Exit Survey
On May 4, 2017, the outgoing Commander of the 13th Coast Guard District called out cybersecurity resilience as his greatest concern. He called for industry and government to come together and act to remedy the lack of standards for addressing the who, what, how, and when of cyber incident reporting. He spoke of the urgent need for industry and government stakeholders to develop voluntary standards and protocols before the next serious incident like Maersk (which resulted in $1 billion in losses), which could have grave consequences for critical infrastructure in our region.

This self-assessment tool was developed by the Pacific NorthWest Economic Region (PNWER). This survey is designed to help us develop a baseline of current best practices and investments in cybersecurity by organizations in the Puget Sound Region. The first part (31 questions – approximately 15 minutes to complete) will help evaluate the current state of cybersecurity practices and investments by organizations in the region. It will help inform the development of a relevant and usable Concept of Operations (CONOPS) based on your input. The second, more detailed section (including first section – total of 52 questions – approximately 30 minutes to complete) is optional but can also provide your organization an opportunity for a self-assessment of the maturity of your current cybersecurity resilience and response capabilities.

Please carefully complete the survey to the best of your knowledge. You may need to consult with or refer some questions to other managers or experts in your organization. At the beginning of each section we note which job functions might be best equipped to answer, listed in order of best choice (with the understanding that many organizations will not have some of the listed resources).
In order to complete the survey most efficiently, we recommend you download the PDF version of the survey HERE, and consult with your colleagues to answer all questions before taking the survey online. That will both give your organization a usable cyber resilience and response assessment and allow you to gather information from the right people in your organization. We invite you to use the comment section at the end of each section to add any other information you deem pertinent. Except for the first section, no questions are required, so please answer only those that you wish to. All answers are non-attributable.
2. Qualifying Questions
(Suggested respondent – CIO; CTO; CSO; CISO; Information Security Management; IT Management; Administrative Manager; Clerk)
3. Describe your sector
4. Under which critical infrastructure sector would you consider your organization?
5. If applicable, under which of the following categories would you consider your organization?
6. How many full-time employees in your organization?
7. Please indicate the types of high value assets your organization operates and must protect [select all that apply]
Finance system/wire transfer (ACH)
Traffic management
Public safety radio system
Human resources database
Health information database
911 call center/Public Safety Answering Point (PSAC)
Critical Infrastructure control systems/public works
SCADA systems
Navigation/GPS systems
I don't know

8. Approximately what percentage of your staff are IT and cybersecurity personnel?
9. Does your organization have full-time Information Technology (IT) employees?
10. If you answered 'No' to the last question, do you outsource any or all of your IT support?
Not applicable
11. If you do outsource IT support, what percentage of your IT support is outsourced?
Not applicable