Archives

Managing Security Threats in the Cyber and Physical Realms

Emergency management and security practitioners have long worked to combat physical security threats, including those posed by active threat events. As our world becomes increasingly digital, these practitioners are facing an emerging threat type outside the physical realm: cybersecurity. As October is Cybersecurity Awareness Month, Hagerty wants to encourage the personnel and partners dedicated to emergency management to consider how cyber risk is evolving and they can use their existing skill sets to help combat that risk. Cyber risk is now a global security challenge.

Security threats are expanding their reach beyond purely physical attacks and into cyber assets: Source

As we examine the newly broadening aperture for threat management, consider the following incidents:

  • On Christmas Day of 2020, a recreational vehicle was intentionally detonated in Downtown Nashville, causing injuries and long-term damage to property, forcing over 60 businesses in the area to close. 
  • In January 2021, a hacker gained remote access to a computer associated with a water treatment plant in the Bay Area and deleted programs that were used to treat drinking water. While the incident was resolved in time to avoid serious impacts, the event could have resulted in illness, mass panic, and supply chain concerns.

Although each of these incidents has a different cause, both events had the potential to trigger cascading delays, damage to property, loss of life, and significant economic impacts. Knowing this, emergency managers and their partners can apply their experience developing physical security preparedness and response principles to the cyber threat.

UNDERSTANDING THE THREAT LANDSCAPE

While we often hear about physical security threats, such as active shooters and acts of terrorism, the emergence of cyberattacks represents not only an evolution of these known threats, but an expansion of the existing risk. In other words, criminals who wish to carry out acts of violence or commit crimes no longer need to leave their homes to do so. Moreover, those with nefarious intentions can now carry out attacks without access to the resources or organizational support that physical security threats may require.

The threat we now face is complex. The perpetrators of cyberattacks range from skilled hobbyists and small organized criminal groups to nation-state actors. Perpetrators have also demonstrated an ability and willingness to operate locally or at scale, from using electric vehicle charging points as a backdoor to home networks, to holding 45% of United States East Coast’s diesel, petrol, and jet fuel as part of the Colonial Pipeline ransomware incident that occurred earlier this year. Cyberattack victims also span sectors and are not always the most obvious targets. In some cases, nation-states have exploited expansive supply chain networks, including small businesses, in order to steal sensitive defense industrial information and undermine national security.

Cyber breaches can impact your organization’s finances, operations, or reputation, and the accumulated cost is not always easy to quantify. Following a cyberattack, organizations may have to consider whether they can afford to pay a ransom, whether they are able to restart operations, or whether they can ever rebuild the trust of customers. In addition, unlike the accoutrements associated with robust physical security, comprehensive cybersecurity can be challenging to demonstrate to your customers and the public.

Thinking about the impacts of cybersecurity on your organization can feel overwhelming. However, it is often the absence of basic cybersecurity preparedness protocols that can put your operations at risk. The Colonial Pipeline attack impacted the movement of over 10 million barrels of product, resulting in cascading fuel shortages across the Eastern Seaboard. Hackers held the firm to ransom thanks to the theft of a single password, enabled by the failure to use multi-factor authentication on a virtual private network. Robust cybersecurity measures and a quick, considered response can be the difference between success and failure.

HOW HAGERTY CAN HELP

Hagerty is here to help.  Our team of experts are on hand to support your organization as it prepares for and responds to the emerging cyber risks your organization faces. Our offerings will allow you to understand the threats and translate them into concrete remedial actions, such as cyber disruption plans, communications protocols, business continuity strategies, risk assessments, and more.

  • Programmatic Assessments: If your organization is unsure where to start in combating physical and cyber security threats, Hagerty can assess your current policies and procedures and offer tangible recommendations for improvement. 
  • Funding: Hagerty has a wealth of experience in identifying and securing funding in support of planning, training, and exercise activities. We are here to help you fund your preparedness and response activities.
  • Planning: Hagerty’s experience developing emergency preparedness operations plans in a range of sectors can ensure your policies account for the known unknowns, ultimately building your organizational resilience. Hagerty has worked with governmental and non-governmental organizations across the nation to develop planning products that establish functional procedures for threat preparedness and response based on best practices.
  • Exercises: Hagerty’s robust exercise design practice  includes experience in developing exercises that test capabilities in both physical and cyber threat response. These activities have resulted in actionable after-action reporting and enhanced organizational readiness.

