On May 4, 2017, the outgoing Commander of the 13th Coast Guard District called out cybersecurity resilience as his greatest concern. He called for industry and government to come together and act to remedy the lack of standards for addressing the who, what, how, and when of cyber incident reporting. He spoke of the urgent need for industry and government stakeholders to develop voluntary standards and protocols before the next serious incident like Maersk (which resulted in $1 billion in losses), which could have grave consequences for critical infrastructure in our region.
This self-assessment tool was developed by the Pacific NorthWest Economic Region (PNWER). This survey is designed to help us develop a baseline of current best practices and investments in cybersecurity by organizations in the Puget Sound Region. The first part (31 questions – approximately 15 minutes to complete) will help evaluate the current state of cybersecurity practices and investments by organizations in the region. It will help inform the development of a relevant and usable Concept of Operations (CONOPS) based on your input. The second, more detailed section (including first section – total of 52 questions – approximately 30 minutes to complete) is optional but can also provide your organization an opportunity for a self-assessment of the maturity of your current cybersecurity resilience and response capabilities.
Please carefully complete the survey to the best of your knowledge. You may need to consult with or refer some questions to other managers or experts in your organization. At the beginning of each section we note which job functions might be best equipped to answer, listed in order of best choice (with the understanding that many organizations will not have some of the listed resources).
In order to complete the survey most efficiently, we recommend you download the PDF version of the survey HERE, and consult with your colleagues to answer all questions before taking the survey online.
That will both give your organization a usable cyber resilience and response assessment and allow you to gather information from the right people in your organization. We invite you to use the comment section at the end of each section to add any other information you deem pertinent. Except for the first section, no questions are required, so please answer only those that you wish to. All answers are non-attributable.