Center for Regional Disaster Resilience
  • Home
  • Program Areas
    • Critical Lifelines
    • Cybersecurity
    • Disaster Resilience Planning
    • Public Health
    • Technology
  • Digital Library
  • About Us
  • Events Calendar

DIGITAL LIBRARY

A collection of past CRDR projects, events, news, & resources

2015 Idaho Cybersecurity Interdependencies Workshop

10/8/2015

0 Comments

 

Executive Summary

The Idaho Cyber Security Interdependencies Workshop was held October 8, 2015 in Boise Idaho at the St. Alphonsus Regional Medical Center. More than 130 participants from both public and private sectors, and from across the Pacific Northwest, took part in the exercise that focused on current cyber threats, common challenges for securing data and continuing operations despite cyber disruptions.

Idaho Lieutenant Governor Brad Little and Brigadier General Brad Richy, Chief of the Idaho Bureau of Homeland Security, spoke at the event along with other experts on cyber security preparedness, response, supervisory control and data acquisition systems.
​
Through this event, participants sought to improve their own cyber plans by challenging their planning assumptions, gained a greater understanding of their interdependencies and built relationships with others across the state and region.

View the Event Summary and Report
View the Agenda

Background

​This workshop was the second event in a three year initiative to develop a public/private sector partnership for resilience in the state of Idaho. In 2016, Idaho Bureau of Homeland Security (IBHS) and the Pacific NorthWest Economic Region (PNWER) Center for Regional Disaster Resilience (CRDR) will develop an Action Plan for the development of an Idaho Public/Private Sector Resilience Partnership.

Meeting Themes and Key Takeaways

One of the most prevalent topics of the workshop was around the need for holistic cyber security—calling on organizations to move cyber security planning beyond the Information Technology departments and involve executive leadership, legal, and human resources. There is a strong need to train all staff members. According to IBM’s 2014 Cyber Security Intelligence Index, 95 percent of all security incidents involve human error. This can take many forms, from clicking on links, giving away passwords, or failing to follow security protocols.

Every company has cyber security risk and should have a cyber security plan. From small businesses to sectors that are not typically seen as cyber focused, like agriculture, there are cyber security risks. There are also many great tools in the State of Idaho for getting assistance in building cyber security plans and responding to cyber security incidents that need to be shared and made more easily accessible to all organizations.

For all organizations, it is essential to have governance and policies around cyber security in place before having to respond to an incident. These would include policies around protecting data and procedure for response, including structure (the incident command system was recommended) and involvement of law enforcement. With these policies in place, organizations can test their systems through exercises and help build a security culture in an organization.

A common theme was the acceptance of breach. Not all information within an organization is equally sensitive and critical. By accepting that some cyber attacks will be successful, and focusing extra levels of security on the most important data, organizations can use their limited resources more effectively.
​
Identifying key information is a vital part of assessing the risk in each organization. The risk assessment also includes security protocols, equipment, software, public presence, business type, and all other aspects of a business that might make it an easy or desirable target for cyber attackers. Risk will never be fully eliminated—as long as computers, automation and the internet are needed to complete business tasks, an organization will have cyber risk.  All parts of a cyber plan should attempt to mitigate that risk, while helping identify procedures for protection of critical data and detecting access to or loss of that data. Too often companies don’t know they have been breached until they are informed by an outside agency. 

Recommendations

Based on participant feedback, planning team input, discussion outcomes, and common themes from the day’s speakers, the following recommendations were developed:
  • Develop training materials and regular webinars and other training opportunities to help organizations grow cyber security plans and facilitate information sharing.
  • Provide training for executive leadership, legal departments, human resources, and other key departments to encourage organization-wide cyber security.
  • Grow state-wide knowledge of the Idaho cyber security annex through training and outreach.
  • Provide resources specific to small businesses and sectors where cyber security may not be prioritized (example: agriculture).
  • Develop a single repository for cyber security preparedness information
  • Develop formal partnership for information sharing around cyber security and other critical infrastructure concerns
0 Comments

    Categories

    All
    Banking
    Blue Cascades
    Broadband
    Critical Infrastructure
    Cybersecurity
    Disaster Symposium
    Drones
    Election Security
    Emerald Down
    Energy
    Financial
    Idaho Cybersecurity
    Interdependencies
    King County Region 6
    Liquid Fuel
    Maritime
    Public Health
    Social Media/Info Sharing
    Supply Chain Resilience
    Transportation

    Archives

    October 2021
    March 2021
    October 2020
    September 2020
    August 2020
    July 2020
    November 2019
    September 2019
    August 2019
    June 2019
    May 2019
    April 2019
    December 2018
    October 2018
    July 2018
    June 2018
    April 2018
    March 2018
    December 2017
    July 2017
    February 2017
    September 2016
    April 2016
    October 2015
    September 2015
    December 2014
    November 2014
    June 2014
    May 2014
    June 2013
    December 2012
    November 2010
    September 2010
    December 2008
    June 2008
    January 2007
    January 2006
    June 2002

Picture
Phone: (206) 443-7723
Fax: (206) 443-7703

World Trade Center West
2200 Alaskan Way, Suite 460
Seattle, WA 98121
Connect with us:
  • Home
  • Program Areas
    • Critical Lifelines
    • Cybersecurity
    • Disaster Resilience Planning
    • Public Health
    • Technology
  • Digital Library
  • About Us
  • Events Calendar