Using these capabilities, Hagerty stands ready to enhance your organization’s cyber and physical security preparedness as you work to protect your organizations against risk. Visit https://www.cyberthreatready.com/ to learn more.

Making cyber preparedness a priority, and building capabilities together, we can all be #CyberThreatReady.

Erin Bajema is Hagerty’s cyber sector co-lead and an emergency management professional with experience supporting several areas of emergency preparedness as an analyst, planner, evaluator, and instructional systems designer. Ms. Bajema has served on projects in a diverse range of subjects, including disaster recovery planning, housing, continuity of operations, hazard mitigation, active threat, evacuation, damage assessment, and cybersecurity.

Austin Barlow is Hagerty’s cyber sector co-lead as well as a planning, training, and exercise project manager with a background that includes disaster fieldwork, employment in support of all levels of government, and formal training and education in the development and implementation of emergency management policy. Mr. Barlow has led and supported national-scale projects, programs, and technologies, with a focus on strengthening whole community partnerships, addressing vulnerabilities, and building critical capabilities.

Jonathan Davis is a Managing Associate at Hagerty Consulting, where he works on energy, security, and cyber issues. Mr. Davis recently joined Hagerty from the British Government.

Kelly Girandola is a Managing Associate in the Preparedness Division where she has contributed to a diverse portfolio of projects within Hagerty’s Security and Threat Management Sector, including multiple Complex Coordinated Terrorist Attack programs. Prior to joining Hagerty, Kelly worked for the Department of Homeland Security (DHS) as a Special Assistant to the Secretary in Washington, DC.

Taking “Fusion” to the Next Level: How Hagerty Supports Public-Private Sector Intelligence Coordination

Recent civil unrest across the United States demonstrates the need for coordinated information and intelligence sharing amongst public safety agencies and the private sector. To facilitate this necessary two-way intelligence and information flow, private sector entities should establish a strong relationship with their local fusion center. Hagerty endeavors to facilitate this relationship-buildinby supporting both the public and private sector with high-level strategic planning, staff augmentation for specific roles, and  multi-agency, multi-jurisdictional communications exercises.

An increasing number of fusion centers have emerged within the private sector. Often called global operations centers, these centers are associated with major corporations and gather intelligence to understand and stay ahead of the information landscape, like their public sector counterparts. These centers’ mission is to protect business operations, brand, employees, and facilities. By establishing a strong relationship with local fusion centers, the private sector can support the whole community and our country’s ability to prevent, respond to, and recover from threats to public safety.

Fusion centers provide a unique perspective on threats to their state or locality by collecting and communicating critical intelligence information across all-hazards. They also serve as the primary conduit between frontline response personnel, state and local leadership, and the federal government. Government-run fusion centeridentify and understand critical incidents as they unfoldwhich is then shared with the decisionmakers that determine the allocation of resources and communicate with the public to ensure  safety. As national responses to civil unrest have demonstrated,  the whole community  is responsible for ensuring public safety. Traditional public safety agencies (i.e., law enforcement, fire protection, emergency medical services) are no longer the only ones with significant role  To ensure a successful response, each stakeholder in the whole community is a part of the Information Sharing Environment (ISE).  

Figure 1. Whole Community Participants in the Information Sharing Environment

Hospital and healthcare facilities, public health departments and emergency management agencies, religious and community-based organizations, private sector businesses, and individual citizens are all considered whole community participants. When fusion centers receive  information from all of these participants, it helps to build their understanding of  threats or incidents.  

