Michigan Cyber Initiative 2015

MICHIGAN CYBER INITIATIVE 2015

Leading the Nation: An interagency, public-private collaboration

www.michigan.gov/cybersecurity Michigan has become the leader among states in cybersecurity. Since FROM THE GOVERNOR I launched the Michigan Cyber Initiative in 2011, the state has worked collaboratively with public, private and governmental partners to raise awareness and implement creative solutions to complex cybersecurity issues.

We have made many strides since 2011, including the creation of michigan.gov/cybersecurity, an award-winning website with helpful tools for citizens, businesses and governments, hosting two sold-out cybersecurity conferences and successfully taking the cybersecurity message throughout the state with our Cybersecurity Breakfast Series and Michigan Cyber Awareness Luncheon Series.

Michigan has taken a proactive approach to cyber defense with the creation of the Michigan Cyber Command Center, partnering with Merit Network on the establishment of the Michigan Cyber Range at public universities and National Guard installations, the formation of the Cyber Civilian Corps to assist in emergencies and the creation of

STATE OF MICHIGAN Cybersecurity Accomplishments

October 2012 June 2014 • NGA Cyber Resource Center for • Cyber Command Readiness Future Goals States Inspecon • Enhance Michigan Cyber Defense June 2012 • Cybersecurity Established • Camp Grayling Michigan Cyber Response Team October 2011 • Global Lightning Cyber Exercise • Cyber Flag 2013 Exercise Range Hub • Increase Number of Cybersecurity • First Michigan Cyber Summit • Michigan Cyber Civilian Corps Exercises • US EUCOM Cyber Endeavor September 2013 • 2011 Michigan Cyber Iniave (MiC3) Launch • Implement Zero Trust Model • DHS Naonal Cyber Exercise • Michigan Cyber Disrupon Introduced January 2013 • Michigan and Israel signed • Implement a Risk-based Approach Response Strategy Published March 2014 • Combined Physical and Cyber August 2012 • Michigan Naonal Guard bilateral cooperaon to Cybersecurity • Cyber Shield Exercise • 110th Air Wing Michigan Security under CSO • CONUSD NORAD Provides Cyber Support at agreement at cybersecurity • Develop Cyber Awareness Programs • Act and Adjust Paper Released Cyber Range Hub Opens REGION Presidenal Inauguraon workshop for Michigan Schools to Educate Reconstuon Our Children • Deploy Michigan Cyber Range Hubs to Strategic Locaons 2012 2013 2014 • Increase Adopon of CySAFE Security Assessment Tool November 2012 July 2013 April 2014 August 2014 • Enhance Promoon of • Michigan Cyber Range • Fort Custer Michigan • NATO Cyber Endeavor February 2012 July 2012 • The Michigan Cyber Cybersecurity Careers to Launched • DHS Cyber Storm Exercise • NATO Balc Ghost Command Center (MC3) Cyber Range Hub Opens 2014 Exercise Students Exercise Opens • Cyber Shield 2014 Exercise • Expand Economic Development October 2013 Partnerships to Promote September 2012 • Execuve-Level Cyber Tabletop Cybersecurity • Online Security Awareness Exercise July 2014 • Develop Cyber Threat Warning Training Program • NASCIO Security Award for • Michigan Cyber Civilian Corps levels to Provide Real-me Cyber • Cyber Support at Democrac Security Awareness Training Exercise Threat Awareness to Cizens and Naonal Convenon Program Businesses • 2013 Michigan Cyber Summit State of Michigan • Cybersecurity Dashboard Cyber Security Accomplishments

2 www.michigan.gov/cybersecurity the Michigan Intelligence Operations Center. Though our accomplish- As governor, I take the threats to the cybersecurity ecosystem seri- ments are noteworthy, we cannot and should not rest on them. There ously. I released the Michigan Cyber Disruption Response Strategy. I is much more to do. have shared this document with the nation’s other governors and top federal officials. I also urge every citizen and business in Michigan to The state is now well positioned to dramatically increase the number be prepared and have a plan in the event of a cybersecurity incident. of high-tech firms and high-tech (and well-paying) jobs. The Michi- gan Economic Development Corporation is attracting cybersecurity It is with great pleasure that I present the 2015 Michigan Cyber Initia- talent to Michigan by providing attractive opportunities to potential tive. The information in these pages reflects the hard work that has businesses and employers. The Michigan Cyber Range is providing the been done during the last four years and the next steps needed to education and training for individuals and organizations to obtain ad- make Michigan the national leader of innovation, success and security. vanced cybersecurity skills. The future of cybersecurity is in Michigan!

Unfortunately, in today’s technology-driven world, illicit international organizations, state-sponsored hackers, terrorists and even domestic criminals threaten every smart device in existence. Criminals can hack Rick Snyder into your smart phones and computers, right on up to control systems, Governor medical devices and even aircraft and automobiles.

