NASCIO 2014 State IT Recognition Awards

Similar documents
NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Enterprise Security Tactical Plan

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

TEXAS HOMELAND SECURITY STRATEGIC PLAN : PRIORITY ACTIONS

[STAFF WORKING DRAFT]

Portal Storm: A Cyber/Business Continuity Exercise. Cyber Security Initiatives

Highlights of Cybersecurity Efforts in Other States. JCOTS Cybersecurity Advisory Committee

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

State Homeland Security Strategy (2012)

STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME

Preventing and Defending Against Cyber Attacks October 2011

BUSINESS CONTINUITY PLANNING

Infrastructure Protection Gateway

Actions and Recommendations (A/R) Summary

No. 33 February 19, The President

The Computerworld Honors Program

MARYLAND. Cyber Security White Paper. Defining the Role of State Government to Secure Maryland s Cyber Infrastructure.

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Arizona Department of Homeland Security

The Comprehensive National Cybersecurity Initiative

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Water Security in New Jersey: Partnership and Services

September 4, appearing before you today. I am here to testify about issues and challenges in providing for

Preventing and Defending Against Cyber Attacks November 2010

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC)

Vendor Risk Management Financial Organizations

El Camino College Homeland Security Spring 2016 Courses

Preventing and Defending Against Cyber Attacks June 2011

Re: Electronic Standards for Public Health Information Exchange

All Eyes: A Security Breach Exercise. Disaster Recovery/Security and Business Continuity Readiness

Cybersecurity in the States 2012: Priorities, Issues and Trends

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:

NEBRASKA STATE HOMELAND SECURITY STRATEGY

Priority III: A National Cyberspace Security Awareness and Training Program

California Information Technology Strategic Plan

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

National Cyber Security Policy -2013

NICE and Framework Overview

NH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Middle Class Economics: Cybersecurity Updated August 7, 2015

Report: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business

Impact of Financial Aid on Student College Access & Success:

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

How To Protect Your State From Cybercrime

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Information Security Program CHARTER

Cybersecurity: Mission integration to protect your assets

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Executive Summary. Introduction

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

CALIFORNIA GIS COUNCIL CHARTER

Michigan Cyber Disruption Response Strategy

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

The Association of Bay Area Health Officials: Advancing Public Health through Regional Networks

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

ESF 02 - Communications Annex, 2015

FFIEC Cybersecurity Assessment Tool

Department of Homeland Security

2009 NASCIO Recognition Awards Nomination. A. Title: Sensitive Data Protection with Endpoint Encryption. Category: Information Security and Privacy

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Why you should adopt the NIST Cybersecurity Framework

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Critical Infrastructure and Pandemic Preparedness

White Paper on Financial Industry Regulatory Climate

Emergency Support Function #11 Agriculture and Natural Resources Strategic Plan

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Statement of. before the. Committee on Homeland Security Subcommittee on Oversight and Management Efficiency U.S. House of Representatives

National Infrastructure Protection Plan Partnering to enhance protection and resiliency

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Table of Contents ESF

STATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman VALERIE VAINIERI HUTTLE District 37 (Bergen)

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR

CYBERSECURITY RISK RESEARCH CENTRE (832)

How To Write A National Cybersecurity Act

STATE OF MARYLAND Strategy for Homeland Security

Lessons from Defending Cyberspace

Cybersecurity Framework: Current Status and Next Steps

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE

WASHINGTON MILITARY DEPARTMENT. Washington State. Significant Cyber Incident Annex

Enterprise IT Portfolio Governance and Management Model

Establishing a State Cyber Crimes Unit White Paper

Cybersecurity Enhancement Account. FY 2017 President s Budget

MEETING THE NATION S INFORMATION SECURITY CHALLENGES

Subject: National Preparedness

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

STATE HOMELAND SECURITY GRANT PROGRAM

Agency for State Technology

Regulatory Compliance Management for Energy and Utilities

Department of Homeland Security Information Sharing Strategy

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

Strategic Plan for the Enterprise Portfolio Project Management Office Governors Office of Information Technology... Ron Huston Director

Transcription:

NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos Ramos, Director California Department of Technology Carlos.Ramos@state.ca.gov 916.319.9223 Michele Robinson State Chief Information Security Officer 916.431.5058