Figure 2. Private Sector Information Sharing During Civil Unrest Supports Public Safety 

Timely, trusted information sharing amongst all stakeholders is essential to our national security and vital to maintaining public safety as neither government nor the private sector alone has the knowledge or resources to do it alone. Private sector  information on risks and hazards affecting their business,  combined with the information shared by other whole community stakeholders, helps build a holistic national threat picture  better informing the entire federal, state, and urban-area fusion center Network to keep people safe. 

Hagerty Can Help 

Hagerty Consulting is a national leader in active threat preparedness and has carried out hundreds of exercises and resiliency-building projects for public and private sector clients that aim to build comprehensive preparedness program management, including intelligence and information sharing. Hagerty has the tools and relationships to bridge the gap between public and private fusion centers and facilitate engagement from whole community stakeholders across the ISE. 

Hunter Seeker Exercise  

Hagerty is made up of professionals who developed their expertise in diverse environments—including the private and public sectors, military, and traditional and non-traditional intelligence sectors. Rooted in this experience, Hagerty developed Hunter Seekeran exercise concept designed specifically to evaluate information sharing systems between whole community participants of the ISE. Hagerty has conducted multiple Hunter Seeker exercises, helping fusion centers and their partners develop, test, and hone their intelligence and information sharing capabilities. This exercise presents a scalable, scenario-based exercise aiming to build intelligence and information sharing relationships across the private and public sectors.  

Staffing Surge Support 

The  public and private sector can call on the Hagerty Response Task Force (RTF). The Hagerty Response Task Force consists of a cadre of emergency managers and other professionals who are willing and able to respond to affected areas nationwideThe Hagerty RTF can provide staffing surge support specifically to augment intelligence and information sharing through: 

Strategic Planning Services and Change Management 

Through strategy development, executive roundtables, leadership seminars, and workshops, Hagerty is poised to help  build an innovative and collaborative path forward. These activities will   allow for the exchange of best practices among intelligence professionals and participants will come away with contacts, strategies, and ideas about the industry’s path forward. After a thorough discovery process, Hagerty can develop a Change Management Toolkit and tailored plans to address: 

  • Stakeholder Management and Engagement 
  • Team Development 
  • Communications 
  • Operations Process Impact Analysis and Action 
  • Training and Exercise Needs Implementations Plan

Timely communication and information sharing is an enduring area of improvement across all agencies around the country for every threat and hazard agencies face. The first step to improving  is to formalize mechanisms for  sharing and strengthen relationships within the whole community, especially through public-private partnerships. 

Glossary of Terms Used 

Civil unrest: In the context of this article, civil unrest relates to recent peaceful protests and other First Amendment-protected activities that could impact public safety (e.g., traffic impacts), as well as recent riots, looting, and vandalism.

Community-Based Organizations: Organizations, often local, that work directly with community members and have a strong understanding of the needs, vulnerabilities, and desired improvements of the community.

Fusion Centers: designed to connect intelligence and information management professionals and strengthen the Information Sharing Environment. Though fusion centers have traditionally been governmental agency-owned and operated, many private sector fusion centers have been created as organizations across industries see their value in protecting their people, products, facilities, and brand.

Information Sharing Environment (ISE): network of people, programs, and organizations that support intelligence and information sharing.

Network: There are 80 government-run fusion centers around the country which make up the National Network of Fusion Centers. Collaboratively, the Network brings critical context and value to Homeland Security and Law Enforcement.

Althea de Guzmanis the Lead of the Information and Intelligence Sharing service line at Hagerty. She manages the St. Louis Regional Portfolio, which includes the St. Louis Complex Coordinated Terrorist Attack (CCTA) Program. Althea leverages her experience in healthcare and project management to support hospital and healthcare coalition initiatives in the region and around the country. Recently, Althea leveraged her expertise in the development and execution of multi-site, multi-jurisdictional, and multi-disciplinary exercises and translated it into a remote environment, leading Hagerty’s virtual exercise offerings. Althea graduated from and is affiliated with The University of Chicago, supporting emerging professionals to understand complex adaptive systems in emergency management and homeland security.  