MICHIGAN CYBER INITIATIVE 3 MICHIGAN CYBER INITIATIVE

THE ROLE OF THE and education, threat prevention, response PRIVATE SECTOR and recovery operations. Since 2003, Michi- Businesses and citizens have the individual gan has been a member of the Multi-State MICHIGAN and collective responsibility to ensure the Information-Sharing and Analysis Center. GOVERNMENT protection of their information technology This partnership of state governments and UNDER ATTACK systems. This is most easily done by ensuring, federal agencies and centers, such as the at a minimum, that software is up-to-date; National Cybersecurity and Communica- The State of Michigan firewalls, intrusion detection and preven- tions Integration Center at the Department blocks more than tion devices are in place and up-to-date; and of Homeland Security is focused on sharing employees are properly informed about their and coordinating cybersecurity informa- 650,000 cyber attacks role in ensuring the security of both personal tion. Michigan has also partnered with local daily. Annually, the state and company computer systems. governments to share real-time intelligence on cyber threats and is now operating a 24- blocks: The private sector is increasingly involved in hour cybersecurity operations center. the creation of software and hardware used in state and local government as well as the In response to the rising cybersecurity > 2.5 million WEB collection and processing of intelligence infor- threats to both the government and citizens mation at the federal level. The ability of the in Michigan, Governor Snyder established BROWSER ATTACKS corporate community to maintain secure data the Michigan Cyber Command Center (MC3) and systems is, in many cases, directly tied to in the Michigan State Police. The MC3 is the public sector. charged with investigation and mitigation > 179.5 million of criminal cyber incidents. It accomplishes Michigan has emphasized the need for strong this goal by directing law enforcement HTTP-BASED partnerships with the private sector to facili- operations; investigating and prosecuting ATTACKS tate information sharing. The establishment cybercrime incidents; coordinating Cyber In- of the Chief Security Officer Kitchen Cabinet is telligence Operations via the Michigan Intel- a prime example of a successful collaboration. ligence Operations Center; and coordinating response to statewide cyber emergencies via > 79.5 million THE ROLE OF GOVERNMENT the State Emergency Operations Center. NETWORK SCAMS Michigan is a leader in implementing state government cybersecurity measures and in In the event of a governor’s declaration of promoting cyber industry growth. Michigan an emergency or disaster or the activation of has set the standard for states in creating a > the State Emergency Operations Center, the 5.2 million center of excellence in cybersecurity manage- MSP Emergency Management and Home- INTRUSIONS ment. It is also the first state to create a chief land Security Division oversees coordination security officer over both cyber and physical of incident-related activities and functions protection. Additionally, the award-winning related to cybersecurity. website michigan.gov/cybersecurity has helped spread the word about cyber protection nationwide and has been expanded to include a new toolkit and other helpful features.

Michigan also participates in ongoing efforts to improve interstate and federal-state coordination in cybersecurity awareness, training

4 www.michigan.gov/cybersecurity MICHIGAN CYBER INITIATIVE

It is important to understand that cybersecurity is a holistic and continuously evolving concept. It cannot just be about technology; it is an all- encompassing concept that includes the confidentiality, integrity and availability pillars, which are only as viable as an organization’s foundational cybersecurity practices and procedures which include people, policy, and technology.

PEOPLE such as the NIST cybersecurity framework — nist.gov/cyberframework — Educating citizens to the dangers they face when conducting business ensures that security is incorporated at every level. This framework online is an effective first line of defense when it comes to cybersecu- was created through collaboration between industry and government rity. Michigan is leading the way in educating citizens, businesses and and consists of standards, guidelines and best practices that promote governments on the risks and best practices for cybersecurity through the protection of critical infrastructure. The website nist.gov/cyber- the michigan.gov/cybersecurity website. This site was created to fos- framework offers information on current cyber threats, resources to ter the sharing of information on current cyberthreats, train employ- help train employees and instructions on reporting cybercrimes. ees, and report cybercrime. TECHNOLOGY POLICY Technology, the foundation on which the online revolution is built, is Establishing policy within government and industry to ensure security a force multiplier and enabler. Technology has to be used to ensure risks are always considered when operating in cyberspace is critical to the data and critical systems we rely on are available to support the cybersecurity. Building and managing applications, infrastructure and cybersecurity ecosystem, which depends on confidentiality, integrity computer networks according to common network security standards and availability.

ECOSYSTEM COMPONENT Confidential medical HOMES records should be released INDIVIDUALS only to those people or The records should be well The records should be protected so that no one SMALL BUSINESS organizations (i.e., doctor, available and accessible hospital, insurance, government could change the information SCHOOLS to authorized users. agency, etc.) authorized to without authorization. review them.

Technical documents The information must be able LARGE INDUSTRY regarding a research and to be shared with appropriate AGENCIES development program for The technical specifications divisions within the company an innovative mechanical for a novel device must be COMMERCIAL and with the government device must be safeguarded protected from manipulation. agency sponsoring the ACADEMIC INSTITUTIONS from theft by competitors or program. industrial espionage.

Information about financial The databases pertaining to The information concerning INFRASTRUCTURE accounts at a local bank various accounts for home and savings, checking, loan auto loans, investments, etc., and investment balances • UTILITY PROVIDERS must not be made available to anyone without the must be safeguarded by must be readily available to • BANKING & FINANCIAL account owner’s express financial institutions from the account owner using • TRANSPORTATION authorization. tampering with or divulging data appropriate ID and password to unauthorized parties. via online systems.

MICHIGAN CYBER INITIATIVE 5 MICHIGAN CYBER INITIATIVE Leadership, Prevention, Detection, Response

Governor Snyder is a champion in cyberse- Additionally, Major General Gregory Vadnais, PREVENTION curity awareness and action at the national Director of Military and Veterans Affairs, is Prevention is the best strategy to provide a se- level, positioning Michigan as an influential among the select senior leaders across the cure cyber environment. Detecting a potential leader that other states look to for guidance nation who make up the National Guard Bu- attack early is the next crucial step to mitigate in developing their own cyber policies. reau Cyber General Officer Advisory Council. the disruption of a cyberevent; a swift and This council advises the creation and distribu- PROMINENT appropriate reaction is needed to safely and tion of cyber capability across the National LEADERSHIP ROLES completely restore systems and networks. Guard. After taking office in 2011, Governor Snyder In the cybersecurity arena, Michigan contin- made the fortification of the state’s infra- ACT AND ADJUST ues to develop effective prevention, detec- structure a top priority, understanding the Governor Snyder and Maryland Governor tion and response measures in collaboration ever-growing threat of cybercrimes. Snyder Martin O’Malley led the charge at the NGA with government, higher education, and the was instrumental in the creation of the to release the report Act and Adjust: A Call to private sector. National Governors Association’s Action for Governors for Cybersecurity. The Resource Center for State Cybersecurity. paper provides strategic recommendations EARLY DETECTION AND governors can immediately adopt to improve RAPID RESPONSE The resource center will examine the role their state’s cybersecurity posture. Act and The Michigan Intelligence Operations Center state policy can and should play in ensuring Adjust builds on the advice of national ex- is Michigan’s designated statewide fusion adequate cybersecurity for state-owned and perts and practitioners from both the public center. Operating 24-hours a day, seven days state-based infrastructure including data and and private sectors and recommends that a week, the MIOC is a collaborative task force communication systems, financial records, states: where local, state and federal agencies as well banking systems, water systems, electrical as private sector partners share information grids and energy companies. • Establish a governance and authority struc- and intelligence related to homeland security. ture for cybersecurity. Governor Snyder was recently named chair- The Michigan Cyber Command Center (MC3) man of the NGA Homeland Security and • Conduct risk assessments and allocate was created to coordinate the combined Public Safety Committee. The committee has resources accordingly. efforts of cyber emergency responders. The jurisdiction within the NGA over homeland Center holds regular briefings, performs security, the National Guard and homeland • Implement continuous vulnerability threat training, conducts exercises and maintains defense, criminal justice and public safety, monitoring practices. dedicated resources to accommodate daily and veterans affairs. The future of national • Ensure compliance with current security communication among state, local and feder- cybersecurity policy will be largely influenced methodologies and business disciplines. al agencies as well as private sector business by this committee. that participate with the MC3 or the MIOC. • Create a culture of risk awareness. Regular communication channels exist to

