Overview
CIAS programNevada implementation Get involved
Physical and Cyber Threats Intersect
“The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at once, in
combination with a physical attack on our country. Attackers could also seek to disable or degrade critical military systems and
communications networks…The collective result of these kinds of attacks could be “cyber Pearl Harbor”: an attack that would cause physical destruction and loss of life, paralyze and shock the nation, and create a profound new sense of vulnerability.”
U.S. Secretary of Defense Leon Panetta October 11, 2012
Center for Infrastructure Assurance and
Security
Center at The University of Texas at San Antonio
Small, agile and non-profit, founded in 2001
Focus areas
Cyber Security Training
Cyber Defense Competition Program Infrastructure Assurance Programs
Resources
Primarily grant funded (DHS, DoD) Others as requested
UTSA is a NSA / DHS National Center of Academic Excellence in Information Assurance Education
Completed Training and Exercises
Honolulu, HI Sacramento, CA
Palo Alto, CA San Francisco, CA (IT ISAC)
Great Falls, MT
Dover, DE
Wilmington, DE
Miami, FL (ISAC Congress) Baltimore, MD (Chemical ISAC) Virginia Beach, VA
St. Petersburg, FL (FS ISAC)
Rhode Island Cyber Terrorism Task Force
West Palm Beach, FL (FDLE) Cyber Storm I - III in Washington, D.C. Chicago, IL
(FS ISAC)
Dayton, OH
Austin, TX
San Antonio, TX Corpus Christi, TX El Paso, TX
Del Rio, TX
Houston, TX (Energy ISAC) Bossier City, LA
Alexandria, LA
New York, NY (FS ISAC)
Community and State Exercises
Critical Infrastructure Sectors/ISAC Exercises Cyber Storm I & II Exercises
Community and State Exercises
Critical Infrastructure Sectors/ISAC Exercises Cyber Storm Exercises
Oklahoma City, OK
Cyber Security Training Courses
Helena, MT
Los Angeles, CA
Fresno, CA
Des Moines, IA
Moncks Corner, SC West Columbia, SC
West Windsor, NJ Scotch Plains, NJ West Trenton, NJ
Saratoga, CA
Lakeland, FL (FDLE) Tallahassee, FL
(FDLE)
Fort Lauderdale, FL (FDLE) Jacksonville, FL (FDLE)
Tampa, FL (FDLE)
Providence, RI
Nacogdoches, TX
Completed as of September 2012
Tyler, TX Plano, TX
Springfield, IL
Santa Ana, CA Costa Mesa, CA
Philadelphia, PA
Brooklyn, NY Hamilton, NJ
Rome, NY
Montgomery, AL Charlotte, NC
Fort Myers, FL (FDLE) Raleigh, NC
Vancouver, WA Camp Murray, WA
Madison, WI Augusta, ME Richmond, VA Boston, MA Framingham, MA Oriskany, NY Albany, NY Reno, NV
Community Cyber Security Maturity Model
Developed by the CIASBased on our experience across the nation Development supported by Congress and DHS
Multi-dimensional
Collaboration is key
Phases connect levels Provides
Common reference Roadmap
Community Cyber Security
Phase OneExercise #1 – cross-sector tabletop
Enhance awareness of threats, issues, vulnerabilities
Examine imperatives for policies, procedures, training and awareness Discuss internal / external information sharing
Exercise #2 – sector-based tabletop
Exercise prior event’s lessons, emphasize internal information sharing
Exercise #3 – cross-sector tabletop
Exercise prior event’s lessons, emphasize external information sharing
Transition events – before / after each exercise
Planning conferences, After Action Report Workshop
Voice and Data Security course, On-Site Cyber Security Solutions Workshops
Phases Two – Four
Increase complexity and realism
CIAS Program – Phase One Implementation
15 After Action Report
Workshop
12 Initial Planning Conference
13 Final Planning Conference
14 State Cyber Security Exercise
State & Community Exercise 3
8 Initial Planning Conference & Leading Cyber Security Course
(2nd Offering)
11 After Action Report Workshop
10 Community Cyber Security Exercise
9 Final Planning Conference Community
Exercise 2
5 After Action Report Workshop
6 Voice and Data Security Course
7 On-site Cyber Security Solutions Workshops
2 Leading Cyber Security
Course & Initial Planning Conference
3 Final Planning Conference
4 Community Cyber Security Exercise
1 Initial Contact Meeting Community
Typical Participants
City, County, State Officials – Leadership
Emergency Services, First Responders, Disaster Preparedness
Law Enforcement, Fire / Rescue, Medical
Emergency Operations Centers, Fusion Centers
Critical Infrastructure Providers – Public and Commercial
Power, Water, Telecom, ISPs, Transportation (Air, Rail, Water, Road)
Chambers of Commerce / Economic Development Organizations Major commercial community organizations
Services, financial, industrial, healthcare
Public Schools, Colleges, Universities Military – Active, Guard, Reserve
Visitors – Invited VIPs (Senators, Representatives, Governor) Media – Involvement determined by community
DHS Selects Nevada
Nevada competed for and secured this program
Letter of endorsement from Governor Sandoval
Well established cyber leadership in the state
Relationships with the major metropolitan areas
Nevada Timeline
February 2012 – September 2012Community Exercise #1 – cross-sector tabletop Transition events – before / after each exercise
September 2012 – January 2013
Community Exercise #2 – sector-based tabletop Transition events – before / after each exercise
February 2013 – March 2013
State and Community Exercise #3 – cross-sector tabletop Transition events – before / after each exercise
Nevada Results So Far
20 community cyber security events654 participants
High demand for technical training Positive media coverage
Working groups
Cyber Security Awareness Policies and Procedures Information Sharing Training and Education
Nevada Leaders Engaged
“
Cyber security stands as one of our Nation’s highest
priorities, the Nevada Commission on Homeland
Security, which I chair, also has chosen cyber security as
one our State’s highest priorities.”
Robert Sandoval, Governor of Nevada “Community Cyber Security Exercise Opening Remarks,” Reno, NV and Henderson, NV, 2012
Key Success Factors
Strong advocacy throughout the state of Nevada Leadership involvementPublic and private sector participation Excellent points of contact
How to Get Involved in Nevada
State of Nevada Point of ContactTim Cary
tcary@dps.state.nv.us (775) 687-0389
Clark-Las Vegas Community Point of Contact Laura Fucci
LFucci@clarkcountyNV.gov (702) 455-5853
Washoe-Carson Community Point of Contact Chris Long
Real Stories, Real Impacts
Silicon Valley Fiber Cuts
How We Can Help
Cyber Security Program OfferingsExercises
Leadership Workshops & Seminars
Community Incident Response Planning Workshops Cyber Security Awareness Seminars
Cyber Security Training Offerings
(ISC)2 CISSP Prep
CompTIA® Security+ and Network+ Prep Voice and Data Security
Planning Cyber Security Exercises
Organizational Risk and Technical Assessment Community Dependency Mapping
Issues Throughout the Nation
Leadership in organizations and communities are NOT aware of the cyber threat
Host a half-day Executive Cyber Security Exercise
Organizations and communities don’t have an effective plan to respond to cyber security incidents
Develop, train and exercise the plan at organizations and in communities
Management and staff are unsure of the affect of a cyber incident
How to Contact CIAS
Phone210-458-2119
Web