Anne Armstrong is an Associate at Hagerty. While pursuing her Master’s degree in Washington, D.C., Anne worked on federal policy and strategy in the non-profit space and at the Department of Homeland Security’s Office of Policy. Anne has contributed to a diverse portfolio of projects, including a federal strategy to protect the nation’s critical infrastructure and a recovery plan for an international NGO in the wake of violent conflict. Prior to joining Hagerty, Anne was living and working in Amman, Jordan, as a Boren Fellow. 

Spotlight on Cyber: The Role of Cybersecurity in COVID-19 Response

Throughout the response to the COVID-19 pandemic, cybersecurity has had an increasingly important role in providing platforms for essential services, protecting data and systems, and helping organizations adapt to a new normal. As services and data move online and into the cloud, there is a heightened focus on cybersecurity and how organizations can enhance their cyber preparedness capabilities. The following details three key ways that the role of cybersecurity has grown and evolved during the COVID-19 pandemic.

Kaitlyn Baker: Unsplash

The Evolving Role of Cybersecurity

  1. Increased Cyberthreats.

Cyberthreats have risen as cybercriminals seek to take advantage of the pandemic with malicious cyber activity. According to an alert from the Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals used content related to COVID-19 to deploy malware, phishing attacks, and malicious domain names. Sentinel Labs also noted an increased number of attack campaigns using the Trickbot and Formbook platforms, with a focus on malicious applications targeted at teachers searching for online educational tools. Other attack types have used links purporting to contain information about COVID-19 family leave, tax relief, or package shipping.

Cyberthreats are expected to continue to rise as the pandemic persists. According to a report on the global cyberthreat landscape, the International Criminal Police Organization (INTERPOL) projects an increase in malicious cyber activity such as online scams in response to the economic downturn that has accompanied the pandemic. This rise in cyberthreats has increased the need for security measures, as well as emphasized the importance of recognizing the signs of a malicious link or download.

  1. Widespread Use of Online Services and Platforms.

Due to stay-at-home orders and social distancing measures, many services and functions have been moved online or into the cloud. As these services are relocated to online platforms, security measures must be put in place to protect them. With an increase in remote work, hijacking or “bombing” of video conferencing tools has become a common threat, allowing sensitive data to be accessed by unauthorized users and published to public forums. Some services that involve personal data, like driver license registration, have also been encouraged to move online to increase accessibility and limit unnecessary travel. This has created new vulnerabilities that must be counteracted with appropriate security measures.

The vulnerability of online platforms and data has created a higher demand for cybersecurity services, with an expected 12% compound annual growth rate in the cybersecurity market between 2019 and 2021 and 70% of organizations expecting to increase cyber security spending following the pandemic. This growth signals a greater role for cybersecurity within a diverse range of sectors; as more organizations choose to digitize services, they will require measures to secure their services, platforms, data, and users from cyberthreats.

Mati Flo: Unsplash

  1. Rising Need for Innovative Solutions.

During the pandemic, public and private sector entities have been called upon to develop new systems, policies, and protocols to meet emerging needs. Cybersecurity professionals have been vital to supporting the implementation of new and innovative programs. Some state governments, such as Montana, have introduced new chatbot systems to answer resident questions and reduce the number of support calls made to government offices.

In other cases, creating innovative solutions has involved addressing the cyber inequities revealed by COVID-19. As sectors such as education and healthcare move online, lack of access to broadband has deepened existing disparities. According to the EdWeek Research Center, 64% of school district leaders with a larger (more than 75%) proportion of low-income students said lack of technology access among students was a “major challenge” to teaching. In response, solutions to increase internet access, such as school buses retrofitted with WiFi hotspots, have been established. As stay-at-home orders and closures remain in effect, cybersecurity stakeholders will be key partners in creating solutions to meet emerging needs.

WHAT CAN YOUR ORGANIZATION DO?

