Archives

Managing Security Threats in the Cyber and Physical Realms

Emergency management and security practitioners have long worked to combat physical security threats, including those posed by active threat events. As our world becomes increasingly digital, these practitioners are facing an emerging threat type outside the physical realm: cybersecurity. As October is Cybersecurity Awareness Month, Hagerty wants to encourage the personnel and partners dedicated to emergency management to consider how cyber risk is evolving and they can use their existing skill sets to help combat that risk. Cyber risk is now a global security challenge.

Security threats are expanding their reach beyond purely physical attacks and into cyber assets: Source

As we examine the newly broadening aperture for threat management, consider the following incidents:

  • On Christmas Day of 2020, a recreational vehicle was intentionally detonated in Downtown Nashville, causing injuries and long-term damage to property, forcing over 60 businesses in the area to close. 
  • In January 2021, a hacker gained remote access to a computer associated with a water treatment plant in the Bay Area and deleted programs that were used to treat drinking water. While the incident was resolved in time to avoid serious impacts, the event could have resulted in illness, mass panic, and supply chain concerns.

Although each of these incidents has a different cause, both events had the potential to trigger cascading delays, damage to property, loss of life, and significant economic impacts. Knowing this, emergency managers and their partners can apply their experience developing physical security preparedness and response principles to the cyber threat.

UNDERSTANDING THE THREAT LANDSCAPE

While we often hear about physical security threats, such as active shooters and acts of terrorism, the emergence of cyberattacks represents not only an evolution of these known threats, but an expansion of the existing risk. In other words, criminals who wish to carry out acts of violence or commit crimes no longer need to leave their homes to do so. Moreover, those with nefarious intentions can now carry out attacks without access to the resources or organizational support that physical security threats may require.

The threat we now face is complex. The perpetrators of cyberattacks range from skilled hobbyists and small organized criminal groups to nation-state actors. Perpetrators have also demonstrated an ability and willingness to operate locally or at scale, from using electric vehicle charging points as a backdoor to home networks, to holding 45% of United States East Coast’s diesel, petrol, and jet fuel as part of the Colonial Pipeline ransomware incident that occurred earlier this year. Cyberattack victims also span sectors and are not always the most obvious targets. In some cases, nation-states have exploited expansive supply chain networks, including small businesses, in order to steal sensitive defense industrial information and undermine national security.

Cyber breaches can impact your organization’s finances, operations, or reputation, and the accumulated cost is not always easy to quantify. Following a cyberattack, organizations may have to consider whether they can afford to pay a ransom, whether they are able to restart operations, or whether they can ever rebuild the trust of customers. In addition, unlike the accoutrements associated with robust physical security, comprehensive cybersecurity can be challenging to demonstrate to your customers and the public.

Thinking about the impacts of cybersecurity on your organization can feel overwhelming. However, it is often the absence of basic cybersecurity preparedness protocols that can put your operations at risk. The Colonial Pipeline attack impacted the movement of over 10 million barrels of product, resulting in cascading fuel shortages across the Eastern Seaboard. Hackers held the firm to ransom thanks to the theft of a single password, enabled by the failure to use multi-factor authentication on a virtual private network. Robust cybersecurity measures and a quick, considered response can be the difference between success and failure.

HOW HAGERTY CAN HELP

Hagerty is here to help.  Our team of experts are on hand to support your organization as it prepares for and responds to the emerging cyber risks your organization faces. Our offerings will allow you to understand the threats and translate them into concrete remedial actions, such as cyber disruption plans, communications protocols, business continuity strategies, risk assessments, and more.

  • Programmatic Assessments: If your organization is unsure where to start in combating physical and cyber security threats, Hagerty can assess your current policies and procedures and offer tangible recommendations for improvement. 
  • Funding: Hagerty has a wealth of experience in identifying and securing funding in support of planning, training, and exercise activities. We are here to help you fund your preparedness and response activities.
  • Planning: Hagerty’s experience developing emergency preparedness operations plans in a range of sectors can ensure your policies account for the known unknowns, ultimately building your organizational resilience. Hagerty has worked with governmental and non-governmental organizations across the nation to develop planning products that establish functional procedures for threat preparedness and response based on best practices.
  • Exercises: Hagerty’s robust exercise design practice  includes experience in developing exercises that test capabilities in both physical and cyber threat response. These activities have resulted in actionable after-action reporting and enhanced organizational readiness.

Using these capabilities, Hagerty stands ready to enhance your organization’s cyber and physical security preparedness as you work to protect your organizations against risk. Visit https://www.cyberthreatready.com/ to learn more.