Noﬁcaon Acvaon Acvaon of Cyber of Event of SEOC Civilian Corps Governor Declares State of Emergency or Disaster MIOC MC3 SEOC MC3 Michigan Intelligence Michigan Cyber Command State Emergency Operaons Michigan Cyber Command Operaons Center Center Center Center Monitor Migaon & Criminal Coordinaon of Incident Migaon & Invesgaon Related Acvies & Recovery Recovery CYBER THREATS CYBER INCIDENT

6 www.michigan.gov/cybersecurity LEADERSHIP, PREVENTION, DETECTION, RESPONSE

During the next four years, Michigan will:

• Further develop partnerships within the cybersecurity ecosystem to take the cyber disruption plan to the next level, including establishing the Michigan Cyber Defense Response Team to support state government and key stakeholders in Michigan during and after a cyberevent. The team will use a train- the-trainer approach to inform a host of customers, provide statewide visibility to current threats. The MC3 is the state’s lead re- improve network security and promote standards in sponse to incidents with a criminal nexus and is the state’s resource for investiga- training and operational processes to ensure best-in- tion, mitigation and prosecution of cybercrime. class cyber emergency response.

The Michigan Cyber Civilian Corps was launched with the mission to work with • Conduct annual cybersecurity exercises to further government, private sector organizations and educational institutions to imple- prepare Michigan governments and private entities to ment and grow rapid response teams that will respond to major cyber incidents respond in the event of a cyber disruption. and provide mutual aid to Michigan government, education and business organizations in the event of a governor-declared state of emergency. In addition to • Continue to update the foundational elements of this response, the Michigan Cyber Civilian Corps creates an environment for team cybersecurity in the state to adhere to the National members to improve individual skills by taking advantage of training opportunities Institute of Standards and Technology Cybersecurity on the Michigan Cyber Range as well as developing and expanding partnerships Framework. with government, business and education around cybersecurity. • Move closer to full implementation of a cyberse- The Michigan Cyber Disruption Response Strategy, developed by state and local curity architecture based on the zero-trust security government representatives and private sector experts, provides a framework for model which will provide greater levels of security the prevention of, protection from, response to, and recovery from a significant while simplifying the governance process and tech- cyber disruption. Through the strategy, participating organizations can collaborate nical infrastructure. Zero trust is a more comprehen- in response to cyber threats. sive approach to security that will allow the state to provide protection to the information rather than RESEARCH just the infrastructure. Michigan is no stranger to the innovations and developments in the information technology and Internet universe. Indeed, Michigan entrepreneurs have been at the • Transition from a compliance-centric approach to forefront of Internet innovation since its beginning. cybersecurity to a risk-based approach, which will allow state government to focus resources on the Michigan is home to leading research universities and five National Security Agency data and systems that are most valuable and are at Centers of Excellence in Information Assurance Education: Davenport University, East- the highest risk of attack. ern Michigan University, Ferris State University, University of Detroit Mercy and Walsh College. Combined with the growing cybersecurity education programs in higher • Partner with leading cybersecurity experts to education across the state, Michigan is producing thought leaders in cybersecurity. develop a practical cyber risk model that takes into Lansing-based Tech Smith developed Camtasia and SnagIt, which are utilized for train- account historical attack data, asset value and future ing and education worldwide, and the University of Michigan fostered local startups trends, allowing the state to focus on the most with its technology transfer initiatives. Numerous startups in the cybersecurity arena impactful cyber threats. have sprung up in the state, taking advantage of the growing and talented workforce. • Work with public and private organizations to Other out-of-state firms have recognized the state’s positive environment for grow- develop draft legislation to allow for this necessary ing cybersecurity companies. Barracuda Networks and Greenhills Software are two information sharing that can serve as a model for examples of companies opening Michigan research and development facilities to other states. tap into the local talent pools.

MICHIGAN CYBER INITIATIVE 7 MICHIGAN CYBER INITIATIVE Education and Public Awareness