Section 2: Executive Summary Cyber attacks have the ability to disrupt our power, water, communication and other critical systems. Citizen s sensitive private information entrusted to the government could fall into the wrong hands. Protecting this information and California s large and diverse critical infrastructure is crucial.. With 38 million residents, California is the most populous state in the nation and the third largest by geographical area. The state s economy is ranked ninth in the world. California is home to the Silicon Valley and a robust IT infrastructure that makes the state a prime target for cyber attacks. Much of the critical infrastructure in California is owned and operated by private industry or local governments. While California has many efforts to prevent and mitigate cyber attacks, these efforts are decentralized and the various jurisdictions operate in silos. It is crucial to take a collaborative approach to safeguard both information and infrastructure. On May 13, 2013, government officials and private-sector leaders met to discuss a comprehensive cybersecurity plan for California. This was the beginning of the California Cybersecurity Task Force, the first state-led collaboration of its kind. The primary mission of this task force is to act as an advisory body to the State of California Senior Administration Officials in all matters related to Cybersecurity. Designed to address issues raised in the Presidential Executive Order on Improving Critical Infrastructure Cybersecurity, the California Cybersecurity Task Force has brought together many entities that would have otherwise not been engaged. The California Cybersecurity Task Force is made up of over 120 members from state, local, federal and tribal government, research and education, utility, financial, and private industry. This is a holistic approach to engage a broader range of stakeholders and developing awareness of policies and procedures for the assessment, enforcement, response and emergency management coordination in the event of a major cyber-emergency. The task force does not replace or supersede the Department of Technology s policy making authority or established policy making processes. It looks more broadly to engage those outside state government to adopt state policy as their own and or assist with policy implementation. The Cybersecurity Task Force is already hard at work through its various subcommittees to improve the state s cybersecurity posture. For example, the Cyber Emergency Preparedness subcommittee is facilitating a Cyber Exercise with public and private partners to examine cyber incident response and information sharing capabilities within the Northern California region. The High-Tech and Digital Evidence Subcommittee is establishing a state digital evidence forensic laboratory and training center that will work in support of both local, regional and federal digital evidence forensic laboratories and serve rural counties.

Section 3: Business Problem and Solution Problem Top experts agree that Cyber-attacks are a real and ever-growing threat to our national and economic security. Presidential Executive Order on Improving Critical Infrastructure Cybersecurity was issued on February 12, 2013 directing increased collaboration and information sharing for improved cybersecurity for critical infrastructure. The Order specifically directed the National Institute of Standards and Technology to work with private industry to develop a National Cybersecurity Framework and a Voluntary Critical Infrastructure Cybersecurity Program. California, the most populous state in the U.S. with over 38 million residents, is considered the third largest state by geographic area. If California were a country, it would be the ninth largest economy in the world, through its important contributions in aerospace, education, manufacturing, and high-tech industry. California is home to the Silicon Valley and a robust IT infrastructure making it a prime target for cyber attacks. The attacks against government systems are greatly increasing. While the state has many efforts to prevent and mitigate these attacks, government IT is extremely decentralized and various jurisdictions operate in silos. Further, the state lacks a comprehensive, concerted public-private statewide strategy to assess and respond to these kinds of threats. Various government entities have different roles in the cybersecurity arena from policy, assessment and enforcement to response and emergency management coordination in the event of a major cyber-emergency. Solution On May 13, 2013, California launched the California Cybersecurity Task Force in response to the Presidential Executive Order. Led jointly by the State CIO/Director of the California Department of Technology and the Director of the California Office of Emergency Services, this Task Force is the first of its kind in the nation. The Task Force serves as an advisory body to State of California Senior Administration Officials and the Governor in matters related to Cybersecurity. The strategic role of the task force is to act in an advisory capacity, briefing public policy makers in the following areas: Identify areas where stakeholders can improve statewide collaboration and information sharing to identify potential threats; Assist in the development of threat preventions, remediation, response and recovery strategies;

