OCR of the Document

View the Document >>

Federal Emergency Management Agency, National Level Exercise 2012, Private Sector Participant Guide, Version 1.0, Unclassified.

1001011170UL National Level Exercise 2012 Private Sector Participant Guide Version 1 0 FEBRUARY 29 2012 National Level Exercise 2012 Private Sector Participant Guide This page is intentionally blank i National Level Exercise 2012 Private Sector Participant Guide Table of Contents 1 0 Purpose of the National Level Exercise NLE 2012 Private Sector Participant Guide 1 2 0 Private Sector Participation Value Proposition 1 3 0 NLE 2012 Overview 1 4 0 Organizational Risk Mitigation 3 5 0 Media 4 6 0 Exercise Scenario 4 7 0 Exercise Participation 4 8 0 Participant Resources 7 9 0 Summary 9 Appendix A – Participant Registration Form A-1 Appendix B – NLE 2012 Training Opportunities B-1 ii National Level Exercise 2012 Private Sector Participant Guide This page is intentionally blank iii National Level Exercise 2012 Private Sector Participant Guide 1 0 Purpose of the National Level Exercise NLE 2012 Private Sector Participant Guide This document is intended to provide private sector stakeholders with an overview of NLE 2012 to include a discussion of the exercise timeline a snapshot of the exercise scenario and a review of the various potential exercise participation opportunities All questions concerning this document and NLE 2012 participation opportunities should be directed to Private SectorNLE@dhs gov 1 1 NLE 2012 Scope National Level Exercises and the predecessor Top Official exercises continue to involve broad participation based on exercise objectives scenario implications and other considerations This year is no different NLE 2012 participants include various states within Federal Emergency Management Agency FEMA Regions I II III and V The primary subject area and specific audiences for this scenario include Information Technology Communications Water and Mass Transit Rail With limited exception these are the main focus of the Players and Simulation Cell subject matter experts Interested parties outside of that scope will still find value in the Virtual Participation and Downloadable tabletop 2 0 Private Sector Participation Value Proposition Participation in NLE 2012 will provide private sector organizations a variety of benefits ultimately contributing to an enhanced understanding of information sharing response and incident management activities related to a national cyber event More specifically it is anticipated that through participation in NLE 2012 private sector organizations in collaboration with Federal state local tribal and territorial government partners as well as other exercise stakeholders will  Achieve a better collective understanding of the cyber challenges within and across sectors  Examine and better understand cyber threat alert warning and information sharing across sectors and between government and the private sector  Contribute to defining government and private sector roles and responsibilities in cyber incident response and recovery under the National Cyber Incident Response Plan NCIRP  Test and examine government-private sector coordinating structures processes and capabilities regarding cyber incident response and recovery 3 0 NLE 2012 Overview NLE 2012 is sponsored by the FEMA’s National Exercise Division NED and includes participation of all levels of government appropriate Federal department and agency senior officials their deputies and staff and key operational elements NLE 2012 will examine the 1 National Level Exercise 2012 Private Sector Participant Guide Nation’s ability to coordinate and implement prevention preparedness response and recovery plans and capabilities pertaining to a significant cyber event or a series of related cyber events Unique to NLE 2012 will be an emphasis on the shared responsibility among the Federal Government state local tribal nations and territories the private sector and international partners to manage risk in cyberspace and respond together to a cyber event with national consequences NLE 2012 will be the first NLE to simulate a cyber event and is designed to test the NCIRP the National Response Framework NRF 1 the Cyber Incident Annex to the NRF2 and foundational documents that guide National incident management activities for cyber-related events and the related downstream physical impacts NLE 2012 will also examine International Strategy for Cyberspace NLE 2012 will include the following four principal objectives  Examine the NCIRP in guiding the Nation to prepare for respond to and recover from a significant cyber event  Examine government Federal state local tribal territorial international roles and responsibilities in coordinating national cyber response efforts and their nexus with physical response efforts including allocation of resources  Examine the ability to share information across all levels of government and with the private sector classified and unclassified as well as the general public to create and maintain cyber incident situational awareness and coordinate response and recovery efforts  Examine key decision points and decision-making in a significant cyber event To provide a framework to facilitate the testing of the principal and other objectives NLE 2012 will consist of four main exercises 1 Information