Our Expertise
In recent years, cyberattacks on critical infrastructure have increased in frequency and intensity, calling attention to the growing need for cybersecurity resiliency.
As of September 2022, state, local, and territorial (SLT) entities, once awarded, can receive State and Local Cybersecurity Grant Program (SLCGP) funding made available through the Infrastructure Investment and Jobs Act (IIJA). The SLCGP aims to fund SLT projects that will be used to enhance their cybersecurity preparedness and response postures. Over the course of four years, the SLCGP will distribute $1 billion to support SLT cybersecurity projects.
Hagerty Consulting, Inc. (Hagerty) can assist your organization with navigating the funding sources and projects that fall under the scope of the SLCGP, including city, county, and/or state strategic planning, continuity of operation planning (COOP), cyber preparedness training and exercises, and more.
Cyber Nexus Approach
The Cyber Nexus Approach (CNA) is Hagerty’s comprehensive framework for building a cybersecurity program. Leveraging existing practices and research, CNA unites emergency management and information technology (IT) stakeholders to prepare for, respond to, and recover from cyber incidents that often result in cascading physical impacts.
To effectively manage complex cyber incidents, IT and emergency management teams must work together while also maintaining the integrity of their respective areas of expertise. The double helix structure of Hagerty’s CNA represents recurring crossings of the emergency management and IT teams as they collaborate throughout the cybersecurity program management process, from preparedness activities through incident response and post-incident activities.
Cyber Threats by the Numbers
- $4.54 Million in average ransomware demand in 2022.
- $10.5 Trillion in annual expected cybercrime costs in 2025.
- 422 Million identities exposed in data breaches in 2022.
- 800,944 complaints of suspected internet crimes in 2022.
Hagerty’s Cybersecurity Capabilities
Whether enhancing cybersecurity resilience or navigating effective incident response, Hagerty delivers strategic solutions that safeguard both infrastructure and public safety. Our comprehensive suite of cybersecurity capabilities includes:
- Partnership and Integration: We help facilitate seamless integration between emergency management and cybersecurity teams, ensuring a mutual understanding of needs, priorities, and concerns. Our approach fosters joint planning and strengthens cross-functional support.
- Planning: Our operationally focused plans are crafted through extensive stakeholder engagement, incorporating various tools and templates to ensure actionable, effective strategies.
- Training: Hagerty designs a wide range of training courses, including web-based training, seminars, workshops, and training programs.
- Exercises: We create and facilitate exercises of all scales, from small discussion-based sessions to large, multi-day functional exercises (FE).
- Programmatic Assessments: Hagerty’s assessments identify critical gaps, lessons learned, and best practices by leveraging federal guidance and methodologies such as the POETE model (Planning, Organizing, Training, Equipping, and Exercising) and guidelines established by the National Institute of Standards and Technology (NIST).
- COOP Strategies: We develop continuity-specific planning, training, and exercise programs, ensuring organizations can maintain essential functions during disruptions.
- Cyber-Kinetic Event Preparedness: Hagerty creates plans, training, and exercises that address the cascading impacts of cyberattacks on physical infrastructure.
Hagerty’s Cybersecurity Projects
Cybersecurity Strategic Plan Development
Hagerty developed an SLCGP-compliant Cybersecurity Strategic Plan, meeting both grant funding needs and requirements for a state-level entity. This plan was developed through extensive data collection and stakeholder engagement, bringing together both existing and proposed cybersecurity projects. It included a detailed implementation roadmap outlining the precise steps required for the state entity to execute each identified project over the next five years.
Cybersecurity Planning
Hagerty assisted a state IT department in developing and implementing a statewide cyber disruption plan. The team also developed an implementation strategy that provided actionable recommendations for deploying, socializing, and maintaining the plan. This initiative contributed to broader efforts to enhance the state’s cyber response capabilities. Additionally, Hagerty developed multiple cybersecurity annexes, including projects tailored to a state-level emergency management department and a transportation entity. Both projects involved extensive collaboration with key stakeholders responsible for cybersecurity operations. For the transportation entity, Hagerty’s planning project identified specific threats, hazards, and response and recovery strategies to address cybersecurity incidents that could disrupt operations. In collaboration with the state-level emergency management department, our efforts enhanced the state’s emergency readiness by refining operations for cyber incident preparedness, response, and recovery.
Cybersecurity Exercises and Exercise Programs
Hagerty designed, facilitated, and evaluated an executive-level cybersecurity tabletop exercise (TTX) for a transportation entity to test strategic decision-making, crisis response, and operational resilience. This impactful session brought together senior leadership to navigate a realistic and evolving scenario tailored to their industry and risk landscape. On a broader scale, Hagerty also facilitated a series of iterative exercises for a state IT department to assess its cybersecurity response capabilities and identify areas for improvement. The outcomes of these exercises informed the final phase of the project, which involved updating and enhancing the state’s cyber disruption plan. Additionally, we provided a separate, long-term improvement plan to ensure the continued growth and development of the state’s cybersecurity program.