Review areas where coordination will enhance security, emergency response, communications, contingency planning and other areas of mutual responsibility across the State of California; and Develop and review a statewide cybersecurity strategy and provide support for strategy implementation. Other functions of the Task Force include: Research cybersecurity initiatives, policies and trends; Implement California Cybersecurity recommendations; Conduct public outreach and increase awareness of cybersecurity as a priority. Section 4: Significance of the Project The California Cybersecurity Task Force is the first state-led collaboration of its kind in the US. Given California s size and complexity, member willingness to come together on a volunteer basis to collaborate has been extraordinary. In just one year, members have been able to form high-performing subcommittees and working groups and make significant progress in the identification of California s cybersecurity needs. Some have already moved to implementing enhancements they can accomplish with existing resources and through public-private partnerships, which were derived from participation in the Task Force. Each member and new member interaction brings with it identification of additional resources, capabilities or ideas for advancing the achievement of goals and objectives, and ultimately California s cybersecurity posture. Approach/Communication Plan The Task Force is the first state-led collaboration of its kind. The Task Force engages a full range of stakeholders in a whole community approach to address the issue. With over 120 members, the task force is made up of stakeholders from many different sectors. These include government, research and education, utility, financial, and private industry. While 65% of the task force comprises primarily of government members (state, local and federal governments, the military and the port authority), the other 35% represents private industry, research and education, and utilities. The California Cybersecurity Task Force has formed seven subcommittees based on specific issues and vital areas of opportunity. The subcommittees address the following areas of importance: Legislation and Funding Cyber Emergency Preparedness Risk Mitigation Information Sharing Cybersecurity Workforce Development

High Tech and Digital Evidence Economic Development Each subcommittee has developed short-term and longer-term goals, is working on items which can be completed with existing resources and will be making recommendations about the prioritization and resource allocation for achieving longerterm goals. The full membership of the Task Force meets quarterly or as necessary at the call of the Executive Governance leadership. The Subcommittee co-chairs meet monthly. The subcommittees and their working groups meet as often as necessary to carry out their assigned objectives. Strategic/NACIO Priority Alignment The California Cybersecurity Task Force aligns with California s State IT Strategic Plan- Goal 4: Secure and Manage Information as an Asset. The Task Force will allow the state to realize the Objectives under this plan: 4.1 Protect sensitive date through robust security and privacy programs; 4.2 Ensure the state s technology and public safety communication infrastructures have robust and reliable disaster recovery capabilities to support the continuity of government services. Further, this initiative aligns with and promotes NASCIO s number one priority among all State Chief Information Officers, that of security. Section 5: Benefits of the Project The Task Force will deliver a California Cyber Security Strategy and achieve tangible objectives in support of the strategy. The following are several specific examples of the benefits achieved to date: Collaboration- The Task Force has brought together many different entities that have not engaged with each other before, each with a vested interest in improving California s overall cybersecurity posture. The coming together has garnered greater appreciation about the significance of the cybersecurity threat from the sharing of each perspective. In turn, this has led to the establishment of increased public-private partnerships, cross-sector collaboration, information sharing, and more productive dialogue about how the state s scarce cybersecurity resources and capabilities can be best utilized across the state to maximize cybersecurity for all. Training Exercises- The Cyber Emergency Preparedness subcommittee is facilitating a Cyber Exercise with public and private partners to examine cyber

incident response and information sharing capabilities within the Northern California region. It is anticipated the event will yield valuable information that will assist the development of a Cyber Playbook designed to assist the participants and other organizations in responding to a major cyber incident. This exercise will also inform future regional and Statewide Cyber Exercises to come. Information Sharing- The Information Sharing subcommittee has identified all the various information sharing protocols and channels and is examining the most effective method for streamlining and improving operational efficiency and effectiveness. Workforce Development- The Workforce Development groups are focused on the following four overarching objectives: 1. Develop a consistent definition and criteria for cyber security expertise to serve the State of California. 2. Discover, align, refine and capture the cybersecurity educational pathway inclusive of traditional curricula, extracurricular, competitions and professional development activities at all levels of education. 3. Leverage private sector, non-profit and educational resources within the State of California to inform the development of relevant state and federal policies and identify incentives to provide design inputs as well as to support the development and implementation of the California State Cyber Security Strategy. 4. Identify and support opportunities for California to leverage and employ our veteran population in the field of cybersecurity. To date they have completed a review of the Department of Homeland Security s NICE Workforce Development Framework and two California state agencies are in the process of piloting its use. They have engaged and are working with numerous educational institutions on student and faculty development to increase cybersecurity education, and sponsorships for afterschool programs and competitions. They have also engaged with the Department of Military and Wounded Warriors Program moving them closer toward achievement of Objective 4. Shared Resources- The High-Tech and Digital Evidence Subcommittee is establishing a state digital evidence forensic laboratory and training center that will work in support of both local, regional and federal digital evidence forensic laboratories and serve rural counties. Through Task Force members collaborative efforts, facility related barriers have been overcome, space has been acquired and is being built out. They are now 60-90 days out from occupancy.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information