Presenter: Chass Jones – Protective Security Advisor – Oregon District CISA
Room: Ballroom, EMU 244, Level 2
Time: 03:00p – 03:30p

Oregon Information Technology Telecommunication Systems Regional Resiliency Assessment Program
Regional Resiliency Assessment Program | CISA

The Regional Resiliency Assessment Program (RRAP) is a cooperative assessment of specific critical infrastructure that identifies a range of security and resilience issues that could have regionally or nationally significant consequences.

The goal of the OR IT/Telco RRAP is to generate greater understanding and action among public and private sector partners to improve the resilience of and to study the vulnerabilities of various state-owned telecommunications infrastructure systems. To accomplish this, the RRAP:

• Resolves infrastructure security and resilience knowledge gaps;
• Informs risk management decisions;
• Identifies opportunities and strategies to enhance infrastructure resilience; and
• Improves critical partnerships among the public and private sectors.

This 3-year study seeks to provide information on the vulnerabilities and resiliency enhancement options of various state-owned telecommunications infrastructure systems. This RRAP project will evaluate the IT infrastructure to include telephony-based communications applications, network security architecture, network backbone, cloud connectivity, remote data center architecture, and emergency response capacity. The outcome of this study will be used to inform the Governor, the State CIO and CISO, and state agency leaders of risks associated with the current IT architectures. It will also identify high-consequence points of failure of IT infrastructure with the goal enhancing strengths and fortifying weak points in the systems.

The ultimate goal of the study is to inform resiliency investments in these systems to ensure the provision of Oregon state government services post incident/disaster. The study is disaggregated into two distinct, but linked, parts:

1. An analysis of general resiliency of select State-owned telecommunications systems within an all-hazards frame – i.e., earthquake, physical attack, cyber, etc. Analysis would include continuity of operations options – i.e., back-ups, failovers, etc.
2. Individual physical and cyber facility assessments of select state-owned telecommunications assets (i.e., data centers and other critical IT nodes). The purpose of this part of the study is to provide mitigation options for consideration to facilitate the hardening of these specific assets against all-hazards.

Who Should Attend?
Anyone who supports or works in the Information Technology or Telecommunication sectors such as:

• Chief Information Officers
• Chief Information Security Officers
• Telecommunication Infrastructure Company Representatives
• Data Center Managers
• Information Technology Associations
• State Office Information Technology Staff
• Emergency Communication Directors
• Higher Education Chief Information Security Officers