December 5, 2012 War Memorial Building, Balboa Park Participant Guide The San Diego Cyber Security Threat Awareness Response and Recovery Program (C-STARR) is hosted by the City of San Diego and the Securing Our ecity Foundation. C-STARR is a regional program, made possible by a Homeland Security grant, and focuses on the cyber threat to the small business community. This program is planned and conducted in conjunction with the Naval Postgraduate School s Center for Asymmetric Warfare. The information contained in this Participant Guide is UNCLASSIFIED and approved for public release.
AGENDA Time 8:00 8:15 AM 8:15 8:30 AM Registration and Check-In Event All participants, please sign in and verify your contact information Welcome and Introductions Alan Watkins Program Manager, Regional Cyber Security Program Brendan Applegate Deputy Director for Planning, Center for Asymmetric Warfare 8:30 8:45 AM Keynote Speaker Honorable Mitch Dembin U.S. Magistrate Judge, Southern District of California 8:45 9:15 AM What Keeps You Up at Night? Discussion Alan Watkins Scott Brewer Deputy Director for Operations, Center for Asymmetric Warfare 9:15 9:25 AM Distribute Cyber Security Questionnaire and Break 9:25 9:55 AM Critical Infrastructure Business Impacts Ron Simmons Security Operations Manager, San Diego Gas & Electric Co. 9:55 10:20 AM Questionnaire Work Period 10:20 10:30 AM Break 10:30 11:00 AM 11:00 11:40 AM 11:40 AM 12:05 PM 12:05 12:15 PM Cyber Crime Business Impacts Jason Vickery Sergeant, San Diego County Sheriff, Computer & High-Tech Crimes Task Force Collect and Discuss Questionnaire Highlights Alan Watkins Scott Brewer Overview of Upcoming Cyber Tabletop Exercises Alan Watkins Brendan Applegate Closing Remarks Alan Watkins Brendan Applegate 12:15 PM Adjourn Agenda 1
PROGRAM OVERVIEW Participant Guide Program Introduction In 2012, the City of San Diego established a partnership with the Naval Postgraduate School to develop and conduct a comprehensive community-based cyber security program. The intent of this program is to take the first step in developing a sustained regional initiative to address cyber threats to the greater San Diego area, by building on lessons learned from previous cyber programs conducted in Southern California. The San Diego Cyber Security Threat Awareness, Response, and Recovery Program (C- STARR) is a regional program that focuses on the cyber threat to the small business community. In order to accomplish this, C-STARR has been organized into a progressive series of training and exercise events. These events build from awareness and prevention to consequence management, and culminate with the response to a catastrophic attack on critical infrastructure. As the first event in the C-STARR program, the aims to establish a learning environment in which participants can build an understanding of current and developing cyber threats. Targeting private sector management and information technology (IT) professionals, the workshop features regional subject matter experts who will address the following topics, critical to the cyber protection of small- to medium-sized businesses: Cyber attack methods Recent attack case studies Cyber crime detection and prevention Information sharing and protection During the Workshop, participants will complete a Cyber Security Questionnaire that will allow the planning team to identify critical cyber-related issues and concerns. The Questionnaire will serve as a self-evaluation of regional capabilities in cyber security. Specific issues and concerns can then be addressed by the C-STARR planning team in development of exercise scenarios and follow-on plans and initiatives for the region. The will be held at the War Memorial Building, in Balboa Park, on Wednesday, December 5, 2012. Tabletop Exercise #1 The first of two Tabletop Exercises (TTX) will focus on the effects and consequences of a cyber attack that affects a number of small businesses. Participants will be divided into breakout groups by their business sector to evaluate regional capabilities to respond to and recover from a power grid failure scenario. The TTX will focus on identifying regional Program Overview 2