Making cyber preparedness a priority, and building capabilities together, we can all be #CyberThreatReady.

Erin Bajema is Hagerty’s cyber sector co-lead and an emergency management professional with experience supporting several areas of emergency preparedness as an analyst, planner, evaluator, and instructional systems designer. Ms. Bajema has served on projects in a diverse range of subjects, including disaster recovery planning, housing, continuity of operations, hazard mitigation, active threat, evacuation, damage assessment, and cybersecurity.

Austin Barlow is Hagerty’s cyber sector co-lead as well as a planning, training, and exercise project manager with a background that includes disaster fieldwork, employment in support of all levels of government, and formal training and education in the development and implementation of emergency management policy. Mr. Barlow has led and supported national-scale projects, programs, and technologies, with a focus on strengthening whole community partnerships, addressing vulnerabilities, and building critical capabilities.

Jonathan Davis is a Managing Associate at Hagerty Consulting, where he works on energy, security, and cyber issues. Mr. Davis recently joined Hagerty from the British Government.

Kelly Girandola is a Managing Associate in the Preparedness Division where she has contributed to a diverse portfolio of projects within Hagerty’s Security and Threat Management Sector, including multiple Complex Coordinated Terrorist Attack programs. Prior to joining Hagerty, Kelly worked for the Department of Homeland Security (DHS) as a Special Assistant to the Secretary in Washington, DC.

2021 Preparedness Grants: Readying Your Community for Emerging Threats Through Prevention and Protection

On February 25, Secretary of Homeland Security Alejandro Mayorkas announced that as part of the newly released 2021 Department of Homeland Security (DHS) Preparedness Grants, combating domestic violent extremism (DVE) would be a ‘National Priority Area’. Coupled with lone actor attacks, cyberattacks, and complex coordinated terrorist attacks (CCTA), local and state government face a profound challenge in preparing for, and potentially responding to, this known and emerging threat. Through this recent funding cycle, over $1.8 billion has been made available in competitive and awarded grants:

Additionally, Secretary Mayorkas emphasized that many of the threats our country now faces stem from homegrown extremism as opposed to threats from foreign actors. Accordingly, law enforcement and their public safety partners must be bold and innovative as they continue developing the skills required to respond to new threats motivated by dis- and misinformation as well as extremist rhetoric spread through social media and other online platforms.

Preparing for the Next Critical Incident: A Focus on Prevention and Protection

As the threat landscape continues to evolve, the prevention and protection mission areas of FEMA’s National Preparedness Goal have been prioritized. Ensuring these important capabilities are top of mind provides organizations and jurisdictions an opportunity for discovery, innovation, and perspective – hopefully strengthening their readiness for any hazards they may face.

Encrypted messaging, hyper-networked groups, and lone actor events demonstrate the span of complexity that responders now operate in. Identifying and sharing a key detail could prevent an attack or mitigate the severity of its impact. For example, studies show that 86 per cent of lone actors share their convictions with others, and 58 per cent provide indications of violent intent. Communicating crucial information between local and state partners, wherever that information may come from, could be the difference.

To properly prepare, an organization must understand the nature and complexity of the emerging threats. Often, law enforcement, fire protection, emergency management, and emergency medical services – not to mention the wider community of public and private sector partners – do not communicate consistently in the way that a multi-day, critical incident might require. Therefore, developing plans and procedures to ensure the fluidity of critical information-sharing prior to and during a crisis is a must.

Building a Preparedness Program Driven by Prevention and Protection: Hunter Seeker Exercises

While decades of planning, training, and exercise have strengthened overall response to critical incidents, the preparedness grants offers awardees a unique opportunity to develop and sustain a community preparedness program driven by the prevention and protection core capabilities.

To help build and promote an understanding of how critical prevention and protection capabilities can stop an active threat, cyberattack, or act of DVE from taking place, Hagerty has developed Hunter Seeker – an exercise hosted by intelligence operations centers (such as a fusion center or other intelligence and information sharing hub) that incorporates gaming concepts and Homeland Security Exercise and Evaluation Program (HSEEP) guidance to create a dynamic exercise experience like no other.

Unlike many exercises, Hunter Seeker is highly customizable – tailored to meet the unique needs of the participants. Using a phased approach that goes beyond HSEEP standards, Hagerty’s exercise designers and active threat experts conduct rigorous interviews and assessments, build organic scenarios (such as a DVE attack or cyberattack) with thousands of injects and hundreds of potential outcomes, and incorporate gaming concepts for the organizations involved in the Information Sharing Environment (ISE).