As the number of data breaches in the public together, the cumulative effect of this program is strengthened and and private sector has skyrocketed over the impact is greater. past several years, two factors stand out. More than a dozen serious First, the majority of data breaches occur as To address growing a result of end user actions. The top pre- cyber threats facing ventative measure taken following a breach federal, state and local cyber threats have been was the implementation of an effective user governments, businesses, training and awareness program. Second, the citizens, and schools, avoided directly from education unemployment rate regarding cybersecurity Michigan has partnered professionals is close to zero. with nationwide organi- and awareness efforts. zations to reinvent our As demonstrated by the frequency of staff education for cybersecurity. Michigan’s cyber training implemented clicking on malware-infected links and the use solutions that include effective cybersecurity awareness training for of poorly selected passwords for mission- all state employees, cyber toolkits for citizens, schools and small critical applications, new cyber awareness businesses, cyber awareness breakfasts and lunch meetings, cyber approaches are vital. The SANS Institute de- summits and in-depth technical training for security professionals. clared that over 95 percent of recent breaches originated with spear-phishing messages. Awareness Training – Michigan has thrown away the old, boring, inef- Internal surveys revealed that our employees fective cyber awareness training for end users and implemented a new felt our training was old, boring, “death by cutting-edge education and awareness training that reduces risk – PowerPoint” and not worth completing. A and that staff and partners have praised. Comprehensive, effective comprehensive new approach to employee end user awareness training and education is recognized as the single training was needed to change culture. most effective component in the prevention of data loss or a security breach. In addition, new partnerships were needed to reach across public/private boundaries and to Eighteen 10-minute self-paced training modules are offered online as federal/state/local governments and educa- a service via the Internet from the vendor’s facility. The training has tion groups for technical training of IT staff. been rolled out in six waves to over 50,000 employees and contract Cyber attacks in Michigan could have dire staff. Other units of government (such as the legislature, courts and economic consequences for the state and the counties) are using our training voluntarily. nation. Developing world-class cyber defend- The overall training effort offered: ers will not only help Michigan, it will also help the nation continue to thrive in an age • Excellent results and feedback from customer groups – with over 90 of increasing cyber threats. Michigan already percent positive comments and descriptions like “fun,” “excellent,” has many of the nation’s top higher educa- “I will use this at home,” and “best ever.” tion cybersecurity programs and a growing • Training in all core categories that introduce risks, such as pass- cybersecurity industry. words, clicking on links, mobile security, web and application secu- Solution Description: The state developed a rity, and others. comprehensive cybersecurity strategy that • An ongoing program that closed 11 audit findings. addressed threats in 2011, and our new • Comprehensive measurements on employee training. three-pronged approach to changing culture was an essential element to our risk reduction • New focus on risk reduction with a formal risk methodology approach. approach. By grouping innovative awareness The cyber awareness program costs under $200,000 and provides training, technical training capabilities, public 18 self-paced lessons for all state employees for about 30 cents per awareness cyber summits and roadshows lesson over a three-year period. While hard savings are difficult to

8 www.michigan.gov/cybersecurity EDUCATION AND PUBLIC AWARENESS

show, with an average breach costing over $5 million, it is estimated coursework, exercises and labs. Courses that the return on investment for this program is more than 100 to are aligned with the National Institute of 1. We have stopped numerous breaches from occurring through this Standards and Technology’s National Initiative program via early identification of malware and spear-phishing scams for Cybersecurity Education (NICE). The NICE using newly established procedures and staff training. More than a framework organizes the skills that America’s dozen serious cyber threats have been avoided directly from educa- cybersecurity workforce needs to meet the tion and awareness efforts. national preparedness goals of detecting, mitigating and defeating malicious actors. It Michigan Cyber Range – Michigan built a flexible cybersecurity range engages all levels of the workforce, presenting and program to meet the 21st century needs of critical infrastructure essential concepts, techniques and practices defense, homeland security, criminal justice and education. Cyberse- based on individual functions within the orga- curity differs from other technical disciplines in that it involves a think- nization. ing, adaptive adversary. The best way to improve defensive capabilities in this area is to practice against those adversaries. To meet this need, The range staff works with educators, federal we chose Merit Network Inc. to begin operating a cybersecurity range agencies and private companies around and program. The project is a public-private collaboration that includes Michigan and the nation to make the range a government, the National Guard, universities, community colleges, world-class operation. K-12 schools and private industry. The state, in conjunction with the Michigan The Michigan Cyber Range is a program that leverages the physical National Guard, has established cyber range range to develop world-class cybersecurity professionals. There is a full extension sites at nearly all bases throughout program of meetings and workshops as well as tools to develop and Michigan. The intent is to train National Guard promulgate best practices in cybersecurity training and cybersecurity professionals in cybersecurity disciplines and itself. The range is used for individual as well as collective training. The host unclassified cyber exercises with inter- staff are experts in the best and most current practices of cyberse- agency and private partners. curity training and are focused on meeting the specific needs of the people and organizations that use the range. Michigan Cyber Safety — The Michigan Department of Attorney General features The Michigan Cyber Range provides students and IT professionals with two customized programs to protect children a solid foundation in cybersecurity through challenging hands-on across the state. As of November 2014, more than 1.2 million students across Michigan had been reached by the Michigan Cyber Safety Initiative (CSI), and Michigan’s new school safety hotline, OK2SAY.

Michigan’s CSI is a national, award-winning program that teaches students in K–8th grades the importance of being safe, making smart decisions, and protecting themselves and others online. CSI encourages children to always seek the help of an adult they trust when faced with challenging situations but also to recognize common Internet predator grooming techniques, as well as additional appropriate responses to bullying and cyber- bullying

MICHIGAN CYBER INITIATIVE 9 Michigan’s new student safety hotline, OK- 2SAY is a confidential way for students to file reports on anything that may threaten their safety. OK2SAY was designed to empower Michigan students, parents, school personnel, community mental health service programs, and law enforcement to share and respond to student safety threats. Tips can be submit- ted 24/7 via telephone, text message, email, mobile app, or the OK2SAY website.

