NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos Ramos, Director California Department of Technology Carlos.Ramos@state.ca.gov 916.319.9223 Michele Robinson State Chief Information Security Officer 916.431.5058
Section 2: Executive Summary Cyber attacks have the ability to disrupt our power, water, communication and other critical systems. Citizen s sensitive private information entrusted to the government could fall into the wrong hands. Protecting this information and California s large and diverse critical infrastructure is crucial.. With 38 million residents, California is the most populous state in the nation and the third largest by geographical area. The state s economy is ranked ninth in the world. California is home to the Silicon Valley and a robust IT infrastructure that makes the state a prime target for cyber attacks. Much of the critical infrastructure in California is owned and operated by private industry or local governments. While California has many efforts to prevent and mitigate cyber attacks, these efforts are decentralized and the various jurisdictions operate in silos. It is crucial to take a collaborative approach to safeguard both information and infrastructure. On May 13, 2013, government officials and private-sector leaders met to discuss a comprehensive cybersecurity plan for California. This was the beginning of the California Cybersecurity Task Force, the first state-led collaboration of its kind. The primary mission of this task force is to act as an advisory body to the State of California Senior Administration Officials in all matters related to Cybersecurity. Designed to address issues raised in the Presidential Executive Order on Improving Critical Infrastructure Cybersecurity, the California Cybersecurity Task Force has brought together many entities that would have otherwise not been engaged. The California Cybersecurity Task Force is made up of over 120 members from state, local, federal and tribal government, research and education, utility, financial, and private industry. This is a holistic approach to engage a broader range of stakeholders and developing awareness of policies and procedures for the assessment, enforcement, response and emergency management coordination in the event of a major cyber-emergency. The task force does not replace or supersede the Department of Technology s policy making authority or established policy making processes. It looks more broadly to engage those outside state government to adopt state policy as their own and or assist with policy implementation. The Cybersecurity Task Force is already hard at work through its various subcommittees to improve the state s cybersecurity posture. For example, the Cyber Emergency Preparedness subcommittee is facilitating a Cyber Exercise with public and private partners to examine cyber incident response and information sharing capabilities within the Northern California region. The High-Tech and Digital Evidence Subcommittee is establishing a state digital evidence forensic laboratory and training center that will work in support of both local, regional and federal digital evidence forensic laboratories and serve rural counties.
Section 3: Business Problem and Solution Problem Top experts agree that Cyber-attacks are a real and ever-growing threat to our national and economic security. Presidential Executive Order on Improving Critical Infrastructure Cybersecurity was issued on February 12, 2013 directing increased collaboration and information sharing for improved cybersecurity for critical infrastructure. The Order specifically directed the National Institute of Standards and Technology to work with private industry to develop a National Cybersecurity Framework and a Voluntary Critical Infrastructure Cybersecurity Program. California, the most populous state in the U.S. with over 38 million residents, is considered the third largest state by geographic area. If California were a country, it would be the ninth largest economy in the world, through its important contributions in aerospace, education, manufacturing, and high-tech industry. California is home to the Silicon Valley and a robust IT infrastructure making it a prime target for cyber attacks. The attacks against government systems are greatly increasing. While the state has many efforts to prevent and mitigate these attacks, government IT is extremely decentralized and various jurisdictions operate in silos. Further, the state lacks a comprehensive, concerted public-private statewide strategy to assess and respond to these kinds of threats. Various government entities have different roles in the cybersecurity arena from policy, assessment and enforcement to response and emergency management coordination in the event of a major cyber-emergency. Solution On May 13, 2013, California launched the California Cybersecurity Task Force in response to the Presidential Executive Order. Led jointly by the State CIO/Director of the California Department of Technology and the Director of the California Office of Emergency Services, this Task Force is the first of its kind in the nation. The Task Force serves as an advisory body to State of California Senior Administration Officials and the Governor in matters related to Cybersecurity. The strategic role of the task force is to act in an advisory capacity, briefing public policy makers in the following areas: Identify areas where stakeholders can improve statewide collaboration and information sharing to identify potential threats; Assist in the development of threat preventions, remediation, response and recovery strategies;
