Cybersecurity

What is Cybersecurity?

Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. It seems that everything relies on computers and the internet now—communication (e.g., email, smartphones, tablets), entertainment (e.g., interactive video games, social media, apps ), transportation (e.g., navigation systems), shopping (e.g., online shopping, credit cards), medicine (e.g., medical equipment, medical records), and the list goes on.¹

How Does OHS Protect and Support Cybersecurity?

The Planning & Operations Branch within the Office of Homeland Security (OHS) manages the Hawaii’s Cybersecurity Program and maintains close collaborative relationships with Federal partners and can assist in accessing federal resources related to cybersecurity. There are a multitude of sources for tips and suggestions for various aspects of individual cybersecurity that we also stay abreast of.

Cyber incidents can have serious consequences. The theft of private, financial, or other sensitive data and cyberattacks that damage computer systems can cause lasting harm to anyone engaged in personal or commercial online transactions. Such risks are increasingly faced by businesses, consumers, and all other users of the Internet. Individuals who find themselves victims of cyber crime are encouraged to report such incidents. Additionally, a private sector entity that is a victim of a cyber incident can receive assistance from government agencies, which are prepared to investigate the incident, mitigate its consequences, and help prevent future incidents.

Download the 2023 Quick Reference Key Points of Contact (State and Federal).

With the advent of the federal State and Local Cybersecurity Grant Program that prioritizes development of state cybersecurity plans, the Office of Homeland Security is working with relevant stakeholders to establish a 2022 grant proposal focused on development of the Hawai‘i Cybersecurity Program Plan. It is envisioned that the Hawai‘i Cybersecurity Program Plan will address Governance, Preparation and Protection, and Workforce Development.

Building cybersecurity governance, which may include:

Creating a cybersecurity governance structure, whether through executive order, legislation or ad-hoc formation, and selecting members of the body based on their ability to implement change;
Developing a statewide cybersecurity strategy that emphasizes protecting the state’s IT networks, defending critical infrastructure, building the cybersecurity workforce, and enhancing private partnerships; and
Conducting a risk assessment to identify cyber vulnerabilities, cyber threats, potential consequences of cyberattacks and resources available to mitigate such threats and consequences.

Preparing and protecting the state from cybersecurity events, which may include:

Assessing and mitigating cybersecurity risks and cybersecurity threats relating to critical infrastructure;
Exercising (and revising as needed) the state’s Cyber Disruption Response Plan that emphasize a whole-of-state approach and focused county-level engagements;
Enhancing our framework for information sharing by facilitating interactions between state and county IT, homeland security, and emergency management officials and critical infrastructure owners/operators;
Incorporating procedures for using the National Guard’s cyber capabilities into cyber response plans and working with the legislative branch to expand the circumstances under which the Guard can be activated, if necessary;
Distributing funds, items, services, capabilities, or activities to county governments; and
Developing a public communications plan for cyber events.

Growing the state’s cybersecurity workforce and their capabilities, which may include:

Using the National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity to:
- identify and mitigate any gaps in the cybersecurity workforces,
- enhance recruitment and retention efforts for those workforces, and
- bolster the knowledge, skills, and abilities of State/Local government personnel;
Reclassifying state job descriptions for cybersecurity positions to align with private sector practices;
Leveraging the state’s National Security Agency-certified Centers of Academic Excellence at the University of Hawai‘i (Manoa and Maui);
Placing veterans into cybersecurity certification programs or open positions within state agencies;
Partnering with colleges to increase the availability of transferable, two-year cybersecurity degrees; and
Creating a program to assign qualified college students to state agencies as low-cost, skilled cybersecurity interns.

The Hawai‘i Cyber Disruption Response Plan (CDRP) describes the framework for state cyber disruption response and short-term recovery coordination among multiple state, local, and federal agencies and private entities with critical computer information or operational systems or cyber response assets or capabilities. It provides a framework, including the establishment of a Cyber Unified Coordination Group (C-UCG), for the coordination of rapid identification, information exchange, response, and short-term recovery and remediation to mitigate the damage caused by a significant cyber incident. In response to a significant cyber incident that includes the need to engage in consequence management activities for physical effects related to the incident, the State Government establishes two lead agencies under the UCG:

OHS as lead for coordinating asset and threat response and intelligence support.
HI-EMA as lead for coordinating response to any consequence management activities for physical effects.

The current CDRP can be found HERE and also contains attachments addressing:

Checklist of Major Steps for Disruption Response and Handling
Model Cyber Incident Response Plan
Cyber Incident Severity Schema/National Response Coordination Center Activation Crosswalk
Core Capabilities and Critical Tasks
Guidance on Reporting a Cyber Disruption
Threat Levels and Anticipated Response
Communications Checklists

Contact our Plans and Operations Branch Chief  at jimmie.l.collins@hawaii.gov for additional information and opportunities.

As defined by the Cybersecurity and Infrastructure Security Agency. ↩︎