Throughout the exercise, participants are fully immersed in the scenario through simulated news, social media, and incorporation of the Homeland Security Information Network (HSIN) along with other information sharing tools. During the multi-day exercise, the decisions made by individuals and teams shape the scenario, with each outcome designed to test the identified and unidentified weaknesses in the system. Following the completion of Hunter Seeker, Hagerty experts facilitate an after-action reporting process and improvement planning effort with participating agencies and organizations.

Are You Threat Ready? Hagerty Can Help!

Hunter Seeker is a dynamic, interactive exercise and a way that Hagerty can help bolster your community’s or organization’s preparedness capabilities. As we help you find the right solution to meet your needs, it is important to note that our services are not limited to solely in-person or solely virtual conduct – a myriad of hybrid options also exist that can benefit your organization. Hagerty will work with you to determine the best scenario given your desired objectives, outcomes, and resources.

David Schuld is a Deputy Director of Preparedness Programs at Hagerty Consulting, and leads the firm’s efforts in homeland security, active threat preparedness, and Hunter Seeker. He has managed numerous public safety-related projects ranging from intelligence and information sharing, to integrated response to an active threat, to mass casualty crime recovery. 

Jonathan Davis is a Managing Associate at Hagerty Consulting and homeland security subject matter expert, most recently working for the United Kingdom (UK) Home Office.

Taking “Fusion” to the Next Level: How Hagerty Supports Public-Private Sector Intelligence Coordination

Recent civil unrest across the United States demonstrates the need for coordinated information and intelligence sharing amongst public safety agencies and the private sector. To facilitate this necessary two-way intelligence and information flow, private sector entities should establish a strong relationship with their local fusion center. Hagerty endeavors to facilitate this relationship-buildinby supporting both the public and private sector with high-level strategic planning, staff augmentation for specific roles, and  multi-agency, multi-jurisdictional communications exercises.

An increasing number of fusion centers have emerged within the private sector. Often called global operations centers, these centers are associated with major corporations and gather intelligence to understand and stay ahead of the information landscape, like their public sector counterparts. These centers’ mission is to protect business operations, brand, employees, and facilities. By establishing a strong relationship with local fusion centers, the private sector can support the whole community and our country’s ability to prevent, respond to, and recover from threats to public safety.

Fusion centers provide a unique perspective on threats to their state or locality by collecting and communicating critical intelligence information across all-hazards. They also serve as the primary conduit between frontline response personnel, state and local leadership, and the federal government. Government-run fusion centeridentify and understand critical incidents as they unfoldwhich is then shared with the decisionmakers that determine the allocation of resources and communicate with the public to ensure  safety. As national responses to civil unrest have demonstrated,  the whole community  is responsible for ensuring public safety. Traditional public safety agencies (i.e., law enforcement, fire protection, emergency medical services) are no longer the only ones with significant role  To ensure a successful response, each stakeholder in the whole community is a part of the Information Sharing Environment (ISE).  

Figure 1. Whole Community Participants in the Information Sharing Environment

Hospital and healthcare facilities, public health departments and emergency management agencies, religious and community-based organizations, private sector businesses, and individual citizens are all considered whole community participants. When fusion centers receive  information from all of these participants, it helps to build their understanding of  threats or incidents.  

Figure 2. Private Sector Information Sharing During Civil Unrest Supports Public Safety 

Timely, trusted information sharing amongst all stakeholders is essential to our national security and vital to maintaining public safety as neither government nor the private sector alone has the knowledge or resources to do it alone. Private sector  information on risks and hazards affecting their business,  combined with the information shared by other whole community stakeholders, helps build a holistic national threat picture  better informing the entire federal, state, and urban-area fusion center Network to keep people safe. 

Hagerty Can Help 

Hagerty Consulting is a national leader in active threat preparedness and has carried out hundreds of exercises and resiliency-building projects for public and private sector clients that aim to build comprehensive preparedness program management, including intelligence and information sharing. Hagerty has the tools and relationships to bridge the gap between public and private fusion centers and facilitate engagement from whole community stakeholders across the ISE. 

Hunter Seeker Exercise  

Hagerty is made up of professionals who developed their expertise in diverse environments—including the private and public sectors, military, and traditional and non-traditional intelligence sectors. Rooted in this experience, Hagerty developed Hunter Seekeran exercise concept designed specifically to evaluate information sharing systems between whole community participants of the ISE. Hagerty has conducted multiple Hunter Seeker exercises, helping fusion centers and their partners develop, test, and hone their intelligence and information sharing capabilities. This exercise presents a scalable, scenario-based exercise aiming to build intelligence and information sharing relationships across the private and public sectors.  

