Determining which organizations should be involved and the roles they will play has proven challenging at all levels of government for nontraditional catastrophic emergencies such as a cyber attack. Emergency managers often have a difficult time understanding the technical nature of a cyber attack and how that fits in an emergency response while still developing decision-making processes that are true to an all-hazards approach. Below are emergency management resources to assist in planning and responding to a cyber attack.

CYBER EMERGENCY VS INCIDENT

The State of Indiana defines a cyber emergency as any actual, imminent, or potential incident that will adversely affect public health, safety, or security; the environment; or economic prosperity on a level materially significant to the State of Indiana or its operations that requires a coordinated state response.

The State of Indiana defines a cyber incident as it is described in the Presidential Policy Directive 41, which is “an event occurring on or conducted through a computer network that actually or imminently jeopardizes the confidentiality, integrity, or availability of computers, information or communications systems or networks, physical, or virtual infrastructure controlled by computers or information systems, or information resident thereon.”

REPORT A CYBERCRIME

Cybercrime includes cyber attacks (such as ransomware, malware, denial of service, etc.), fraud, and data breaches, and identity theft. If your organization is experiencing a cyber attack, click here.

EMERGENCY MANAGER CYBERSECURITY TOOLKIT 2.0

Introduced as a first-of-its-kind resource in 2019, the Indiana Emergency Manager Cybersecurity Toolkit 2.0 is updated with newly-released information, best practices, detailed plan templates and more. It is an ideal tool for helping an emergency manager to begin conversations with their local partners as simply and directly as the complexity of the effort allows.

• Welcome Letter
• How to Use This Toolkit
• Emergency Manager Cyber Situational Awareness Survey
• Cybersecurity Incident Response Plan Template
  • County Cybersecurity Response Annex Template
  • City Cybersecurity Response Plan Template
  • Generic Cyber Incident Response Plan Template
• Cybersecurity Training and Exercise Guide
• Cybersecurity Attacks in Indiana: Quick Response Guide
• Cyber Emergency Resiliency and Response State Guide
• Additional Emergency Manager Cybersecurity Resources
• Bibliography

ADDITIONAL RESOURCES

• FEMA Planning Considerations for Cyber Incidents - Guidance for Emergency Managers
• FEMA Preparedness Toolkit - HSEEP Templates
• MS-ISAC Security Primer on Ransomware
• Cybersecurity and Infrastructure Security Agency (CISA) Ransomware Website
• Cybersecurity Best Practices for Smart Cities (CISA)
• National Governors Association Disruption Response Planning Memo
• NASCIO Cyber Disruption Planning Guide
• Emergency Services Sector Cybersecurity Initiative
  A Department of Homeland Security resource to better understand and manage cyber risks and to coordinate the sharing of cyber information and tools between subject matter experts (both inside and outside the federal government) and the Emergency Services Sector disciplines.
• National Institute of Standards and Technology (NIST) Guide
• NIST’s Computer Security Incident Handling Guide assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
• Ready.gov
  Ready.gov is a national public service campaign designed to educate and empower the American people to prepare for, respond to, and mitigate emergencies, including cybersecurity.
• Assessment Evaluation and Standardization Program | CISA
  The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. The CRR assesses enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.
  • Cyber Resilience Review Supplemental Resource Guides
  • Information Sheet - Summary of the CRR process.
  • Method Description & User Guide - Walk-through for how an organization can conduct a CRR self-assessment.
  • Question Set with Guidance - Self-assessment question set along with accompanying guidance.
  • CRR NIST Framework Crosswalk - Cross-reference chart for how the NIST Cybersecurity Framework aligns to the CRR.
• National Cyber Incident Response Plan (NCIRP)
  The NCIRP, developed by the United States Computer Emergency Readiness Team (US-CERT), describes a national approach to dealing with cyber incidents; addresses the important role that the private sector, state and local governments, and multiple federal agencies play in responding to incidents and how the actions of all fit together for an integrated response.
• National Cybersecurity and Communications Integration Center (NCCIC)
  A 24/7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement.