Archives

Managing Security Threats in the Cyber and Physical Realms

Emergency management and security practitioners have long worked to combat physical security threats, including those posed by active threat events. As our world becomes increasingly digital, these practitioners are facing an emerging threat type outside the physical realm: cybersecurity. As October is Cybersecurity Awareness Month, Hagerty wants to encourage the personnel and partners dedicated to emergency management to consider how cyber risk is evolving and they can use their existing skill sets to help combat that risk. Cyber risk is now a global security challenge.

Security threats are expanding their reach beyond purely physical attacks and into cyber assets: Source

As we examine the newly broadening aperture for threat management, consider the following incidents:

  • On Christmas Day of 2020, a recreational vehicle was intentionally detonated in Downtown Nashville, causing injuries and long-term damage to property, forcing over 60 businesses in the area to close. 
  • In January 2021, a hacker gained remote access to a computer associated with a water treatment plant in the Bay Area and deleted programs that were used to treat drinking water. While the incident was resolved in time to avoid serious impacts, the event could have resulted in illness, mass panic, and supply chain concerns.

Although each of these incidents has a different cause, both events had the potential to trigger cascading delays, damage to property, loss of life, and significant economic impacts. Knowing this, emergency managers and their partners can apply their experience developing physical security preparedness and response principles to the cyber threat.

UNDERSTANDING THE THREAT LANDSCAPE

While we often hear about physical security threats, such as active shooters and acts of terrorism, the emergence of cyberattacks represents not only an evolution of these known threats, but an expansion of the existing risk. In other words, criminals who wish to carry out acts of violence or commit crimes no longer need to leave their homes to do so. Moreover, those with nefarious intentions can now carry out attacks without access to the resources or organizational support that physical security threats may require.

The threat we now face is complex. The perpetrators of cyberattacks range from skilled hobbyists and small organized criminal groups to nation-state actors. Perpetrators have also demonstrated an ability and willingness to operate locally or at scale, from using electric vehicle charging points as a backdoor to home networks, to holding 45% of United States East Coast’s diesel, petrol, and jet fuel as part of the Colonial Pipeline ransomware incident that occurred earlier this year. Cyberattack victims also span sectors and are not always the most obvious targets. In some cases, nation-states have exploited expansive supply chain networks, including small businesses, in order to steal sensitive defense industrial information and undermine national security.

Cyber breaches can impact your organization’s finances, operations, or reputation, and the accumulated cost is not always easy to quantify. Following a cyberattack, organizations may have to consider whether they can afford to pay a ransom, whether they are able to restart operations, or whether they can ever rebuild the trust of customers. In addition, unlike the accoutrements associated with robust physical security, comprehensive cybersecurity can be challenging to demonstrate to your customers and the public.

Thinking about the impacts of cybersecurity on your organization can feel overwhelming. However, it is often the absence of basic cybersecurity preparedness protocols that can put your operations at risk. The Colonial Pipeline attack impacted the movement of over 10 million barrels of product, resulting in cascading fuel shortages across the Eastern Seaboard. Hackers held the firm to ransom thanks to the theft of a single password, enabled by the failure to use multi-factor authentication on a virtual private network. Robust cybersecurity measures and a quick, considered response can be the difference between success and failure.

HOW HAGERTY CAN HELP

Hagerty is here to help.  Our team of experts are on hand to support your organization as it prepares for and responds to the emerging cyber risks your organization faces. Our offerings will allow you to understand the threats and translate them into concrete remedial actions, such as cyber disruption plans, communications protocols, business continuity strategies, risk assessments, and more.

  • Programmatic Assessments: If your organization is unsure where to start in combating physical and cyber security threats, Hagerty can assess your current policies and procedures and offer tangible recommendations for improvement. 
  • Funding: Hagerty has a wealth of experience in identifying and securing funding in support of planning, training, and exercise activities. We are here to help you fund your preparedness and response activities.
  • Planning: Hagerty’s experience developing emergency preparedness operations plans in a range of sectors can ensure your policies account for the known unknowns, ultimately building your organizational resilience. Hagerty has worked with governmental and non-governmental organizations across the nation to develop planning products that establish functional procedures for threat preparedness and response based on best practices.
  • Exercises: Hagerty’s robust exercise design practice  includes experience in developing exercises that test capabilities in both physical and cyber threat response. These activities have resulted in actionable after-action reporting and enhanced organizational readiness.

Using these capabilities, Hagerty stands ready to enhance your organization’s cyber and physical security preparedness as you work to protect your organizations against risk. Visit https://www.cyberthreatready.com/ to learn more.

Making cyber preparedness a priority, and building capabilities together, we can all be #CyberThreatReady.

Erin Bajema is Hagerty’s cyber sector co-lead and an emergency management professional with experience supporting several areas of emergency preparedness as an analyst, planner, evaluator, and instructional systems designer. Ms. Bajema has served on projects in a diverse range of subjects, including disaster recovery planning, housing, continuity of operations, hazard mitigation, active threat, evacuation, damage assessment, and cybersecurity.

Austin Barlow is Hagerty’s cyber sector co-lead as well as a planning, training, and exercise project manager with a background that includes disaster fieldwork, employment in support of all levels of government, and formal training and education in the development and implementation of emergency management policy. Mr. Barlow has led and supported national-scale projects, programs, and technologies, with a focus on strengthening whole community partnerships, addressing vulnerabilities, and building critical capabilities.

Jonathan Davis is a Managing Associate at Hagerty Consulting, where he works on energy, security, and cyber issues. Mr. Davis recently joined Hagerty from the British Government.

Kelly Girandola is a Managing Associate in the Preparedness Division where she has contributed to a diverse portfolio of projects within Hagerty’s Security and Threat Management Sector, including multiple Complex Coordinated Terrorist Attack programs. Prior to joining Hagerty, Kelly worked for the Department of Homeland Security (DHS) as a Special Assistant to the Secretary in Washington, DC.

Taking “Fusion” to the Next Level: How Hagerty Supports Public-Private Sector Intelligence Coordination

Recent civil unrest across the United States demonstrates the need for coordinated information and intelligence sharing amongst public safety agencies and the private sector. To facilitate this necessary two-way intelligence and information flow, private sector entities should establish a strong relationship with their local fusion center. Hagerty endeavors to facilitate this relationship-buildinby supporting both the public and private sector with high-level strategic planning, staff augmentation for specific roles, and  multi-agency, multi-jurisdictional communications exercises.

An increasing number of fusion centers have emerged within the private sector. Often called global operations centers, these centers are associated with major corporations and gather intelligence to understand and stay ahead of the information landscape, like their public sector counterparts. These centers’ mission is to protect business operations, brand, employees, and facilities. By establishing a strong relationship with local fusion centers, the private sector can support the whole community and our country’s ability to prevent, respond to, and recover from threats to public safety.

Fusion centers provide a unique perspective on threats to their state or locality by collecting and communicating critical intelligence information across all-hazards. They also serve as the primary conduit between frontline response personnel, state and local leadership, and the federal government. Government-run fusion centeridentify and understand critical incidents as they unfoldwhich is then shared with the decisionmakers that determine the allocation of resources and communicate with the public to ensure  safety. As national responses to civil unrest have demonstrated,  the whole community  is responsible for ensuring public safety. Traditional public safety agencies (i.e., law enforcement, fire protection, emergency medical services) are no longer the only ones with significant role  To ensure a successful response, each stakeholder in the whole community is a part of the Information Sharing Environment (ISE).  

Figure 1. Whole Community Participants in the Information Sharing Environment

Hospital and healthcare facilities, public health departments and emergency management agencies, religious and community-based organizations, private sector businesses, and individual citizens are all considered whole community participants. When fusion centers receive  information from all of these participants, it helps to build their understanding of  threats or incidents.  

Figure 2. Private Sector Information Sharing During Civil Unrest Supports Public Safety 

Timely, trusted information sharing amongst all stakeholders is essential to our national security and vital to maintaining public safety as neither government nor the private sector alone has the knowledge or resources to do it alone. Private sector  information on risks and hazards affecting their business,  combined with the information shared by other whole community stakeholders, helps build a holistic national threat picture  better informing the entire federal, state, and urban-area fusion center Network to keep people safe. 