Exchange Exercise – This exercise will be a discussion-based exercise designed to evaluate the sharing of cyber-related information among the intelligence community law enforcement the Federal cyber community and other event specific participants and is by invitation only 2 Cyber Incident Management Virtual Effects – This exercise will address the NCIRP and is by invitation only 3 NLE Capstone Cyber Physical Effects – This will be the NLE 2012 capstone exercise It will examine challenges related to managing a cyber event with physical consequences and national security implications This will include addressing cyber physical interdependencies and impacts while simultaneously coordinating a Whole Community-level cyber and physical response For more information on the NLE Capstone Cyber Physical Effects Exercise please see Table 1 1 NRF available for download at http www fema gov pdf emergency nrf nrf-core pdf NRF Cyber Incident Annex available for download at http www learningservices us pdf emergency nrf nrp_cyberincidentannex pdf 2 2 National Level Exercise 2012 Private Sector Participant Guide Table 1 NLE Capstone Cyber Physical Effects Exercise Snapshot NLE Capstone Cyber Physical Effects Exercise Snapshot Date June 2012 Purpose The NLE Capstone Event will address cyber and physical response coordination including resource allocation Depending on dynamic exercise play and player action the exercise may also allow policy makers the opportunity to review functions involving emergency assistance and disaster relief resources relative to a cyber event with physical effects Scope The NLE Capstone Event will ensure consequence management and larger Whole Community emergency management issues are examined during the exercise The Capstone event will occur over the course of three days with play suspending each afternoon and resuming the following morning Objectives  Examine Whole Community cyber and physical response coordination including resource allocation  Examine strategies and operational capabilities and identify interdependencies between Federal government and partners that are required to respond and recover from the physical attacks related to a cyber attack Location  Capstone Event activities will take place at Federal state local territorial tribal and private sector command posts emergency operation centers and other locations across the United States and select other nations 4 Continuity Exercise Eagle Horizon – The exercise will evaluate the continuity devolution and reconstitution capabilities of Federal departments and agencies during a cyber security incident Exercise event dates are presently considered sensitive and will be provided to interested parties upon expression of interest and once vetted 4 0 Organizational Risk Mitigation The exercise evaluation program is focused on the state of preparedness of the Federal government while enabling an environment for independent evaluation of all stakeholders including the private sector As a result FEMA will not actively evaluate private sector activities in NLE 2012 Should participating organizations choose to submit either internal or external observations those contributions will be considered for insertion in the NLE 2012 After Action Report and Improvement Plan Additionally NO exercise activities will take place on actual networks or systems Exercise activities will be prompted by scenario updates and injects provided to participants via email or similar communications method 3 National Level Exercise 2012 Private Sector Participant Guide Please contact Private SectorNLE@dhs gov for more information 5 0 Media The planning team also recognizes the sensitivity of the exercise scenario and the related private sector concerns in terms of media exposure As a result FEMA and its partners are in the process of developing a media plan to ensure that all exercise related messaging is coordinated and consistent Participating organization names will not be released by the government Companies are at liberty to disclose their participation though they are asked to limit discussion of exercise details and particularly outcomes in public 6 0 Exercise Scenario In coordination with several exercise planning groups including representatives from the private sector FEMA NED is in the process of developing a realistic and plausible exercise scenario featuring a suite of cyber challenges designed to provide the opportunity to meet the exercise objectives The scenario will be unveiled in the form of injects to NLE 2012 participants during the course of the capstone exercise To ensure critical scenario elements are not revealed to exercise players scenario planning details are presently only available to a very limited audience including the exercise planning individuals who will assist in developing pre-exercise materials conducting exercise briefings and supporting training sessions 7 0 Exercise Participation Private sector participation in NLE 2012 consists of several options for participation during the NLE Capstone Exercise The specific opportunities are identified below detailing an overview of the options and the associated benefits and resource requirements Accordingly resource requirements will vary depending on the option selected Organizations should closely consider the time considerations and