​When: February 16, 2017
Where: Lakewood WA, 98499

Government personnel, critical infrastructure managers and major employers put their understanding of cyber threats and resources into action Thursday, February 16 at the Emerald Down V Regional Cybersecurity Exercise. 

The daylong exercise held at the Clover Park Technical College brought together 133 attendees looking to improve their organizations' cyber plans, build relationships with other regional technology and security practitioners, and practice community cyber security response within an interactive cybersecurity board game. 

The game is one in a series of Sand Table Resilience Games created by James Rollins, Managing Partner at Takouba. This cybergame simulates methods used by different types of hackers to access and exploit a network, such as a phishing attack for sensitive information. Network defenders then use tools and policies to try and stave off attacks, and can call for help from available resources. 

"We're not looking for winners and losers. We want participants to understand how the types of cyberattacks that might occur and what tools they have to counter them," said Eric Holdeman, director of the Center for Regional Disaster Resilience (CRDR). "The goal is for guests to learn how to report a cyber attack, who can help and what resources they might expect in response." 

Holdeman said a main theme of the exercise is to develop community cybersecurity response capability, where public and private entities are encouraged to securely share information on an attack to alert each other and hopefully and collectively or find solutions. 

"A growing number of attacks are not immediately detected. If businesses and governments can share information about an ongoing problem, they have a better chance to collectively develop a patch or counter as a coordinated whole instead of reacting as individual organizations," Holdeman said. 

This year marks the fifth Emerald Down cybersecurity event organized by the CRDR in support of the public-private partnership efforts being led and funded by the King County Office of Emergency Management, and their Critical Infrastructure Committee.

"Today's exercise brought together a wide array of stakeholders to focus on improving preparedness and resilience to the growing threat of cyber intrusions," said Walt Hubbard, director of King County Office of Emergency Management. "This is a great example of what we're striving to achieve in all areas of emergency management in King County." 

Exercise features:
Free cyber incident response template
Interactive scenario based board game
Discussion on viability of emergency cyber credentialing system​

In attendance: 

• Emergency managers
• Business continuity professionals
• Law enforcement community
• Control systems technicians
• Security managers and affiliated IT staff
• Operations support
• Critical infrastructure managers/operators
• Major employers
• Public/private organizations that impact the regional economy

 
More information

The 2016 Idaho Cybersecurity Interdependencies Workshop explored the growing challenges of cybersecurity and its impact on overall economic and physical security. Hosted by the Idaho Office for Emergency Management and the Center for Regional Disaster Resilience, this meeting also featured a special track for small business leaders.

​Idaho Cyber Interdependencies Agenda
Small Business Information

In the face of emerging risks to economic and national security, action is needed to address crucial regional infrastructure interdependencies in energy, telecommunications, transportation, water systems and other infrastructures. Third in a three year series meant to develop an Idaho Partnership for Infrastructure Security, the workshop advances several cross-sector initiatives. 

One of the outcomes of these meetings was the creation of a stakeholder-prioritized action plan for the state of Idaho that is a culmination of recommendations from workshops, projects, and activities over the past three years. Stakeholders identified these recommendations as high priorities for the state. Recommendations include

• Develop training materials and a cyber resource website for the State of Idaho
• Continue to host annual statewide Cyber Interdependencies Workshops
• Develop a public-private information sharing platform to send alerts, warnings, and share updates with vetted, trusted stakeholders across the state. 

The Idaho Cyber Security Interdependencies Workshop was held October 8, 2015 in Boise Idaho at the St. Alphonsus Regional Medical Center. More than 130 participants from both public and private sectors, and from across the Pacific Northwest, took part in the exercise that focused on current cyber threats, common challenges for securing data and continuing operations despite cyber disruptions.

Idaho Lieutenant Governor Brad Little and Brigadier General Brad Richy, Chief of the Idaho Bureau of Homeland Security, spoke at the event along with other experts on cyber security preparedness, response, supervisory control and data acquisition systems.
​
Through this event, participants sought to improve their own cyber plans by challenging their planning assumptions, gained a greater understanding of their interdependencies and built relationships with others across the state and region.

