1 / 9

America’s First National Critical Infrastructure Exercise

Public Release. America’s First National Critical Infrastructure Exercise. Mr. Mark Gembicki, National Managing Director Critical Infrastructure Resiliency Practice +1 443 756 6161 | Mark.Gembicki@BearingPoint.com. Background.

graceland
Download Presentation

America’s First National Critical Infrastructure Exercise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Release America’s First National Critical Infrastructure Exercise Mr. Mark Gembicki, National Managing Director Critical Infrastructure Resiliency Practice +1 443 756 6161 | Mark.Gembicki@BearingPoint.com

  2. Background • To date, no exercise has been conducted by, or for, the Private Sector • Government exercises reflect the needs and requirements of the “government” • Organization plans, policies, and procedures are not adequately assessed or evaluated in current government exercises dealing with critical infrastructures

  3. Objectives • Conduct a private sector exercise • Improve relationships among and between key stakeholders • Exercise threat scenarios against operational aspects of the electrical grid • Provide an infrastructure for organizations to self test and evaluate organizational plans, policies, and procedures • Capture performance data to evaluate Critical Infrastructure Resiliency metrics and models – U.S. comparison against other countries • Identify key successes and failures • Allow for a natural response to scenarios – inaction as well as action is evaluated • Consider both socio-economic and national security impact • Articulate benefits for preventative security

  4. Overview • Funded by the private sector • All exercise data will be protected under multi-party non-disclosure agreements • Exercise will simulate and maintain perspective between parties • All information will be treated as sensitive but unclassified information • Participants will play at the location from which they would most likely respond to a cyber event • “Functional” exercise- simulating a real time emergency scenario using real people and equipment to test plans and procedures • Conducted with a comprehensive “hot wash” and after action analysis report available to all participants

  5. General Framework of Scenario • Scenario and General Framework: • NCIE will use a common series of scenario and varying perspectives for all players that would a) produce a response, and b) resemble possible attacks directed toward participants • The draft framework includes four stages: • Stage 1: Situational Awareness - Background information on an emerging threat/vulnerability will be provided to assess organizational incident detection capabilities • Stage 2: Crisis Identification - Increased activity will be presented in an escalating fashion • Stage 3: Business Impact - Activity will cause a series of business impacts to trigger contingency plans • Stage 4: Recovery - Activities should diminish and begin the recovery/restoration process to “normal” conditions

  6. Participant Benefits • Participants are provided with a stable framework to exercise and self evaluate organizational capabilities to respond to security events • Improved understanding of social, economic, and national security impacts as well as a way to measure them against stakeholder equity and “Duty of Care” principles • Opportunity to provide recommendations to the Department of Homeland Securities, Science & Technology directorate for future R&D spending • Establish and/or improve relationships for future response situations • Ensure plans are accurate, up to date and understood • Test core emergency response personnel • Identify success/weakness in organizational policies with tangible improvements identified • Increased awareness of attacks and effects • Participation in follow-on exercises across remaining critical infrastructures

  7. Critical Dates • Completion of Final Exercise Plan: September 23, 2005 • Concepts and Objectives Meeting Date: May 23, 2005 • Initial Plan Completed: June 24, 2005 • Initial Planning Conference: July 11, 2005 • Mid-Planning Conference: August 30, 2005 • Final Planning Conference: September 8, 2005 • Exercise Execution Date: October 18-19, 2005 • Interim Findings Report: November 7, 2005 • After Action Reports: December 16, 2005

  8. Exercise Director Mr. Mark Gembicki Phone: 1 443 756 6161 Email: Mark.Gembicki@BearingPoint.com Program Manager Mr. Joe Albaugh Phone: 1 410 707 5085Email: Joe.Albaugh@BearingPoint.com Exercise AdvisorMr. Amit Yoran Phone: 1 703 966 1254 Email: Amit@Yoran.org Program Manager Ms. Jacklyn Blecker Phone: 1 703 965 6134 Email: Jacklyn@Yoran.org NCIE Points of Contact

More Related