commitments before making a decision In addition National Infrastructure Protection Plan NIPP Sector Coordinating Council SCC member companies should notify SCC leadership prior to registering Doing so will ensure adherence to the appropriate NIPP coordinating mechanisms and establish situational awareness of sector activities 7 1 NLE Capstone – Planner Player This option incorporates the participant organization into the full spectrum of NLE 2012 design development and conduct allowing the organization the opportunity to plan and play in NLE 2012 conduct The number of participants in this option will be limited and aligned to specific exercise objectives and account for the limited timeframe which the NLE 2012 Capstone exercise will be conducted in therefore not all participants who express an interest in this option may be selected NLE 2012 planners are delineating the process by which private sector entities who express interest in this option will be selected This selection 4 National Level Exercise 2012 Private Sector Participant Guide  Is limited to organizations that routinely engage in the protection mitigation response restoration and recovery elements as they would if this were a real-world event  Requires that an organization assign a dedicated planner to attend planning meetings and receive communications regarding NLE 2012  Requires that an organization assign dedicated player s to play in the exercise  Requires a commitment to play at a specific time and for a specific duration during NLE 2012  Allows for full participation in the planning of the exercise including providing scenario input developing injects for the Master Scenario Events List MSEL and preidentifying additional participants within their organization to be “players”  Recommends incorporating organization’s exercise objectives into overall Exercise objectives to test linkages between government and private sector  Will enable access to Exercise tools such as LLIS gov and Virtual News Network VNN To register or obtain additional information regarding this option complete and submit the registration form located in Appendix A of this document Contact Private SectorNLE@dhs gov for more information 7 2 NLE Capstone – Simulation Cell Subject Matter Expert This option provides opportunities for private sector cyber subject matter experts SME to support the Simulation Cell SimCell The private sector SMEs will be a component of the National SimCell which will be co-located with the Master Control Cell MCC for NLE 2012 The number of participants in this option will be limited and aligned to specific exercise requirements likely requests for information by players and account for the logistical constraints of the facility housing the MCC therefore not all participants who express an interest in this option may be selected NLE 2012 planners are delineating the process by which private sector entities who express interest in this option will be selected This selection  Requires that an organization assign a dedicated planner to attend planning meetings and receive communications regarding NLE 2012  Requires organizations allow the SimCell participant to attend SimCell training provided during the Exercise development process prior to the Functional Exercise conduct This will include becoming familiar with the exercise scenario and critical ground truth elements  Allows private sector simulators help to ensure NLE 2012 will have accurate replication of private sector functions decisions and insight in the SimCell during the exercise −  The Private Sector SimCell will be organized and conducted primarily as a virtual capability This will include push and pull of information across the critical infrastructure sectors and other private sector companies and organizations utilizing a variety of collaboration tools Will enable access to Exercise tools such as LLIS gov and VNN com 5 National Level Exercise 2012 Private Sector Participant Guide To register or obtain additional information regarding this option complete and submit the registration form located in Appendix A of this document Contact Private SectorNLE@dhs gov for more information 7 3 NLE Capstone – Virtual Engagement This option is available to all interested participants including the private sector For private sector organizations this option provides a flexible way to remotely participate in the NLE Capstone Event at a reduced resource commitment Virtual Engagement enables private sector participants to follow the flow of the exercise via regular scenario updates and affords them the opportunity to consider the impact on their own environment and take corresponding action at the organizational level Interested organizations will be provided scenario and response updates electronically throughout the course of the Capstone Event along with a set of ongoing discussion questions tied to the Core Capabilities drawn from the National Preparedness Goal This option  Provides scenario and exercise updates at regular intervals during the NLE Capstone Event  Offers opportunity for input and feedback related to the exercise objectives contributing to the development of internal lessons learned and best practice materials  Allows organizations the opportunity to monitor exercise activities resulting in the ability to better understand information