View the Event Summary and Report
View the Agenda

​This workshop was the second event in a three year initiative to develop a public/private sector partnership for resilience in the state of Idaho. In 2016, Idaho Bureau of Homeland Security (IBHS) and the Pacific NorthWest Economic Region (PNWER) Center for Regional Disaster Resilience (CRDR) will develop an Action Plan for the development of an Idaho Public/Private Sector Resilience Partnership.

One of the most prevalent topics of the workshop was around the need for holistic cyber security—calling on organizations to move cyber security planning beyond the Information Technology departments and involve executive leadership, legal, and human resources. There is a strong need to train all staff members. According to IBM’s 2014 Cyber Security Intelligence Index, 95 percent of all security incidents involve human error. This can take many forms, from clicking on links, giving away passwords, or failing to follow security protocols.

Every company has cyber security risk and should have a cyber security plan. From small businesses to sectors that are not typically seen as cyber focused, like agriculture, there are cyber security risks. There are also many great tools in the State of Idaho for getting assistance in building cyber security plans and responding to cyber security incidents that need to be shared and made more easily accessible to all organizations.

For all organizations, it is essential to have governance and policies around cyber security in place before having to respond to an incident. These would include policies around protecting data and procedure for response, including structure (the incident command system was recommended) and involvement of law enforcement. With these policies in place, organizations can test their systems through exercises and help build a security culture in an organization.

A common theme was the acceptance of breach. Not all information within an organization is equally sensitive and critical. By accepting that some cyber attacks will be successful, and focusing extra levels of security on the most important data, organizations can use their limited resources more effectively.
​
Identifying key information is a vital part of assessing the risk in each organization. The risk assessment also includes security protocols, equipment, software, public presence, business type, and all other aspects of a business that might make it an easy or desirable target for cyber attackers. Risk will never be fully eliminated—as long as computers, automation and the internet are needed to complete business tasks, an organization will have cyber risk.  All parts of a cyber plan should attempt to mitigate that risk, while helping identify procedures for protection of critical data and detecting access to or loss of that data. Too often companies don’t know they have been breached until they are informed by an outside agency. 

Based on participant feedback, planning team input, discussion outcomes, and common themes from the day’s speakers, the following recommendations were developed:

• Develop training materials and regular webinars and other training opportunities to help organizations grow cyber security plans and facilitate information sharing.
• Provide training for executive leadership, legal departments, human resources, and other key departments to encourage organization-wide cyber security.
• Grow state-wide knowledge of the Idaho cyber security annex through training and outreach.
• Provide resources specific to small businesses and sectors where cyber security may not be prioritized (example: agriculture).
• Develop a single repository for cyber security preparedness information
• Develop formal partnership for information sharing around cyber security and other critical infrastructure concerns

Over 115 participants gathered at the Hewlett Packard Campus in Garden City, Idaho on November 13, 2014 for the Idaho Cyber Security Interdependencies Workshop hosted by the Idaho Bureau of Homeland Security (IBHS) with assistance from the Pacific NorthWest Economic Region (PNWER) Center for Regional Disaster Resilience (CRDR). The one day workshop provided information on current Cyber threats, and best practices utilized to develop organizational Cyber Security plans. Guest speakers, panel discussions, and round table facilitated conversations contributed to a very successful workshop.

The event was developed over the course of four months through a series of conference calls and meetings. The planning team included local public and private sector organizations, including: Idaho National Laboratory (INL), MK Hamilton & Associates, Office of the Idaho State Controller, Office of the Idaho Chief Information Officer, Idaho Bureau of Homeland Security, Petso Financial Consultants LLC, University of Idaho, Hewlett Packard, Idaho State Police, Zions Bank, Idaho Transportation Department, and St. Luke’s Health System.

This workshop was the first in a three year initiative to develop a public/private sector partnership for resilience in the state of Idaho. In 2015 IBHS and PNWER CRDR will host a table top exercise to help identify interdependencies and gaps in existing partnerships. Following that, the team will develop a Action Plan for the development of an Idaho Public/Private Sector Resilience Partnership.

View the Event Summary and Report
View the Agenda