capabilities available in both the public and private sectors, and on the development of best practices and recommendations for improvement in the following areas: Assessing and managing technical, administrative, and financial impacts Cyber forensics and investigative processes Consequence management Ensuring continuity of business The first Tabletop Exercise will be held at the San Diego Operational Area Emergency Operations Center (EOC) on Wednesday, January 30, 2012. Tabletop Exercise #2 Building from lessons learned and critical issues from the first TTX, the second exercise will examine the response and recovery issues surrounding a widespread cyber attack on critical regional infrastructure. Whereas the first exercise focused on the capabilities of individual businesses to respond and recover from a cyber attack, the second will include elements of regional emergency response and consequence management, as a result of widespread damage or degradation of critical infrastructure. Participants will utilize in-place plans and procedures to evaluate regional capabilities to perform the following critical functions: Intrusion detection and mitigation Damage assessment and immediate response Consequence management and recovery Public information and preparedness measures The second Tabletop Exercise will be held at the San Diego Operational Area Emergency Operations Center (EOC) on Wednesday, February 27, 2012. Cyber Security Annex Upon completion of the program, observations, recommendation, best practices, and lessons learned will be leveraged to develop a functional annex to the County of San Diego s Operational Area Emergency Plan. This annex will formalize the County s organization and plans to respond to the cyber threat and recover from a large-scale cyber incident. The Cyber Security Annex will also identify regional capabilities, specialized resources, and will define specific roles and responsibilities, in the public and private sector. The C-STARR program is hosted by the City of San Diego and the Securing Our ecity Foundation, through a Homeland Security grant, and is planned and conducted in conjunction with the Naval Postgraduate School s Center for Asymmetric Warfare. Program Overview 3
Program Objectives The C-STARR program is intended to be the first step in a sustained regional initiative to improve cyber preparedness in the greater San Diego area, and increase regional capabilities to detect, respond to, and recover from widespread cyber attacks on critical infrastructure and the private sector. Pursuing this intent, the C-STARR planning team has identified the following program objectives: 1. Increase awareness and understanding of current and developing cyber threats and vulnerabilities 2. Examine the consequences of a widespread cyber attack on San Diego critical infrastructure and the private sector 3. Explore the role of the private sector in identifying, countering, and responding to a criminal or terrorist cyber attack 4. Identify actions that can be taken by the private sector and local government to increase cyber security and minimize the effects of cyber attacks 5. Identify future planning, training, and exercise requirements related to cyber crime and cyber security 6. Reinforce the communication and coordination of cyber-related information and intelligence between the private sector, local government, intelligence community, law enforcement, and first responders 7. Explore the ability of local, community, and agency-specific plans to prevent, mitigate, respond to, and recover from a cyber attack 8. Incorporate program recommendations and best practices into a Cyber Security Annex of the San Diego Operational Area Emergency Plan Points of Contact For further information on the C-STARR program, please consult one of the following points of contact: Alan Watkins Program Manager, Regional Cyber Security Program Email: awatkins@sandiego.gov Phone: (619) 533-6788 Brendan Applegate Project Manager, Center for Asymmetric Warfare Email: bjappleg@nps.edu Phone: (831) 402-7453 Program Overview 4
SPEAKER BIOGRAPHIES Honorable Mitch Dembin United States Magistrate Judge, Southern District of California Board of Directors, ESET Foundation Mitch Dembin was sworn in as a United States Magistrate Judge in the Southern District of California on March 18, 2011. Prior to his appointment, he was an Assistant U.S. Attorney in San Diego and served as the Cybercrime Coordinator for the office. Before that, he was the Chief Security Advisor for Microsoft Corporation, assisting Microsoft's business customers in creating and implementing strategic security plans. Participant Guide Prior to joining Microsoft, Mitch was the president of EvidentData, Inc., a firm specializing in computer forensics, digital evidence and computer security. Mitch served three different terms as an Assistant U.S. Attorney, spanning more than 15 years in San Diego and in Boston, and including 6 years as a supervisor. As a federal prosecutor, Mitch has specialized in prosecuting a variety of white collar crimes and, beginning in 1991, in investigating and prosecuting high technology crimes. Before his first term as an AUSA, Mitch was a staff attorney for the Securities and Exchange Commission in