sharing and exchange activities as well as response and incident management activities  Offers an opportunity to provide input and feedback on specific topics related to FEMA’s Whole Community initiative and or NLE 2012 Feedback will drive Federal evaluation and corrective action development and provide input to ongoing FEMA Whole Community initiatives and exercises extending far beyond the conclusion of NLE 2012  Requires that upon commitment to participate in NLE 2012 at the Virtual Engagement level organizations will designate a point of contact to receive exercise information  Requires that at least one representative from a participating organization a “player” will need to be available during the exercise conduct dates in June The player should have access to the relevant organizational response plans and protocols To register or obtain additional information regarding this option complete and submit the registration form located in Appendix A of this document Contact Private SectorNLE@dhs gov for more information 7 4 NLE Capstone – Downloadable Tabletop Exercise TTX “TTX in a box” This option is available to all interested private sector participants The downloadable TTX will enable representatives of an organization to participate in a scaled down version of NLE 2012 on their own schedule and at their own pace Exercise materials will be available for download prior to during and following the exercise The materials for the TTX will include a Microsoft PowerPoint-based slide presentation with embedded multimedia updates facilitator guidance training information exercise ground rules and proposed objectives scenario introductions and updates discussion questions tied to the scenario and “hot wash” instructions The downloadable TTX is for internal organizational use only The conduct and performance of the TTX will not be monitored Once available notification will be broadly distributed 6 National Level Exercise 2012 Private Sector Participant Guide throughout the various Department of Homeland Security DHS and FEMA private sector coordinating mechanisms including the NIPP notification process as well as FEMA Private Sector Division and DHS Private Sector Office This option  Provides all required tools and information in a downloadable format that is user customizable to suit an organization’s exercise needs  Encourages organizations to conduct their own exercise that will address critical objectives being tested during the National Level Exercise  Provides a TTX that an organization can conduct at any time – not just during the NLE Capstone Event  Allows businesses and organizations of all sizes to leverage NLE 2012 for internal purposes and address critical response and recovery issues No registration is required for this option Contact FEMA-Private-Sector@dhs gov or Private SectorNLE@dhs gov for more information Please be aware the material will be available for download prior to the exercise at www fema gov privatesector exercises shtm and www fema gov plan nle index shtm FEMA Private Sector Division will publish a public notice upon availability 7 5 Additional Participation Opportunities The NLE 2012 process also includes additional exercises and events within participating FEMA Regions specifically Regions I and II These regions are hosting Regional TTXs that will likely provide an opportunity for private sector participation Details on these exercises including dates scope and availability will vary by Region Please contact the appropriate FEMA Region for related information For contact information please see http www fema gov about regions index shtm Please be aware if additional opportunities for private sector participation in any phase of NLE 2012 are developed an addendum to this document will be developed and distributed describing the additional opportunity and include relevant instructions for registering and participating in the option 8 0 Participant Resources Various tools and resources will be accessible to NLE 2012 participants Leading up to NLE 2012 there are numerous opportunities to participate in NLE 2012 related training courses FEMA NED in coordination with the FEMA Emergency Management Institute has developed a series of “Highly Recommended Training” courses intended on delivering just-in-time training for a multitude of topics ranging from “Information Security for Everyone” to “Operational Security for Control Systems ” A one page list of many of those training opportunities has been provided at the end of this guide in Appendix B The full listing of training classes being offered can be found in the NLE 2012 Training Guide posted on the Lessons Learned Information Sharing LLIS NLE 2012 Channel 7 National Level Exercise 2012 Private Sector Participant Guide This guide lists the highly recommended training courses suggested audience types for each class Federal Headquarters Federal Regional state local tribal and private sector nongovernmental organization dates and times delivery methods and information on how to register It also outlines existing programs that are considered “Additional Recommended Training” for prospective NLE 2012 players The highly recommended training courses will be offered via the Internet as a Webinar or via Video Teleconferencing session These courses are not a prerequisite for participation in NLE 