FUTURE STRATEGY In addition, education efforts will align with Cyber Summits, Cybersecurity Road FOR EDUCATION the ready-to-work Initiative which: Shows with State Agencies, and AND CYBER AWARENESS • Includes designing data-driven training, i.e., Cyber Breakfast and Luncheon Series Ongoing efforts to improve education in using workforce studies to identify critical Following the sold-out 2011 Michigan Michigan have established our state as a global gaps and priorities for training. Cyber Summit, the cybersecurity government leader in cybersecurity training. team decided to “take the cyber show • Aligns employer skills requirements with on the road” and offer the Michigan The governor’s cyber initiatives and priorities training courses and training providers. Cyber Breakfast Conference Series in from 2011 through 2014 have already: locations around the state. • Achieves measurable impact, focusing on • Strengthened security in existing (and future) placing training participants into career In 2013, another Michigan Cyber infrastructure, cabling, data networks, experiences (internships, apprenticeships) Summit was held in Novi. This sold-out wireless and mobile computing projects. and jobs. event received international recogni- • Enhanced existing staffing skillsets in cyber tion, with speakers from Israel as well Michigan will continue coordinating our and physical security areas and improved as federal leaders from Washington, training efforts with local, state, national and end user training D.C., presenting keynote addresses. international partners as we test our cyber This series was followed by the • Addressed new and emerging cyber threats defenses and develop the necessary tools and Michigan Cyber Awareness Luncheon in constantly “refreshed” approach. skills within our state to help lead the nation Conference Series in 2014. in cybersecurity education and preparedness. Michigan has set the stage for hosting Videos, training materials, toolkits, future events with a national/regional focus In collaboration with Livingston, Monroe, and more are available at: michigan. in partnership with organizations such as Oakland, Washtenaw and Wayne counties, a gov/cybersecurity. Department of Homeland Security, MS-ISAC, free IT security assessment tool, CySAFE, was US-CERT, Department of Education and the developed to help small and mid-sized gov- Department of Defense. ernments assess, understand and prioritize their basic IT security needs.

10 www.michigan.gov/cybersecurity EDUCATION AND PUBLIC AWARENESS

During the next four years, Michigan will:

• Continue to offer leading edge training and awareness programs, enhance the Michi- gan Cyber Range to include more sites and courses, and offer exciting cyber summits and roadshows around the state.

• Expand education efforts to target P-20 students with online and classroom training to prepare the next generation of cybersecurity professionals. Enhance cybersecurity awareness training for all state employees; cyber toolkits for citizens, schools and small businesses; cyber awareness events around the state; cyber summits every two years; and in-depth technical training for security professionals.

• Hold town hall meetings with intermedi- ate school districts throughout Michigan to offer support to enhance cybersecurity awareness programs in schools.

• Follow the National Initiative for Cybersecurity Education Framework, which aligns with national priorities for workforce development in cybersecurity.

• Continue the deployment of Michigan Cyber Range extension sites at National Guard bases in the state and other strategic locations.

• In collaboration with Livingston, Monroe, Oakland, Washtenaw and Wayne counties, roll out a free IT security assessment tool, CySAFE, to help small and mid-sized governments assess, understand, and prioritize their basic IT security needs.

• With our public and private partners, develop cyber-threat warning levels that provide the public with threat awareness information in real time.

MICHIGAN CYBER INITIATIVE 11 MICHIGAN CYBER INITIATIVE Michigan’s unique cyber industry opportunity

Michigan has become a major center of growth and development of automated vehicles, intelligent refueling and high-tech industries and is the birthplace and home of several top recharging systems and intelligent trans- cybersecurity companies. Building upon this base, Michigan is ideally portation systems. At an accelerating pace, positioned to take economic advantage of the burgeoning demand for automobiles are becoming high-tech mobile cybersecurity products and services. The Michigan Economic Develop- computing platforms, tightly integrated with ment Corporation has built an economic development strategy around each other and with key elements of our criti- Michigan’s unique assets related to cybersecurity. cal infrastructure. Michigan companies and entrepreneurs are in a unique position to LEVERAGING MICHIGAN’S ASSETS take lead roles in protecting both the Michigan’s active cybersecurity leadership at the national level has transportation system and the nation’s opened the door for cybersecurity to become a significant growth infrastructure from cyber attacks in this industry in Michigan. Michigan has assets that cannot be found highly interconnected environment. anywhere else. These include: High-Tech Talent Pool Robust Entrepreneurial Culture A 2013 study by the TechAmerica Founda- Michigan has emerged as a major center for entrepreneurial activities, tion highlighted Michigan as having the particularly in information technology and other high-tech industries. second-highest high-tech growth in the It is the only state outside of the Washington, D.C., area to have a U.S. nation. Michigan’s extraordinary network of Patent Office. Michigan’s entrepreneurial ecosystem includes a robust research universities continues to produce network of business incubators and accelerators, fueled by programs an abundance of skilled high-tech profession- that provide access to capital throughout the business growth cycle. Over the past 10 years, venture capital deployed in Michigan has increased nearly tenfold to more than $4 billion spread across some 1,200 Michi- gan companies.

Defense Industry Presence Michigan is home to key defense and military procurement facilities and is increasingly involved in homeland security discussions at the national level. This puts Michigan companies in a prime position to tap into the market for cybersecurity products and services for both the Department of Defense and the Department of als. Michigan’s large footprint in high-tech Homeland Security. automotive, manufacturing and defense Automotive Industry Preeminence industries provides a deep pool of engineer- As the center of the North American automotive industry, Michigan ing and information technology talent that is has a unique opportunity in the exploding automotive cybersecurity ready to develop into the next generation of market. The industry is moving rapidly toward more connected and cybersecurity specialists.

12 www.michigan.gov/cybersecurity UNIQUE CYBER INDUSTRY OPPORTUNITY

ENTREPRENEURIAL SUPPORT Since 2002, Michigan has consistently provided significant support for our entrepreneurial ecosystem, making Michigan a hot spot for innovation. Through the Michigan Strategic Fund, managed by MEDC, the state deploys $25 million annually into an entrepreneurial support system that includes university translational research programs, tech incubators, technical and business advisory support, and follow-on funding through commercialization and launch trajectory. A few key programs that will benefit cybersecurity startup ventures include:

• Smart Zones – Provide incubator space for startup tech companies in the community or after leaving the university. They offer net- During the next four years, Michigan will: working, training, talent connections, funding and advice. • Encourage public and private collaborations to utilize the DHS • Small Business Development Corporation (SBDC) – No-cost coun- cybersecurity competency framework. MiTalent.org will build seling provided by experienced entrepreneurs whose goal is to help skillsets into the framework to make it easier to quantify job tech companies attain funding and growth. postings and talent capability.