Staffing Surge Support 

The  public and private sector can call on the Hagerty Response Task Force (RTF). The Hagerty Response Task Force consists of a cadre of emergency managers and other professionals who are willing and able to respond to affected areas nationwideThe Hagerty RTF can provide staffing surge support specifically to augment intelligence and information sharing through: 

Strategic Planning Services and Change Management 

Through strategy development, executive roundtables, leadership seminars, and workshops, Hagerty is poised to help  build an innovative and collaborative path forward. These activities will   allow for the exchange of best practices among intelligence professionals and participants will come away with contacts, strategies, and ideas about the industry’s path forward. After a thorough discovery process, Hagerty can develop a Change Management Toolkit and tailored plans to address: 

  • Stakeholder Management and Engagement 
  • Team Development 
  • Communications 
  • Operations Process Impact Analysis and Action 
  • Training and Exercise Needs Implementations Plan

Timely communication and information sharing is an enduring area of improvement across all agencies around the country for every threat and hazard agencies face. The first step to improving  is to formalize mechanisms for  sharing and strengthen relationships within the whole community, especially through public-private partnerships. 

Glossary of Terms Used 

Civil unrest: In the context of this article, civil unrest relates to recent peaceful protests and other First Amendment-protected activities that could impact public safety (e.g., traffic impacts), as well as recent riots, looting, and vandalism.

Community-Based Organizations: Organizations, often local, that work directly with community members and have a strong understanding of the needs, vulnerabilities, and desired improvements of the community.

Fusion Centers: designed to connect intelligence and information management professionals and strengthen the Information Sharing Environment. Though fusion centers have traditionally been governmental agency-owned and operated, many private sector fusion centers have been created as organizations across industries see their value in protecting their people, products, facilities, and brand.

Information Sharing Environment (ISE): network of people, programs, and organizations that support intelligence and information sharing.

Network: There are 80 government-run fusion centers around the country which make up the National Network of Fusion Centers. Collaboratively, the Network brings critical context and value to Homeland Security and Law Enforcement.

Althea de Guzmanis the Lead of the Information and Intelligence Sharing service line at Hagerty. She manages the St. Louis Regional Portfolio, which includes the St. Louis Complex Coordinated Terrorist Attack (CCTA) Program. Althea leverages her experience in healthcare and project management to support hospital and healthcare coalition initiatives in the region and around the country. Recently, Althea leveraged her expertise in the development and execution of multi-site, multi-jurisdictional, and multi-disciplinary exercises and translated it into a remote environment, leading Hagerty’s virtual exercise offerings. Althea graduated from and is affiliated with The University of Chicago, supporting emerging professionals to understand complex adaptive systems in emergency management and homeland security.  

Anne Armstrong is an Associate at Hagerty. While pursuing her Master’s degree in Washington, D.C., Anne worked on federal policy and strategy in the non-profit space and at the Department of Homeland Security’s Office of Policy. Anne has contributed to a diverse portfolio of projects, including a federal strategy to protect the nation’s critical infrastructure and a recovery plan for an international NGO in the wake of violent conflict. Prior to joining Hagerty, Anne was living and working in Amman, Jordan, as a Boren Fellow. 

Enter Hunter Seeker: How Hagerty is Helping to Strengthen the Information Sharing Environment

Exercises provide stakeholders a valuable opportunity to validate concepts and activities in a no-fault learning environment. In the active threat preparedness field, Hagerty Consulting, Inc. (Hagerty) was grateful for the opportunity to support 38 exercises in 2019 alone. These activities ranged from discussion-based exercises on family reunification and mass casualty crime preparedness to operations-based Special Weapons and Tactics (SWAT) drills and full-scale exercises (FSEs) simulating the operation of a Family Assistance Center (FAC) after an active threat event (in this case, a bombing at a music festival). Hagerty’s exercise design teams take these learning opportunities seriously, understanding that an exercise may be the first, last, or only time participants have to explore concepts and identify gaps before an actual incident (such as an active threat).

While many active threat exercises focus on more tactically-based drills, early in its existence, Hagerty identified a need often overlooked: Testing information and intelligence sharing during critical incidents. With communications breakdowns being identified as an area for improvement following every incident, the need to exercise and understand the interactions that take place within the Information Sharing Environment (ISE) among a wide array of partners is imperative. To address this need, Hagerty developed an innovative, multi-day functional exercise concept.

