Cyber incidents follow the same path as other emergency incidents, and preparing for them is necessary.
A virus has infected emergency management agencies, and it has spread like wildfire. Once it infiltrates the system, it causes an inability to effectively plan and prepare for cyber incidents. The virus: fear of the unfamiliar cyber world.
To be fair, not everything related to cyber preparedness and response is unknown. Agencies may have acknowledged the potential for an incident to occur in their hazard mitigation plans or their Threat and Hazard Identification and Risk Assessments, and some may have a cursory understanding of specific vulnerabilities. Yet even with admittance, there still exists a hesitancy to move the process beyond threat identification. But there have been some successes: The Indianapolis Division of Homeland Security created a cyber security defense force and the Maryland Emergency Management Agency has started the risk assessment process. These examples, however, are not replicated by the majority of jurisdictions nationwide.
Just 24 percent of state chief information security officers are confident in their state’s ability to protect against cyber threats, ranking cyber security as their weakest core capability in the 2013 National Preparedness Report. Fewer than half of the country’s fusion centers, often owned and operated by state or local governments, have a dedicated cyber program. And though local preparedness falls somewhere between the gold standard and nonexistent, the most common trend for emergency managers is to incorporate the IT department’s disaster recovery plan into the emergency operations plan and resolve to being the “consequence manager” if and when an incident were to occur.
IT permeates nearly every aspect of our lives, and it is a necessary component in successfully delivering many public services, from waste management to first response to water and waste water treatment. Such a critical element of these programs deserves preparedness levels that rival that of floods and hurricanes.
To be fair, not everything related to cyber preparedness and response is unknown. Agencies may have acknowledged the potential for an incident to occur in their hazard mitigation plans or their Threat and Hazard Identification and Risk Assessments, and some may have a cursory understanding of specific vulnerabilities. Yet even with admittance, there still exists a hesitancy to move the process beyond threat identification. But there have been some successes: The Indianapolis Division of Homeland Security created a cyber security defense force and the Maryland Emergency Management Agency has started the risk assessment process. These examples, however, are not replicated by the majority of jurisdictions nationwide.
Just 24 percent of state chief information security officers are confident in their state’s ability to protect against cyber threats, ranking cyber security as their weakest core capability in the 2013 National Preparedness Report. Fewer than half of the country’s fusion centers, often owned and operated by state or local governments, have a dedicated cyber program. And though local preparedness falls somewhere between the gold standard and nonexistent, the most common trend for emergency managers is to incorporate the IT department’s disaster recovery plan into the emergency operations plan and resolve to being the “consequence manager” if and when an incident were to occur.
IT permeates nearly every aspect of our lives, and it is a necessary component in successfully delivering many public services, from waste management to first response to water and waste water treatment. Such a critical element of these programs deserves preparedness levels that rival that of floods and hurricanes.
For the entire article visit: http://www.emergencymgmt.com/training/Emergency-Managers-Cyberworld-Threats.html
No comments:
Post a Comment