• Early Funding Programs – Five different funds help fill the gap • Work with academia and industry to determine new workforce between federal research funds and venture capital. requirements from emerging technology and threats. For example, an information technology security track has • The Michigan Cyber Range – The cyber range provides a valuable been created as part of the Michigan Advanced Technician resource for technology development firms, tapping into local Training program. smart zones for talent, funding and partner support. This leverage’s Merit’s training capabilities with the next generation of entrepre- • Promote the Michigan Cyber Range as a valuable resource to neurial coders and network architects. enable industry and IT specialists to develop advanced cybersecurity skills and certifications. More than 30 programs provide connections to capital, talent, office space, technical and business support. For a map of our entrepre- • Encourage the improvement and advancement of neurial ecosystem, click on michiganbusiness.org/entrepreneurial- cybersecurity occupational certification programs. ecosystem/. • Establish a baseline for cybersecurity professionals across TALENT DEVELOPMENT multiple industry sectors. To meet future needs, Michigan must have a robust, well-trained cyber- • Encourage the establishment of a professional organization to security workforce. This will require multiple educational opportunities. provide education, training and networking opportunities. The standard definition of workforce capability requirements is • Promote employment opportunities and feature employers provided by a comprehensive set of standards being developed by through talent information newsletters. the Committee on National Security Systems (CNSS). This set of CNSS standards specifies basic workforce functional areas and the roles and • Work closely with employers to match talent to their needs. professional career paths that are needed to carry out those functions. By implementing these standards across the public and private • Promote cybersecurity careers to high school students, workforce, Michigan will be able to identify shortages and skill gaps for connecting them to post-secondary training programs. cybersecurity professionals.

MICHIGAN CYBER INITIATIVE 13 Michigan’s talent development effort for community programs such as the Cyber Citizenship Coalition of cybersecurity will be multidisciplinary— Washtenaw County and the International Information Systems Security focused not only on technical knowledge but Certification Consortium Inc.’s security awareness certification program. also the development of a cyber-managerial skillset. Cybersecurity relies increasingly upon PURE MICHIGAN BUSINESS CONNECT inter-institutional partnerships and coordi- Pure Michigan Business Connect (PMBC) is a public-private initiative nated relationships. developed by the MEDC that introduces Michigan companies to opportunities and services that help them grow. PMBC provides In response to this need, Michigan’s cyberse- Michigan cybersecurity businesses innovative new ways to buy and curity talent development efforts will focus on sell, raise capital and connect with one another and with resources both technical and managerial skills, providing to fuel economic growth. The PMBC website (puremichiganb2b.com) a unique talent pool of full-spectrum helps drive connections and is the gateway for new sales leads and cybersecurity professionals. accessing MEDC business services such as:

Michigan developed several creative talent • B2B Connections — The energy industry and other companies initiatives to grow this expertise base locally. have pledged a significant amount of their procurement money to Cybersecurity will be a key feature of the Michigan suppliers. Cybersecurity companies can register for free in following talent enhancement programs: the B2B website and highlight their cybersecurity products/services in their profile. This will enable other companies, including owners • Pure Michigan Talent Connect — Enhanc- of Michigan’s critical infrastructure, to contract with them for ing the job connection system so it high- cybersecurity products and services. lights cybersecurity skills, making it easier to quantify talent supply and demand. • Supplier Summits — The PMBC team will work with supply chain or R&D teams across industries to identify critical supply chain gaps or • Global Michigan — Working to find new new innovation opportunities and then qualify and schedule meet- ways to encourage immigrants with ings with Michigan suppliers with solutions to fill these gaps. The advanced degrees to come to Michigan to program streamlines the procurement search process and provides work and live. thousands of new sales leads annually for Michigan companies. Over $1.8 billion in contracts has been generated. • LiveWorkDetroit & DREAM JOB — Two programs that connect Michigan’s college • Business Services – Cybersecurity companies can take advantage of graduates and out-of-state critical talent a variety of services including legal, accounting, consulting, business to new opportunities in Detroit while education, business lending, manufacturing operations, web-based promoting the city as a post-graduation services, etc., provided by MEDC and program partners. Some of talent destination. the program partners are giving back to Michigan by providing these services pro bono or at a reduced rate. • Career Jump Start — A program that promotes key careers to high school • Economic Gardening — This concept enables second-stage growth students, parents and K-12 educators and cybersecurity companies to launch their businesses into the next counselors. phase of growth. Companies receive over 30 hours of research and consulting at no cost to participants. • National Guard Tuition Assistance — New for 2014, this program provides up • Business Financing Support — This form of support provides access to $4,500 per year for education and to capital both by making connections to partners as well as acceler- certifications for Michigan National Guard ating financing through loan enhancement and collateral support. Members. • Business Development Program — Program funding in the form of Beyond the formal education channels, grants and loans support expansion projects in Michigan where Michigan will also encourage and develop out-of-state competition is a threat to the project.

14 www.michigan.gov/cybersecurity UNIQUE CYBER INDUSTRY OPPORTUNITY

During the next four years, Michigan will:

• Expand existing international, regional and local economic development partnerships to promote cybersecurity and the Michigan Cyber Initiative and to bridge the nexus between Michigan end-users and local, national and international technology providers of cybersecurity. In June 2014, a memorandum of understanding was executed between Michigan and Israel to promote joint projects between Michigan and Israeli companies involved in cybersecurity, which can MICHIGAN DEFENSE CENTER what bids to pursue. It also serves as a be used as a model for other target The mission of the Michigan Defense Center prioritization tool for the MDC staff and international business attraction (MDC) is to assist Michigan business growth PTACs to better forecast opportunities markets. within the Department of Defense (DOD) and for companies well in advance of the Department of Homeland Security (DHS) mar- bid posting. • Facilitate the convergence of ketplace. The MDC offers a focused approach cybersecurity with key industries by dedicating a team of business develop- • Bid-writing Services — The MDC prequali- by leveraging the role of existing ment managers to multiple industry sectors. fies bid-writing companies to support local technology business associa- They are tasked with identifying long-range Michigan businesses as they pursue DOD/ tions, and enabling the creation, as bid opportunities, strategic partnerships and DHS government contracts. Based on the necessary, of ad hoc affinity groups matchmaking possibilities with a dedicated company’s BTS rating, MDC may also pro- around specific subsector events focus on the cybersecurity industry, includ- vide subsidies to assist companies in hiring and initiatives aimed at attracting ing military and other advanced technolo- prequalified experienced contract writers. national and international technology providers of cybersecurity. gies. The MDC team works closely with a INTERNATIONAL AND network of Michigan Procurement Technical NATIONAL BUSINESS • Facilitate the launch of industry- Assistance Centers (PTACs), as well as other ATTRACTION specific Cybersecurity Technology stakeholders, to assist Michigan businesses in Innovation through advancement and Innovation Challenges by leverag- becoming successful government contractors improvements in technologies is what makes ing existing MEDC or stakeholder by informing them of opportunities, require- businesses competitive and allows them to programs for the purpose of ments and processes. survive in the global market. It is within this identifying, vetting and attracting MDC also employs other economic tools broader context of innovation, as well as national and international technol- including: within that of the Michigan Cyber Initiative, ogy providers of cybersecurity. that cybersecurity offers a unique opportunity • Bid Targeting System (BTS) — This pro- to attract international and national technol- prietary software system is designed to ogy providers of cybersecurity to Michigan. facilitate small company’s decisions on

MICHIGAN CYBER INITIATIVE 15 MICHIGAN CYBER INITIATIVE Michigan’s Cybersecurity Ecosystem

COLLABORATION AND PARTNERSHIPS ecosystem. Each location has different A truly cyber-resilient ecosystem takes a holistic view of the environ- operating systems, different security ment and ensures it is working by strengthening existing partnerships priorities and different challenges for and bringing all components of the ecosystem together to create a full participants to encounter and overcome. By Cyber Threat Alert Network. exercising in this environment, participants have the opportunity to see how informa- The field of cybersecurity has the potential to contribute significantly tion systems in a community are truly to Michigan’s continued economic resurgence. The Michigan Cyber Ini- interconnected. tiative enables existing Michigan businesses and startup enterprises to meet growing unmet demand in the cybersecurity market, providing The West Michigan Cyber Security Consor- business growth, investment, and jobs for Michigan. tium was established to enhance the prevention, protection, response and recovery The following are only a few examples of collaborations and partner- to cybersecurity threats. Its goals are to ships in Michigan between government and the private sector. prevent and protect through risk management, respond, recover, reconstitute and Michigan InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, provide situational awareness. academic institutions, state and local law enforcement agencies, and As the state’s utility regulatory agency, the other participants dedicated to sharing information and intelligence to Michigan Public Service Commission recog- prevent hostile acts against the United States. nizes that information and communications technology are essential components in State government also works cooperatively with Merit Networks on vulnerability testing, network security, training and joint exercises. The the production, transmission, and distribu- Michigan Cyber Range is a virtual training environment specifically tion of energy. These technologies act as designed to test cybersecurity skills. The environment consists of infor- the central nervous system of the electric, mation systems and networks that are found in a typical information oil and natural gas infrastructure in North

Michigan Department of Michigan Michigan Michigan Michigan State Technology, National Cyber Economic Public Service Police Management & Guard Range Development Commission Budget Corporation Investigate & Enforce State Infrastructure Defense Education & Training Economic Development Critical Infrastructure Provide leadership for Coordinate state Support the prevention, Basic certification. Develop, attract & retain Support the protection of statewide law enforcement protection, prevention, protection, mitigation, Individual advanced skills. cybersecurity talent. energy control systems. efforts on cyber crime. response, and recovery and response to cyber Connect Michigan Strengthen public/private from cyber incidents. incidents. Exercises and collective Lead response to training. companies with collaboration to protect incidents with criminal Monitor and protect the Global threat intelligence. cybersecurity business critical infrastructure. nexus. State of Michigan IT Train and equip Develop and support opportunities. Michigan Cyber Civilian Serve as a liaison with infrastructure. Michigan’s cyber defense Corps. Attract cybersecurity federal law enforcement forces. companies to Michigan. agencies.

16 www.michigan.gov/cybersecurity CYBERSECURITY ECOSYSTEM

America. With an ever-growing dependence CLOSING on communication networks (hardware and In 2011, Governor Snyder released Michi- software), there is an urgent need to protect gan Cyber Initiative: Defense and Develop- energy control systems from cyber attacks ment for Michigan Citizens, Businesses and and accidents that could result in significant Industry, a blueprint for protecting Michigan’s interruption of economic activities and, in cybersecurity ecosystem. The 2011 Michigan worst cases, have larger implications on Cyber Initiative set the standard for public- public health and safety. private partnerships, education, training, and economic development, and made Michigan The MPSC has collaborated with utilities the premier location for the cybersecurity and other critical infrastructure providers industry. in a solutions-oriented direction to address cybersecurity with critical infrastructure in The Michigan Cyber Initiative 2015, Leading the state as shown. the Nation: An Interagency Public-Private Collaboration, builds on the original and The CSO Kitchen Cabinet was formed in 2012 drives Michigan into the future of cyberse- to engage cybersecurity executives from the curity. Michigan is at the forefront of the public and private sectors to facilitate a more national stage, driving cybersecurity policy open dialogue regarding cybersecurity issues, and innovations to advance the nation now solutions and strategies. The group’s develop- and into the future. ment of the Michigan Cyber Disruption Response Strategy in 2013 provided a blueprint for public/private collaboration.