As organizations continue their response to the COVID-19 pandemic, it is important to re-evaluate current protocols and postures, identify vulnerabilities, and implement solutions to address gaps in the area of cybersecurity. Consider the following recommendations for enhancing your organization’s cybersecurity for the current threat landscape:

  • Use a risk assessment to evaluate your organization’s vulnerabilities and prioritize ways to minimize risks. This provides your organization with a better understanding of its risks while allowing you to determine short, intermediate, and long-term goals for increasing cyber resilience while managing competing response priorities.
  • Foster collaboration between cybersecurity stakeholders and response partners. Diverse stakeholders will need to work together to identify effective solutions to emerging issues. Cybersecurity stakeholders should be prepared to coordinate with public and private sector partners to implement measures that contribute to cyber preparedness.
  • Establish a continuity of operations plan. As organizations seek to maintain their essential functions during the pandemic, continuity of operations (COOP) plans can serve a critical role in directing activities and defining roles and responsibilities. Organizations can use these COOP plans to identify priorities and ensure cybersecurity considerations are integrated in their operations.
  • Document lessons learned and areas for improvement. While many steady-state projects are currently on hold, organizations can plan for recovery by taking note of their gaps and successes in managing cybersecurity during pandemic response. Documenting lessons learned will support activities like cybersecurity planning, training, policy development, and exercise design in the future.

Hagerty Consulting, Inc. (Hagerty) has the experience and expertise to support organizations in cybersecurity preparedness efforts, as well as pandemic planning, business continuity, and COOP. We stand ready to help with your organization’s assessment, planning, training, and exercise needs to enhance cybersecurity and emergency response strategies in the midst of the evolving COVID-19 response. To learn more about Hagerty’s cybersecurity service line, contact development@hagertyconsulting.com or visit our cybersecurity microsite and use our free Cybersecurity Assessment Tool to evaluate your capabilities.

 

Erin Bajema is a Managing Associate in the Preparedness Division working out of Hagerty’s headquarters in Evanston, Illinois. Erin has supported planning and exercise design initiatives across a diverse range of subject areas including cybersecurity, pre-disaster recovery and redevelopment planning, cost recovery, housing, damage assessments, active threat, and air transit.

UNCERTAINTY SURROUNDING TROPICAL STORM DORIAN AS IT MOVES TOWARDS PUERTO RICO: WHAT YOU SHOULD KNOW

WEDNESDAY, AUGUST 28, 2019 AS OF 11:00 AM EST

Tropical Storm Dorian formed in the Atlantic Ocean and will move over Puerto Rico and the U.S. Virgin Islands today. While storm forecasting uncertainty is greater than usual, it is likely that Dorian will pass over Puerto Rico and the U.S. Virgin Islands with significant rainfall and tropical storm winds, still it is possible Dorian could strengthen to a Category 1 hurricane later today. Current reports suggest that the storm will move east of the Bahamas and reach the Florida Peninsula later this week. It is expected this will produce heavy rains and possible storm surge.

Tropical Cyclone Dorian Moving Towards the Islands: Link

Rescue teams in Florida prepare to support Puerto Rico and Florida as the storm moves closer. Another hurricane could be devastating for Puerto Rico and the U.S. Virgin Islands which are still recovering from the 2017 storms.

NOAA Hurricane Dorian Forecasted 5-Day Cone: Link

FEMA provides guidance to individuals preparing for, experiencing, or impacted by hurricanes. Residents of Puerto Rico, U.S Virgin Islands, and Florida are encouraged to monitor this storm as its current trajectory remains uncertain. Stay tuned as we continue to provide updates.

Public Advisories

Here’s the breakdown of public advisories from NOAA’s National Hurricane Center (NHC) in decreasing order of severity:

Hurricane Warning:

  • Vieques and Culebra, U.S Virgin Islands, and British Virgin Islands

Hurricane Watch:

  • Puerto Rico

Tropical Storm Watch:

  • Dominican Republic from Isla Saona to Samana

Evacuations and Emergency Declarations

  • Florida: See evacuation zone here

Related Stories

  • Remember, Ready.gov provides information on how to prepare for a storm and how to keep you and your family safe: link
  • NY Times regularly updated tracking of Tropical Storm Dorian: link