Washington, DC. Mitch is credited with having founded the San Diego Regional Computer Forensics Laboratory, a national prototype, which provides assistance to the federal, state and local law enforcement agencies serving San Diego and Imperial Counties. Mitch was raised in Brooklyn, New York, the son of a New York City Police Officer, and received a Bachelor's Degree from Brooklyn College of the City University of New York, and a Juris Doctor Degree from Western New England Law School, where he also served as Managing Editor of the Law Review. Ron Simmons Security Operations Manager, San Diego Gas & Electric Co. Mr. Simmons career started as a U.S. Navy Sonar Technician in 1988. In mid-1998, he left the Navy and moved into the information technology field. Since his departure from the U.S. Navy, Mr. Simmons has held multiple roles within information security while working in industries such as hosting, financial and insurance services, and most recently critical infrastructure. Since 2008, Mr. Simmons has worked for the Sempra Energy Utilities family of companies, first as the Incident Response and Forensics Speaker Biographies 5
Lead. In this role, he and his team have responsibility for the enterprise incident response and forensics of corporate IT infrastructure, as well as the multiple gas and electric controls networks. He now serves as the Security Operations Manager for SDG&E s Information Security Department, overseeing Incident Response and Forensics, Threat and Vulnerability Management, Production Support and Service, Enterprise Access Manager. Jason Vickery Sergeant, San Diego County Sheriff Computer & High-Tech Crimes Task Force Jason Vickery is a sergeant with the San Diego Sheriff s Department, where he has worked for the last eighteen years. His assignments have included detentions, patrol, and investigations. Jason is currently assigned as the Law Enforcement Coordinator for the Computer and Technology Crime High Tech Response Team (CATCH). Jason has a Bachelor s degree from the University of Nebraska Kearney and a Master s degree from the University of Phoenix. Speaker Biographies 6
Program Content 7
Program Content 8
Program Content 9
Program Content 10
Critical Infrastructure - Business Impacts Ron Simmons CISSP, GCIH, GCIA, GCFA 2002 San Diego Gas and Electric Co. and Southern California Gas Company. All copyright and trademark rights reserved. Program Content 11
Program Content 12
Program Content 13
Program Content 14
Program Content 15
Program Content 16
Program Content 17
Program Content 18
Program Content 19
Program Content 20
Program Content 21
Program Content 22
Program Content 23
Program Content 24
Program Content 25
Program Content 26
Program Content 27
Program Content 28
Program Content 29
Program Content 30
Program Content 31
Program Content 32
Program Content 33
Program Content 34
Program Content 35
Program Content 36
Program Content 37
Program Content 38
Naval Postgraduate School, Center for Asymmetric Warfare Web: http://cawnps.org The San Diego C-STARR Program has been planned and conducted in collaborative partnership with the Center for Asymmetric Warfare, a federal government operational research and field experimentation center aligned under the Naval Postgraduate School s Information Sciences Department. The Center for Asymmetric Warfare, or CAW, was established in 1999 to support military and civilian autorities in identifying, countering, and controlling the effects of asymmetric threats. Since its inception, CAW has matured into a recognized leader in its field, by developing comprehensive education, training, and exercise programs; technology integration, test, and evaluation programs; and capability assessment and improvement programs with its partners in research. Today, CAW is headquartered at Naval Base Ventura County, in Point Mugu, California, but maintains a global reach, conducting programs in 26 countries and U.S. protectorates around the world. CAW programs are a result of cooperative partnerships with organizations across a wide spectrum of jurisdictions, including the Department of Defense; local, state, and federal governments; private sector and non-governmental organizations; academia and national centers of excellence; and international governments. Harnessing the resources and expertise that comprise the Naval Postgraduate School, CAW maintains a unique set of capabilities to meet the research, assessment, or planning needs of any organization. For further information, please contact: Alan Jaeger Brendan Applegate Director and Principal Investigator Deputy Director for Planning Phone: (805) 989-1786 Phone: (831) 402-7453 Email: ajaeger@nps.edu Email: bjappleg@nps.edu Center for Asymmetric Warfare 39