Michigan Public Service Commission

The Michigan Public Service Commission 2013 2014 recognizes the importance of safeguarding Briefings provided to the commission by To continue strengthening public and private critical IT systems. The commission has regulated utilities and other critical infra- partnerships, the MPSC planned a second worked over the years to provide as- structure providers. cybersecurity forum with Michigan regulated sistance. and non-regulated critical infrastructure Cybersecurity forum was held for Michi- providers. 2012 gan regulated and non-regulated criti- A cybersecurity staff person is hired to serve Commission begins to address cybersecurity cal infrastructure providers. Information as liaison to critical infrastructure providers and data privacy in two public dockets. was provided by a transmission company, investor-owned utilities and the Department and review cybersecurity components of of Technology, Management and Budget. utility rate cases. A cybersecurity section was added to the The commission continues to talk with regu- commission’s emergency preparedness lated utilities while assembling an order that and response plan, the Michigan Energy will address the importance of cybersecurity Assurance Plan. with critical infrastructure providers.

MICHIGAN CYBER INITIATIVE 17 MICHIGAN CYBERSECURITY Accomplishments

October 2011 August 2012 Michigan has many reasons to The Michigan Cyber Summit in Ypsilanti Michigan National Guard assists in the recon- be proud of its cybersecurity served as the national kickoff for Cyber stitution and restoration of critical unclassi- accomplishments. Awareness Month and introduced the 2011 fied and classified systems at the AFNORTH, Michigan Cyber Initiative. 1st AF, CONUSD NORAD REGION Reconsti- tution at Tyndall Air Force Base in Florida. The state of Michigan names its first chief The effort reestablished command, control, security officer, bringing together physical communications, computers, and intelligence security and cybersecurity functions under a capabilities to America’s AOC and 1st AF HQ. single division. September 2012 2012 Michigan launches a new online security The Michigan National Guard is an ongoing awareness training program for all state of participant in Baltic Ghost international cyber Michigan employees. exercise, strengthening relations through its Partnership for Peace and the State Partner- Michigan National Guard provides mission ship Program. assurance and intrusion detection support at the Democratic National Convention in February 2012 Charlotte, N.C. Michigan is one of nine states participating in the Department of Homeland Security’s October 2012 Cyber Storm IV emergency exercise. National Governors Association establishes the Resource Center for State Cybersecurity, June 2012 co-chaired by Michigan Gov. Rick Snyder and Michigan National Guard participates in Maryland Gov. Martin O’Malley. Global Lightning 2012, utilizing the Informa- tion Operations Platform to detect, assess Michigan National Guard participates in and react to cyber threat. three-week Cyber Flag 2013. Leveraged various capabilities to rapidly ascertain presence, Michigan National Guard contributes to US prevent lateral movement and remediate EUCOM Cyber Endeavour 2012, strengthen- malicious logic in the competencies of Cyber ing the cyber defense capacity of 40 NATO/ Network Operations and Defense. partner nations. November 2012 Governor Snyder and the state of Michigan Michigan Cyber Range launches in Ann Arbor, participate as a lead state in the Depart- providing secure cybersecurity training, ment of Homeland Security’s National Level research, and exercise environment for IT Exercise 2012, which focused on cybersecu- security professionals. rity disruption. The Governor and then-DHS Secretary Janet Napolitano concluded the exercise with a capstone teleconference to report findings.

18 www.michigan.gov/cybersecurity ACCOMPLISHMENTS

> Accomplishments January 2013 March 2014 The launch of the Michigan Cyber Civilian Michigan National Guard provides intrusion 110th Air Wing of the Michigan National Corps, consisting of IT professionals to detection capabilities and skillsets to four Guard opens Michigan Cyber Range hub. provide additional technical assistance in Joint Incident Site Communications Capa- the event of a governor-declared cyber bilities deployed throughout the National April 2014 emergency. Capital Region in support of the Presidential Fort Custer, located in Battle Creek, is Michigan/Israel Cyber Workshop held in Inauguration. connected to the Michigan Cyber Range. Dearborn, connecting Israel’s cyber experts July 2013 Michigan’s Joint Cyber Operations Team with Michigan companies to facilitate The Michigan Cyber Command Center opens joined more than 300 Air and Army National business and economic development. as part of the Michigan State Police to coordi- Guard Cyber Warriors from 35 states for nate law enforcement efforts on cybercrime Cyber Shield 2014, implemented Cyber July 2014 and lead response to cyber incidents with a Defense TTPs and reporting requirements Michigan holds a very successful Alphaville criminal nexus. against simulated attacks on the Department cyber exercise with partners from DTMB, of Defense Cyber Security Range. Michigan Cyber Range, Cyber Civilian Corps, September 2013 and the Western Michigan Cybersecurity Michigan publishes its Cyber Disruption Re- June 2014 Coalition during which players participated in sponse Strategy document, developed with key AFNORTH, 1st AF, CONUS NORAD REGION attack/defend scenarios in a virtual city. private-sector infrastructure partners to con- (CONR), Tyndall Air Force Base, Florida. struct a coordinated response process in the Michigan National Guard was requested by August 2014 event of a catastrophic cybersecurity incident. name, executed preparations for environment Michigan National Guard participates in prior to USCYBERCOM’s Cyber Command Cyber Endeavour 2014, the largest command, Michigan National Guard participates in Cyber Readiness Inspection and received an control, communications and computers Shield 2013 exercise in Fairfax, Va., a joined evaluation of “Excellent.” interoperability event. More than 40 NATO mission assurance team providing Computer and Partnership for Peace countries gathered Emergency Response Team and Computer Camp Grayling connects to the Merit for a series of operationally focused interop- Network Defense Service Provider support. Network. erability tests and exercises.

Gov. Snyder released Act and Adjust: A Call to Action for Governors for Cybersecurity during a briefing event for Congress in Washington, D.C. October 2013 Executive-level cyber tabletop exercise held in Lansing, including participants from the Department of Technology, Management and Budget, the Michigan State Police and private-sector critical infrastructure partners.

Michigan receives National Association of State Chief Information Officers Security Award for security awareness for the top security project in the country.

The 2013 Michigan Cyber Summit was held in Novi with more than 700 in attendance. At- tendees and participants included representatives from the White House, Department of Homeland Security, the National Governors Association and the government of Israel. MICHIGAN CYBER INITIATIVE 19 www.michigan.gov/cybersecurity

20 www.michigan.gov/cybersecurity