Hagerty Can Help 

Hagerty Consulting is a national leader in active threat preparedness and has carried out hundreds of exercises and resiliency-building projects for public and private sector clients that aim to build comprehensive preparedness program management, including intelligence and information sharing. Hagerty has the tools and relationships to bridge the gap between public and private fusion centers and facilitate engagement from whole community stakeholders across the ISE. 

Hunter Seeker Exercise  

Hagerty is made up of professionals who developed their expertise in diverse environments—including the private and public sectors, military, and traditional and non-traditional intelligence sectors. Rooted in this experience, Hagerty developed Hunter Seekeran exercise concept designed specifically to evaluate information sharing systems between whole community participants of the ISE. Hagerty has conducted multiple Hunter Seeker exercises, helping fusion centers and their partners develop, test, and hone their intelligence and information sharing capabilities. This exercise presents a scalable, scenario-based exercise aiming to build intelligence and information sharing relationships across the private and public sectors.  

Staffing Surge Support 

The  public and private sector can call on the Hagerty Response Task Force (RTF). The Hagerty Response Task Force consists of a cadre of emergency managers and other professionals who are willing and able to respond to affected areas nationwideThe Hagerty RTF can provide staffing surge support specifically to augment intelligence and information sharing through: 

Strategic Planning Services and Change Management 

Through strategy development, executive roundtables, leadership seminars, and workshops, Hagerty is poised to help  build an innovative and collaborative path forward. These activities will   allow for the exchange of best practices among intelligence professionals and participants will come away with contacts, strategies, and ideas about the industry’s path forward. After a thorough discovery process, Hagerty can develop a Change Management Toolkit and tailored plans to address: 

  • Stakeholder Management and Engagement 
  • Team Development 
  • Communications 
  • Operations Process Impact Analysis and Action 
  • Training and Exercise Needs Implementations Plan

Timely communication and information sharing is an enduring area of improvement across all agencies around the country for every threat and hazard agencies face. The first step to improving  is to formalize mechanisms for  sharing and strengthen relationships within the whole community, especially through public-private partnerships. 

Glossary of Terms Used 

Civil unrest: In the context of this article, civil unrest relates to recent peaceful protests and other First Amendment-protected activities that could impact public safety (e.g., traffic impacts), as well as recent riots, looting, and vandalism.

Community-Based Organizations: Organizations, often local, that work directly with community members and have a strong understanding of the needs, vulnerabilities, and desired improvements of the community.

Fusion Centers: designed to connect intelligence and information management professionals and strengthen the Information Sharing Environment. Though fusion centers have traditionally been governmental agency-owned and operated, many private sector fusion centers have been created as organizations across industries see their value in protecting their people, products, facilities, and brand.

Information Sharing Environment (ISE): network of people, programs, and organizations that support intelligence and information sharing.

Network: There are 80 government-run fusion centers around the country which make up the National Network of Fusion Centers. Collaboratively, the Network brings critical context and value to Homeland Security and Law Enforcement.

Althea de Guzmanis the Lead of the Information and Intelligence Sharing service line at Hagerty. She manages the St. Louis Regional Portfolio, which includes the St. Louis Complex Coordinated Terrorist Attack (CCTA) Program. Althea leverages her experience in healthcare and project management to support hospital and healthcare coalition initiatives in the region and around the country. Recently, Althea leveraged her expertise in the development and execution of multi-site, multi-jurisdictional, and multi-disciplinary exercises and translated it into a remote environment, leading Hagerty’s virtual exercise offerings. Althea graduated from and is affiliated with The University of Chicago, supporting emerging professionals to understand complex adaptive systems in emergency management and homeland security.  

Anne Armstrong is an Associate at Hagerty. While pursuing her Master’s degree in Washington, D.C., Anne worked on federal policy and strategy in the non-profit space and at the Department of Homeland Security’s Office of Policy. Anne has contributed to a diverse portfolio of projects, including a federal strategy to protect the nation’s critical infrastructure and a recovery plan for an international NGO in the wake of violent conflict. Prior to joining Hagerty, Anne was living and working in Amman, Jordan, as a Boren Fellow.