Cyber Assistance Response Effort (CARE) Team

Governor Gordon signed Executive Order (EO) 2023-02 on June 9, establishing the Wyoming Cyber Assistance Response Effort (CARE) Team.

The CARE Team’s mission is “to protect state and local jurisdictions by reducing the impacts of cyber-related events, including incidents and disruptions, through prevention, response, and recovery.”

Its framework enables state emergency managers and information technology experts to collaborate with public and private partners to respond to and minimize the impact of negative cyber events in Wyoming.

The CARE Team includes representatives from The Wyoming Office of the Chief Information Officer and Enterprise Technology Services (ETS), The Wyoming Information Analysis Team, The Wyoming Division of Criminal Investigation’s Computer Crime Team, The Wyoming Office of Homeland Security, and The Wyoming National Guard.

The CARE Team is responsible for updating and implementing the Wyoming Cyber Disruption Response Plan, a common framework for identifying and responding to technological threats that mirrors the federal government model.

State Agencies Involved in Cybersecurity

Enterprise Technology Systems (ETS)

Chief Information Security Officer develops and implements a statewide information security program; including compliance goals, strategies, policies, and services designed to protect state technology resources from unauthorized access, use, disclosure, disruption, modification, or destruction of state technology resources.

Security Team implements, manages, maintains, and monitors a multi-layered security ecosystem, which protects the confidentiality, integrity, and availability of the state's technology systems and the data source residing within it.

Cyber Assistance Response Effort (CARE) Team - WY Office of Homeland Security (WOHS)

CARE Team: The response team for cybersecurity incidents at the local/state level for critical infrastructure that is not privately owned. We can assist with private critical infrastructure in an advisory role.

WOHS Mission: Preparing Wyoming to respond to and recover from all hazards

WY Information Analysis Team (WIAT) / Computer Crime Team (CCT)

CCT: Has jurisdiction over all computer crimes in the state. They have digital forensic capabilities.

WIAT: The primary purpose of the Wyoming Information Analysis Team (WIAT) is to collect, analyze, and disseminate criminal intelligence and provide support to local, state, and federal law enforcement agencies pertaining to the state of Wyoming pursuant to Wyo.Stat. § 9-1-627 and 28 CFR Part 23. A major goal of WIAT is to identify, document, and disseminate criminal intelligence concerning persons involved in organized crime, terrorist groups, and those crimes involving multi-jurisdictional or serial crimes while protecting the privacy, civil rights, and civil liberties of the citizens we serve.

Day-to-Day Structure

Activation Procedure WOHS

Cyber Event on Critical Infrastructure (Public/Private Sector)

In the event of a cyber event/incident that may affect critical infrastructure, the initial call should come to the WOHS duty officer. The cyber event intake form will be completed and sent to the CARE team. WOHS will then work with the victim of the cyber event/incident and coordinate a call with: CCT/WIAT/ETS/FBI/NATIONAL GUARD, DHS I&A and CISA, and other applicable partners.

Cyber Event on the State Network

The process for an event on the state network is when ETS receives an incident from an incident reporter, usually to the helpdesk. The helpdesk will create an incident ticket and assign it to the security team triage. When a cyber security event is reported, specific steps must be taken. Items that enter this process are those that are potential security events/incidents and cannot be eliminated otherwise. The triage team will determine the initial incident category, internal priority and report all incidents to the CISO, Security Manager, or CIO. From there, the security team will follow the cyber security incident process.

Depending on the details of a particular cyber incident, other actions may occur at any impact severity level, such as a larger security investigation to include nonfiction and potential assistance from WOHS, WIAT, CCT, or other state partners. The appropriate sharing of the cyber incident information with other stakeholders will be based upon agreed terms for the use of the information. This information could include submitting technical details to improve awareness and management of future cyber incidents.