A military organization wanted to understand incident response gaps and identify interdependencies among critical infrastructure to improve resiliency of regional, multistate, and military emergency responses. Due to the COVID-19 pandemic, virtual exercises were run in two port cities with participants from transportation, energy, emergency management, communications, information technology, government facilities, and water sectors.
FTI Cybersecurity supported the organization, design, execution, and analysis of the multicity tabletop exercise. We helped recruit critical infrastructure participants from the public sector, targeting key players of incident response plans and cybersecurity stakeholders. Once the participant list was confirmed, we worked collaboratively with the participants to design a scenario that would progressively build up and challenge the players, keeping them engaged at each inject, or turn of events, to fully explore their incident response thresholds. We helped facilitate the exercise, leveraging virtual platforms, over the course of a single-day and collected data during the event to be reviewed for analysis and reporting.
The exercise demonstrated the need for cross-sector communication and collaboration efforts during cyber incident responses. Participants indicated through a survey that the presented scenario elements were realistic and comprehensively taxing – two-thirds of survey respondents indicated a high-level of stress by the final turn of the exercise. Although challenging, 88% of participants responded positively that the exercise provided them with new information or sources of information relevant to incident response, and 84% reported that the exercise helped them identify gaps in their respective incident response plans.