2012 but are designed to assist in preparing players for their roles in the exercise Furthermore these programs are not intended to fulfill the minimum requirements for player performance but should be considered as an additional source for learning To gain access to the LLIS website  Request a LLIS gov membership by registering for LLIS at https www llis dhs gov signup do  When registering for the system select the Exercise Support System option  Once the registration information has been submitted you will receive an email that contains a link to verify your email address You must click this link to continue the registration process  Within a week of verifying your email address you will receive a confirmation email to indicate that the account is active To gain access to the NLE 2012 Channel  You must be a LLIS member  Request access to the Exercise Support Channel by sending an email to exercise@llis dhs gov stating you would like access to the NLE 2012 Channel Please note access to the LLIS NLE 2012 Channel will be limited to only those individuals involved in planning or participating in NLE 2012 8 National Level Exercise 2012 Private Sector Participant Guide 9 0 Summary This document is intended to serve as a guide to participation options available for the private sector Due to the exercise scale and scope changes to this document will occur As the designated planner Point of Contact for your organization during NLE 2012 there are numerous resources available to assist you in maximizing your organization’s participation There is an NLE 2012 mailbox dedicated to Private Sector that is monitored continuously and responses provided in a timely manner Please email any questions you have to Private SectorNLE@dhs gov Organizations interested in participating in NLE 2012 should review the Participant Registration Form found at the end of this guide and return via email to Private SectorNLE@dhs gov as soon as possible but no later than May 4 2012 9 National Level Exercise 2012 Private Sector Participant Guide This page is intentionally blank 10 National Level Exercise 2012 Private Sector Participant Guide Appendix A – Participant Registration Form National Level Exercise 2012 Department of Homeland Security Private Sector Participant Guide Submit to Private SectorNLE@dhs gov General Data Organization Primary Planning Point of Contact Name Title E-mail Address city state Phone Type of business Organization Belongs to a Critical Infrastructure Sector Coordinating Council SCC YES NO If “yes ” what Sector Agriculture Food Banking Finance Chemical Commercial Facilities Communications Critical Manufacturing Dams Defense Industrial Base Emergency Services Energy Government Facilities Healthcare and Public Health Information Technology National Monuments and Icons Nuclear Reactors Materials and Waste Postal Shipping Transportations Systems Water Have you notified the SCC of your NLE 2012 participation interest YES NO Exercise Participation Selection Please review definitions below and then check all participation options that apply Planner Player Simulation Cell SME Virtual Engagement Option 1 Planner Player This option incorporates the participant organization into the full spectrum of NLE 2012 design development and conduct allowing the organization the opportunity to plan and play in NLE 2012 conduct The number of participants in this option will be limited and aligned to specific exercise objectives and account for the limited timeframe which the NLE 2012 Capstone exercise will be conducted in therefore not all participants who express an interest in this option may be selected NLE 2012 planners are delineating the process by which private sector entities who express interest in this option will be selected A-1 National Level Exercise 2012 Private Sector Participant Guide This selection        Is limited to organizations that routinely engage in the protection mitigation response restoration and recovery elements as they would if this were a real-world event Requires that an organization assign a dedicated planner to attend planning meetings and receive communications regarding NLE 2012 Requires that an organization assign dedicated player s to play in the exercise Requires a commitment to play at a specific time and for a specific duration during NLE 2012 Allows for full participation in the planning of the exercise including providing scenario input developing injects for the Master Scenario Events List MSEL and pre-identifying additional participants within their organization to be “players” Recommends incorporating organization’s exercise objectives into overall Exercise objectives to test linkages between government and Private Sector Will enable access to Exercise tools such as LLIS gov and VNN com Option 2 Simulation Cell SME This option provides opportunities for private sector cyber subject matter experts SME to support the Simulation Cell Simcell The private sector SMEs will be a component of the National Simcell which will be co-located with the Master Control Cell MCC for NLE 2012 The number of participants in this option will be limited and aligned to specific exercise requirements likely requests for information by players and account for the logistical constraints of the facility housing the MCC therefore not all participants who express an interest