Presentation on theme: "SDL/08-470 slide: CyberSMART Scenario Modeling And Reporting Tool Technologies for Critical Incident Preparedness Conference 2008 October 29-31, 2008."— Presentation transcript:
SDL/08-470 slide: CyberSMART Scenario Modeling And Reporting Tool Technologies for Critical Incident Preparedness Conference 2008 October 29-31, 2008 Jim Marshall, Utah State University Research Foundation Ernest Drew, Dennis McGrath, Norwich University Applied Research Institutes Chris Fogle, Delta Risk
SDL/08-504 Slide: 2 Acknowledgments The development team would like to thank the following individuals for their support of the project: –Douglas Maughan, PhD/DHS Science & Technology Directorate –Glenn Fiedelholtz, Annabelle Lee/DHS National Cyber Security Division –John Foti, Tracy Carruth, Scott Keifer, Bridgette Spencer Walsh/Booz Allen Hamilton –Tim Guerriero and the Massachusetts “Mass Panic” Exercise Team Contract No. NBCHC060088 The underlying concepts presented today are protected under patents or other means by the team members.
SDL/08-504 Slide: 3 Who we are … Utah State University Research Foundation Program Management Visualization Development Norwich University Applied Research Institutes Subject Matter Expertise Cyber Exercise Design & Execution Dartmouth College Institute of Security Technology Studies Technical Team Lead System Design & Database Development Delta Risk, LLC Operations SME Cyber Exercise Design & Execution
SDL/08-504 Slide: 4 Team Experience Livewire/DHS TOPOFF/National Exercise Program Bulwark Defender/Air Force State, Regional, and Local Exercises International Exercises
SDL/08-504 Slide: 6 CyberStorm II: National Level Exercise Conducted March 10-14, 2008 in Washington, DC by DHS National Cyber Security Division (NCSD) $6.4M Budget Five Countries 18 Federal Departments and Agencies 40+ Private Sector Companies 1,800 Detailed Scenario Events (“injects”)
SDL/08-504 Slide: 7 Cyber Exercises All-Hazards ExercisesCyber Exercises Well-established exercise culture and response plans, and authorities Cyber exercise culture tends to be less mature. Focused on what happens after the incidentFocused on what happens before the incident; indicators and warnings may be the primary point of the exercise Rehearsal of known coordination processesDiscovery of complex interdependencies, constituencies, and decision processes Limited technical contentHighly technical audience requires more technical content in the scenario Geographical scope is well understoodGeographical scope may be unknown
SDL/08-504 Slide: 8 Cyber Exercise Challenges Participation is voluntary; players may withdraw if their expectations aren’t being met. Player perception of risk: –Security breaches –Embarrassment –Return on investment For the players to find the exercise credible, (1) the scenario must be true to life and (2) the events should not contradict each other. Events should proceed at a pace that engages each player without overwhelming him. The flow of events must not overwhelm the control team. The scenarios are complex, the events themselves may not be observable to some of the participants, the problem chains are often non-intuitive.
SDL/08-504 Slide: 9 Exercise Types Discussion-Based Exercises –Seminars –Workshops –Tabletop Exercises (TTX) –Games Operations-Based Exercises –Drills –Functional Exercises –Full-Scale Exercises … involves mobilization and response CyberSMART is suitable for both types of exercises.
SDL/08-504 Slide: 10 Exercise Objectives Initial Decision Exercise Inputs Example: Needs Assess- ment Gamespace Definition Scenario Development Scenario Validation Exercise Execution After Action Analysis Game Space Ground Truth MSEL CyberSMART Scenario Planning CyberSMART Scope
SDL/08-504 Slide: 11 How Does CyberSMART Work?
SDL/08-504 Slide: 12 Approach The CyberSMART Methodology Aligns to HSEEP Milestones and is Organized according to Three Parallel and Iterative Planning Tracks
SDL/08-504 Slide: 13 Features Developed tool around the scenario design concepts outlined above Web-based tool that can be used by a distributed team Users can query, edit, save their own scenarios Participant data is segregated within the system, access based on user roles and authentication Validation/visualization tools allow users to view scenarios and timelines as they develop, check for inconsistencies, etc.
SDL/08-504 Slide: 14 Planning View and Data View Planning View: Organized Chronologically Data View: Organized Functionally The Planning View guides users through the planning process. The Data View focuses on objectives, gamespace, and scenario.
SDL/08-504 Slide: 16 Beta Testing Vermont State-Level Exercise, December 2007 NCSD Support Contractor Focus Group, December 2007 Massachusetts “Mass Panic” State-Level Exercise, May 2008
SDL/08-504 Slide: 17 CyberSMART Hosting CyberSMART is currently hosted on a server at Utah State University Planned for hosting on FEMA’s Homeland Security Exercise and Evaluation (HSEEP) Toolkit website –At FEMA’s request, the team drafted an annex to the HSEEP guidance documents titled “Cyber Exercises” –Currently at FEMA in draft status
SDL/08-504 Slide: 18 Contact Information Jim Marshall Space Dynamics Laboratory Utah State University (435) 797-4725 firstname.lastname@example.org