Presentation on theme: "Jim Marshall, Utah State University Research Foundation"— Presentation transcript:
1 Jim Marshall, Utah State University Research Foundation CyberSMART Scenario Modeling And Reporting Tool Technologies for Critical Incident Preparedness Conference 2008October 29-31, 2008Jim Marshall, Utah State University Research FoundationErnest Drew, Dennis McGrath, Norwich University Applied Research InstitutesChris Fogle, Delta Risk
2 AcknowledgmentsThe development team would like to thank the following individuals for their support of the project:Douglas Maughan, PhD/DHS Science & Technology DirectorateGlenn Fiedelholtz, Annabelle Lee/DHS National Cyber Security DivisionJohn Foti, Tracy Carruth, Scott Keifer, Bridgette Spencer Walsh/Booz Allen HamiltonTim Guerriero and the Massachusetts “Mass Panic” Exercise TeamContract No. NBCHC060088The underlying concepts presented today are protected under patents or other means by the team members.
3 Who we are … Utah State University Research Foundation Program ManagementVisualization DevelopmentNorwich University Applied Research InstitutesSubject Matter ExpertiseCyber Exercise Design & ExecutionDartmouth College Institute of Security Technology StudiesTechnical Team LeadSystem Design & Database DevelopmentDelta Risk, LLCOperations SME
4 Team Experience Livewire/DHS TOPOFF/National Exercise Program Bulwark Defender/Air ForceState, Regional, and Local ExercisesInternational Exercises
6 CyberStorm II: National Level Exercise Conducted March 10-14, 2008 in Washington, DC by DHS National Cyber Security Division (NCSD)$6.4M BudgetFive Countries18 Federal Departments and Agencies40+ Private Sector Companies1,800 Detailed Scenario Events (“injects”)
7 All-Hazards Exercises Cyber ExercisesAll-Hazards ExercisesCyber ExercisesWell-established exercise culture and response plans, and authoritiesCyber exercise culture tends to be less mature.Focused on what happens after the incidentFocused on what happens before the incident; indicators and warnings may be the primary point of the exerciseRehearsal of known coordination processesDiscovery of complex interdependencies, constituencies, and decision processesLimited technical contentHighly technical audience requires more technical content in the scenarioGeographical scope is well understoodGeographical scope may be unknown
8 Cyber Exercise Challenges Participation is voluntary; players may withdraw if their expectations aren’t being met.Player perception of risk:Security breachesEmbarrassmentReturn on investmentFor the players to find the exercise credible, (1) the scenario must be true to life and (2) the events should not contradict each other.Events should proceed at a pace that engages each player without overwhelming him.The flow of events must not overwhelm the control team.The scenarios are complex, the events themselves may not be observable to some of the participants, the problem chains are often non-intuitive.
9 Exercise Types Discussion-Based Exercises Operations-Based Exercises SeminarsWorkshopsTabletop Exercises (TTX)GamesOperations-Based ExercisesDrillsFunctional ExercisesFull-Scale Exercises…involves mobilization and responseCyberSMART is suitable for both types of exercises.
12 ApproachThe CyberSMART Methodology Aligns to HSEEP Milestones and is Organizedaccording to Three Parallel and Iterative Planning Tracks
13 FeaturesDeveloped tool around the scenario design concepts outlined aboveWeb-based tool that can be used by a distributed teamUsers can query, edit, save their own scenariosParticipant data is segregated within the system, access based on user roles and authenticationValidation/visualization tools allow users to view scenarios and timelines as they develop, check for inconsistencies, etc.
14 Planning View and Data View The Planning View guides users through the planning process. The Data View focuses on objectives, gamespace, and scenario.Data View:OrganizedFunctionallyPlanning View:OrganizedChronologically
16 Beta Testing Vermont State-Level Exercise, December 2007 NCSD Support Contractor Focus Group, December 2007Massachusetts “Mass Panic” State-Level Exercise, May 2008
17 CyberSMART HostingCyberSMART is currently hosted on a server at Utah State UniversityPlanned for hosting on FEMA’s Homeland Security Exercise and Evaluation (HSEEP) Toolkit websiteAt FEMA’s request, the team drafted an annex to the HSEEP guidance documents titled “Cyber Exercises”Currently at FEMA in draft status
18 Space Dynamics Laboratory Contact InformationJim MarshallSpace Dynamics LaboratoryUtah State University(435)