Carlton Complex Response

Cisco Tactical Operationswww.cisco.com/go/tacops

8/15/2014

Deployment Overview (w/Security deep dive)

Cisco Public 22© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Largest fire in WA history (256,000+ acres or 5x size of Seattle)

Multiple Zones, IMTs. Extremely complex management challenge.

Media reports: “significant communications challenges” for incident command teams (LA Times 7/21/2014)

The Carlton Complex Wildfire

Image: KHQ TV

Cisco Public 33© 2013-2014 Cisco and/or its affiliates. All rights reserved.

TACOPS / DIRT response: 3 TACOPS (2 SJ, 1 RTP) + 1 DIRT (SJ) volunteer on scene

Vehicles: NERV-2, Utility-2 + VSAT Trailer

Kits: Two ECKs (not used), Warrior 141, RRK 101 & RRK 102

The Cisco Response

Cisco Public 44© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Similar scenario to 2012 Waldo Canyon Fire response: Type I Incident Management Team support, other mission critical teams, and a morale network for firefighters & support staff.

New capabilities enabled us to deploy +users +security +reliability vs 2012

Two mesh networks deployed at first site + RRK, Mesh network deployed at second site.

Across our networks, we supported over 673 unique devices, transferred 60+ GB of data

Network Deployment

Cisco Public 55© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Clean Air (1550) / Meraki Air Marshal (MR 66, MR 62) Wifi enabled strong signals even in the face of significant RF congenstion (55 rogue APs at site one!)

Multiple backhaul: 4G LTE backhaul primarily used, VSAT as secondary.

First deployment by TacOps of Meraki tech: MX60W (RRK), MX60, MR66/62 – all worked amazingly well!

Strong QoS / Traffic Shaping: Allowed for efficient useof b/w by mission critical and non-mission critical users. 750+ usersat site one, 100 users at site two. Layer 7 firewall for permitted traffic.

Active Security Management: Ironport WSA, Meraki + SourceFire enabled us to activelyidentify and protect against hostile traffic in real time. 30+ “high risk” attacks stopped against the IMT at Site 1.

Enhanced Capabilities

Cisco Public 66© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Hastily formed networks (HFN) often overlook security – no such thing as a CSO in a disaster.

A huge risk for first responders.

TACOPS capabilities have integrated security atmultiple levels to protect our customers:firewall, VPN, IDS/IPS, etc.

At Carlton Complex, we used Ironport for mission critical security management,Meraki + Sourcefire cloud solution formorale wifi networks

Important to have buy in from COML/agency support!

Managing Infosec In Emergencies

Cisco Public 77© 2013-2014 Cisco and/or its affiliates. All rights reserved.

RRK 102 @ Firefighter Maintenance Support RRK 101 @ Incident Management Team

Real-time reporting enabled real-time response

Cisco Public 88© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Layer 7 firewalls – application level inspection & policy.

We implemented policy to block inappropriate content, prioritize mission critical traffic over morale traffic, had deep knowledge about who was using the network, and for what.

We don’t control the end devices: true “BYODD” (Bring Your Own Device to the Disaster) support. Policy is in the network, not the end devices.

Cisco Public 99© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Thank you.