Enter Hunter Seeker.

The Hunter Seeker Functional Exercise (FE) unfolds over a period of multiple days, enabling participants to work together to build a common operating picture of a potential threat; analyze and synthesize information as a critical incident emerges; and return to steady-state operations following a critical incident.

Figure 1: Example of focus areas of activities over the course of a four-day long Hunter Seeker.

An Exercise Anchored in Supporting the Needs of its Participants

Hagerty’s Hunter Seeker exercise concept is successful due to its three foundational tenets: 1) Scalability in Design, 2) Versatility in Application, and the 3) Creation of a Realistic Play Environment.

Scalability in Design: Every Hunter Seeker exercise is tailored to meet the client’s needs. Hagerty achieves this by conducting interviews and assessments with participating agencies during the early stages of the planning process. These steps allow exercise designers to define key concepts to validate and craft ways to test for gaps in steady state, crisis state, sustained crisis state, and return-to-steady state postures. The result of this design process is a scalable exercise that includes meaningful play for all participants, with the potential to collaborate with whole community stakeholders at all levels (local, state, federal, public, and private).

Versatility in Application: The only limit to how the Hunter Seeker concept can be applied is the client’s imagination. This concept is intentionally versatile and could be applied to key issues, such as active threat, human trafficking, cyberattacks, terrorist attacks, and more.

Creation of a Realistic Exercise Play Environment: Hunter Seeker typically takes place in the players’ actual work environments to ensure players have an exercise experience that feels realistic. Also, Hunter Seeker designers leverage actual technologies whenever possible and develop replicas for key technologies, if needed. For example, Hagerty’s EMSocialSimulation mimics social media platforms so that social media research can be conducted. In one of the more recent Hunter Seekers, Hagerty created over 2,000 social media injects with which players could engage).

The Hunter Seeker design team has also developed a complex cast of characters possessing their own backgrounds, motives, and decision-making pathways that players must work to understand. During the exercise, if players ask the right questions, they earn additional information to help put the pieces of the plot together. This innovative exercise design feature keeps Hunter Seeker an engaging experience.

Case Study: Hunter Seeker within the National Network of Fusion Centers

Figure 2: Fusion Centers with Operational Areas in Six States Have Participated in Hunter Seeker Exercises

The first iterations of this innovative exercise focused on information and intelligence sharing within the National Network of Fusion Centers (NNFC) during a Complex Coordinated Terrorist Attack (CCTA) scenario. These Hunter Seekers involved participation among state and regional fusion centers whose operational areas include Illinois, Kansas, Massachusetts, Missouri, Nevada, and Utah, along with their respective government and private sector partners.

Photo: Simulation Cell (SimCell) team members view a link chart fusion center analysis developed to illustrate relationships between the members of a simulated terrorist organization during a Hunter Seeker exercise designed as part of the St. Louis Regional CCTA Program.  

Hagerty is prepared to work with your organization to plan a Hunter Seeker exercise to validate key information and intelligence sharing concepts. To learn more about Hunter Seeker, other services in the Active Threat Portfolio, or the team’s subject matter expertise in this arena, please contact development@hagertyconsulting.com.

 

David Schuld is a Deputy Director of Preparedness Programs and Lead for the Active Threat Portfolio at Hagerty. Hagerty began the Active Threat Portfolio in 2015 and has since grown to be a national leader in active threat preparedness. David developed the Hunter Seeker exercise concept in 2016, and since then has worked with a stellar team of subject matter experts and exercise designers to transform this concept into a service. Prior to joining Hagerty in 2015, David worked as a political advisor to the British Army and crisis management advisor for the British Government in the United States (US).  

Becky Brocker is a Senior Managing Associate at Hagerty. Becky leverages her background in intelligence analysis and experience as a fusion center supervisor to support the development of Hunter Seeker exercises. Prior to joining Hagerty, Becky served in intelligence and emergency management roles at the Federal Bureau of Investigation (FBI), the DC Homeland Security and Emergency Management Agency’s (HSEMA’s) fusion center, and Argonne National Laboratory. 

Althea de Guzman is a Managing Associate at Hagerty. She currently serves as the on-site Regional Program Coordinator for the St. Louis CCTA Program. Althea leverages her previous experience in healthcare and project management to support hospital and healthcare coalition initiatives in the Region. Althea is also currently affiliated with The University of Chicago, teaching emerging professionals to understand complex adaptive systems in emergency management and homeland security.