise 1 Community Exercise 2 State & Community Exercise 3 1 Initial Contact Meeting 2 Leading Cyber Security Course & Initial Planning Conference 3 Final Planning Conference 4 Community Cyber Security Exercise 5 After Action Report Workshop 6 Voice and Data Security Course 7 On-site Cyber Security Solutions Workshops 8 Initial Planning Conference & Leading Cyber Security Course (2nd Offering) 9 Final Planning Conference 10 Community Cyber Security Exercise 11 After Action Report Workshop 12 Initial Planning Conference 13 Final Planning Conference 14 State Cyber Security Exercise 15 After Action Report Workshop

Typical Participants City, County, State Officials Leadership Emergency Services, First Responders, Disaster Preparedness Law Enforcement, Fire / Rescue, Medical Emergency Operations Centers, Fusion Centers Critical Infrastructure Providers Public and Commercial Power, Water, Telecom, ISPs, Transportation (Air, Rail, Water, Road) Chambers of Commerce / Economic Development Organizations Major commercial community organizations Services, financial, industrial, healthcare Public Schools, Colleges, Universities Military Active, Guard, Reserve Visitors Invited VIPs (Senators, Representatives, Governor) Media Involvement determined by community Not an IT Exercise - Designed for decision makers

A Framework for Cyber Security

DHS Selects Nevada Nevada competed for and secured this program Letter of endorsement from Governor Sandoval Well established cyber leadership in the state Relationships with the major metropolitan areas Multiple state agencies engaged in cyber security effort

Nevada Timeline February 2012 September 2012 Community Exercise #1 cross-sector tabletop Transition events before / after each exercise September 2012 January 2013 Community Exercise #2 sector-based tabletop Transition events before / after each exercise February 2013 March 2013 State and Community Exercise #3 cross-sector tabletop Transition events before / after each exercise

Nevada Results So Far 20 community cyber security events 654 participants High demand for technical training Positive media coverage Working groups Cyber Security Awareness Policies and Procedures Information Sharing Training and Education

Nevada Leaders Engaged Cyber security stands as one of our Nation s highest priorities, the Nevada Commission on Homeland Security, which I chair, also has chosen cyber security as one our State s highest priorities. Robert Sandoval, Governor of Nevada Community Cyber Security Exercise Opening Remarks, Reno, NV and Henderson, NV, 2012

Key Success Factors Strong advocacy throughout the state of Nevada Leadership involvement Public and private sector participation Excellent points of contact Outstanding communication

How to Get Involved in Nevada State of Nevada Point of Contact Tim Cary tcary@dps.state.nv.us (775) 687-0389 Clark-Las Vegas Community Point of Contact Laura Fucci LFucci@clarkcountyNV.gov (702) 455-5853 Washoe-Carson Community Point of Contact Chris Long CLong@washoecounty.us (775) 858-5930

Real Stories, Real Impacts Silicon Valley Fiber Cuts A case for understanding how cyber affects the physical world

How We Can Help Cyber Security Program Offerings Exercises Leadership Workshops & Seminars Community Incident Response Planning Workshops Cyber Security Awareness Seminars Cyber Security Training Offerings (ISC) 2 CISSP Prep CompTIA Security+ and Network+ Prep Voice and Data Security Planning Cyber Security Exercises Organizational Risk and Technical Assessment Community Dependency Mapping The Center for Infrastructure Assurance and Security

Issues Throughout the Nation Leadership in organizations and communities are NOT aware of the cyber threat Host a half-day Executive Cyber Security Exercise Organizations and communities don t have an effective plan to respond to cyber security incidents Develop, train and exercise the plan at organizations and in communities Management and staff are unsure of the affect of a cyber incident Host a Cyber Security Day, with multiple training tracks and an exercise

Phone Web 210-458-2119 www.utsa.edu/cias How to Contact CIAS