in this option may be selected NLE 2012 planners are delineating the process by which private sector entities who express interest in this option will be selected This selection Requires that an organization assign a dedicated planner to attend planning meetings and receive communications regarding NLE 2012  Requires organizations allow the Simcell participant to attend Simcell training provided during the Exercise development process prior to the Functional Exercise conduct This will include becoming familiar with the exercise scenario and critical ground truth elements  Allows private sector simulators help to ensure NLE 2012 will have accurate replication of private sector functions decisions and insight in the Simcell during the exercise  The Private Sector Simcell will be organized and conducted primarily as a virtual capability This will include push and pull of information across the critical infrastructure sectors and other private sector companies and organizations utilizing a variety of collaboration tools Will enable access to Exercise tools such as LLIS gov and VNN com  Option 3 Virtual Engagement This option provides private sector organizations with a flexible way to remotely participate in the NLE Capstone Event at a reduced resource commitment Virtual Engagement enables private sector participants to follow the flow of the exercise via regular scenario updates and affords them the opportunity to consider the impact on their own environment and take corresponding action at the A-2 National Level Exercise 2012 Private Sector Participant Guide organizational level Interested organizations will be provided scenario and response updates electronically throughout the course of the Capstone Event along with a set of ongoing discussion questions tied to the Core Capabilities drawn from the National Preparedness Goal Print Name Signature A-3 Date National Level Exercise 2012 Private Sector Participant Guide This page is intentionally blank A-4 National Level Exercise 2012 Private Sector Participant Guide Appendix B – NLE 2012 Training Opportunities Exercise Player Training Business Information Continuity - AWR-176-W Cybersecurity Prevention Deterrence and Recovery - PERhttp teex com teex cfm pageid NERRTCprog area NERRT 252 University of Arkansas C templateid 1856 http cyberterrorismcenter org pdr html Community Cyber Security Exercise Planning - DHS # MGT- Cyberterrorism First Responder CFR - University of 385 Arkansas http ciastraining com webpages asp wpid 47 http cyberterrorismcenter org cfr html Continuity Managers Train-the-Trainer Course - B E L 548 Devolution Planning Train-the-Trainer Workshop - B E L 551 http www fema gov about org ncp coop training shtm#4 http www fema gov about org ncp coop training shtm#6 Continuity of Operations Building Design for Homeland Emergency Management for IT Professionals Web Based Security Train-the-Trainer Course - B E L 15 AWR-223-W http www fema gov about org ncp coop training shtm#7 http nuarilearn com Continuity Planners Train-the-Trainer Workshop - B E L 550 EOC’s Role in Managing Community Cyber Security-DHS# http www fema gov about org ncp coop training shtm#5 MGT-384 http ciastraining com webpages asp wpid 45 Cyber Exercise Participant Training Essentials of Community Cyber Security – AWR-136-W http nuarilearn com https www preparingtexas org ViewCourse aspx courseid 08 890e93-ba88-4987-b0f7-5e3ebd045958 Cyber Incident Analysis and Report - AWR-169-W Exercise Design Course Continuity of Operations - IS G 139 http teex com teex cfm pageid NERRTCprog area NERRT http www fema gov about org ncp coop training shtm#3 C templateid 1856 Cyber Incident Awareness Training Web Based – AWR-222- Information Security Basics - AWR-173-W W http teex com teex cfm pageid NERRTCprog area NERR http nuarilearn com TC templateid 1856 Cyber Law and White Collar Crime – AWR-168-W Information Security for Everyone - AWR-175-W http teex com teex cfm pageid NERRTCprog area NERRT http teex com teex cfm pageid NERRTCprog area NERR C templateid 1856 TC templateid 1856 Cybersecurity Incident Handling and Response - PER-253 University of Arkansas http cyberterrorismcenter org ihr html Universal Training Community Preparedness - IS-909 Introduction to Incident Command System ICS 100 - IShttp training fema gov EMIWeb IS is909 asp 100 b http training fema gov EMIWeb IS IS100b asp Continuity of Operations Awareness Course - IS-546 12 IS Introduction to ICS ICS 100 for Federal Workers - IShttp training fema gov EMIWeb IS is546 12 asp 100 FWa http training fema gov EMIWeb IS IS100FWa asp Critical Infrastructure Key Resources Support Annex-IS-821 Introduction to Continuity of Operations - IS-547 a IS http training fema gov EMIWeb IS IS821 asp http training fema gov emiweb is IS547a asp Emergency Manager An Orientation to the Position - IS-1 National Infrastructure Protection Plan NIPP - IS-860 a IS IS http training fema gov EMIWeb IS is860a asp http training fema gov EMIWeb IS is1 asp Emergency Planning - IS-235 a IS National Response Framework An Introduction - IS-800 B http training fema gov EMIWeb IS is235a asp IS http training fema gov EMIWeb IS IS800b asp Emergency Support Functions #2 Communications - IS-802 NIMS An Introduction - IS-700 a IS http training fema gov EMIWeb IS IS802 asp http training fema gov EMIWeb IS is700a asp B-1