Cadmus led a multi-year project with the Hawai’i Office of Homeland Security, facilitating the Cyber Workstream to create practical, implementable cybersecurity response plans and tools:
Hawai’i faces unique challenges due to its geographical isolation in the Pacific, an isolated electrical grid, standalone energy management systems, Supervisory Control and Data Acquisition (SCADA) Systems, internet-based remote vendor support, and multiple information systems. Although the state of Hawai’i had plans for addressing various emergencies and disasters, it was lacking a state-level cybersecurity strategy. A significant cyberattack in Hawai’i could have a severe impact on the entire economy, as well as on the security of the State.
The Hawai’i Office of Homeland Security (OHS) was looking for assistance in not only preparing for a cybersecurity attack but also keeping these plans and strategies current as threats evolve.
As part of the State and Local Cybersecurity Grant Program (SLCGP) funded by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), Cadmus supported OHS with critical cybersecurity planning and exercise activities. Coordinating through OHS’s SLCGP Cyber Subcommittee, Cadmus facilitated monthly meetings with over 100 stakeholders from Hawai’i government and non-government organizations, which informed Cadmus’ development of the cybersecurity strategy and implementation plans.
Across these engagements, Cadmus applied a unique combination of cybersecurity, emergency management, workforce development, and exercise expertise. Rather than treating cybersecurity planning as a standalone technical effort, we incorporated an integrated resilience approach that aligned strategy, operational response planning, workforce development, and exercise validation into a single program.
Drawing on our experience supporting federal cybersecurity initiatives, statewide preparedness programs, and critical infrastructure stakeholders nationwide, we helped Hawai‘i develop practical, implementable solutions that reflected the state’s unique operating environment and fostered collaboration across government, private sector, nonprofit, and academic partners.
During the life of the project, Cadmus helped OHS and its stakeholders plan for and practice cyber incident responses. But beyond that strategic planning, Cadmus established a foundation that OHS can apply for continuous improvement in the face of evolving cyber threats.
Cadmus helped author Hawai’i’s first long-term strategy for strengthening cyber capabilities across state government and private sector organizations. Cadmus helped Hawai’i take concrete measures to enhance its readiness for cybersecurity incidents, foster relationships with crucial cybersecurity partners, and collectively develop the necessary capabilities for improved preparedness, mitigation, response, and recovery from cybersecurity threats.
Using industry standards, such as the NIST Cybersecurity Framework 2.0, Cadmus developed an action-oriented response plan template for counties, nonprofits, and private sector organizations to use in mitigating, responding to, and recovering from cyberattacks. We then designed and facilitated two cyber tabletop exercises in Hawai’i to test and validate the new Cyber Incident Response Plan. Based on those exercises, Cadmus developed an after-action report for strengthening Hawai’i’s cyber capabilities focused on continuous improvement.
Cadmus helped author the state’s first strategy for building and enhancing its cyber workforce. Using the NIST NICE Framework, Cadmus developed a six-point, long-term strategy for growing Hawai’i’s cyber workforce which included an implementation plan highlighting over 30 key, near-term steps and activities to actualize this strategy.
By developing and implementing a multi-year strategy that focuses on all aspects of cybersecurity—from developing and testing Cyber Incident Response Plans to cultivating a capable workforce—Hawai’i is better prepared to identify, respond to, and recover from a cyber incident at any level.