Review areas where coordination will enhance security, emergency response, communications, contingency planning and other areas of mutual responsibility across the State of California; and Develop and review a statewide cybersecurity strategy and provide support for strategy implementation. Other functions of the Task Force include: Research cybersecurity initiatives, policies and trends; Implement California Cybersecurity recommendations; Conduct public outreach and increase awareness of cybersecurity as a priority. Section 4: Significance of the Project The California Cybersecurity Task Force is the first state-led collaboration of its kind in the US. Given California s size and complexity, member willingness to come together on a volunteer basis to collaborate has been extraordinary. In just one year, members have been able to form high-performing subcommittees and working groups and make significant progress in the identification of California s cybersecurity needs. Some have already moved to implementing enhancements they can accomplish with existing resources and through public-private partnerships, which were derived from participation in the Task Force. Each member and new member interaction brings with it identification of additional resources, capabilities or ideas for advancing the achievement of goals and objectives, and ultimately California s cybersecurity posture. Approach/Communication Plan The Task Force is the first state-led collaboration of its kind. The Task Force engages a full range of stakeholders in a whole community approach to address the issue. With over 120 members, the task force is made up of stakeholders from many different sectors. These include government, research and education, utility, financial, and private industry. While 65% of the task force comprises primarily of government members (state, local and federal governments, the military and the port authority), the other 35% represents private industry, research and education, and utilities. The California Cybersecurity Task Force has formed seven subcommittees based on specific issues and vital areas of opportunity. The subcommittees address the following areas of importance: Legislation and Funding Cyber Emergency Preparedness Risk Mitigation Information Sharing Cybersecurity Workforce Development
High Tech and Digital Evidence Economic Development Each subcommittee has developed short-term and longer-term goals, is working on items which can be completed with existing resources and will be making recommendations about the prioritization and resource allocation for achieving longerterm goals. The full membership of the Task Force meets quarterly or as necessary at the call of the Executive Governance leadership. The Subcommittee co-chairs meet monthly. The subcommittees and their working groups meet as often as necessary to carry out their assigned objectives. Strategic/NACIO Priority Alignment The California Cybersecurity Task Force aligns with California s State IT Strategic Plan- Goal 4: Secure and Manage Information as an Asset. The Task Force will allow the state to realize the Objectives under this plan: 4.1 Protect sensitive date through robust security and privacy programs; 4.2 Ensure the state s technology and public safety communication infrastructures have robust and reliable disaster recovery capabilities to support the continuity of government services. Further, this initiative aligns with and promotes NASCIO s number one priority among all State Chief Information Officers, that of security. Section 5: Benefits of the Project The Task Force will deliver a California Cyber Security Strategy and achieve tangible objectives in support of the strategy. The following are several specific examples of the benefits achieved to date: Collaboration- The Task Force has brought together many different entities that have not engaged with each other before, each with a vested interest in improving California s overall cybersecurity posture. The coming together has garnered greater appreciation about the significance of the cybersecurity threat from the sharing of each perspective. In turn, this has led to the establishment of increased public-private partnerships, cross-sector collaboration, information sharing, and more productive dialogue about how the state s scarce cybersecurity resources and capabilities can be best utilized across the state to maximize cybersecurity for all. Training Exercises- The Cyber Emergency Preparedness subcommittee is facilitating a Cyber Exercise with public and private partners to examine cyber
incident response and information sharing capabilities within the Northern California region. It is anticipated the event will yield valuable information that will assist the development of a Cyber Playbook designed to assist the participants and other organizations in responding to a major cyber incident. This exercise will also inform future regional and Statewide Cyber Exercises to come. Information Sharing- The Information Sharing subcommittee has identified all the various information sharing protocols and channels and is examining the most effective method for streamlining and improving operational efficiency and effectiveness. Workforce Development- The Workforce Development groups are focused on the following four overarching objectives: 1. Develop a consistent definition and criteria for cyber security expertise to serve the State of California. 2. Discover, align, refine and capture the cybersecurity educational pathway inclusive of traditional curricula, extracurricular, competitions and professional development activities at all levels of education. 3. Leverage private sector, non-profit and educational resources within the State of California to inform the development of relevant state and federal policies and identify incentives to provide design inputs as well as to support the development and implementation of the California State Cyber Security Strategy. 4. Identify and support opportunities for California to leverage and employ our veteran population in the field of cybersecurity. To date they have completed a review of the Department of Homeland Security s NICE Workforce Development Framework and two California state agencies are in the process of piloting its use. They have engaged and are working with numerous educational institutions on student and faculty development to increase cybersecurity education, and sponsorships for afterschool programs and competitions. They have also engaged with the Department of Military and Wounded Warriors Program moving them closer toward achievement of Objective 4. Shared Resources- The High-Tech and Digital Evidence Subcommittee is establishing a state digital evidence forensic laboratory and training center that will work in support of both local, regional and federal digital evidence forensic laboratories and serve rural counties. Through Task Force members collaborative efforts, facility related barriers have been overcome, space has been acquired and is being built out. They are now 60-90 days out from occupancy.