The Intelligence and National Security Alliance (INSA) organized a tabletop exercise (TTX) to examine the effectiveness of mechanisms to respond to and recover from a cyber attack on multiple critical infrastructure sectors. In the scenario for this exercise, a cyber attack on power companies in Baltimore, Maryland, took much of the power grid offline and had cascading impacts on regional transportation infrastructure. More than 70 participants -- officials from all levels of government and experts in cybersecurity, energy, transportation, and communications -- worked through the scenario and recommended courses of action to federal- and state-level government. The exercise’s three moves were structured around selected phases in the National Institute of Standards and Technology (NIST) Cybersecurity Framework: Detect, Respond, and Recover.
The scenario was designed to:
- Assess cooperation and information sharing among intelligence agencies, law enforcement, and the private sector;
- Identify gaps in incident response planning, authorities, knowledge, and processes;
- Identify obstacles to prompt restoration of critical services after a cyber attack; and
- Provide insights on how government and private industry can better work together to counter future cyber threats.
Exercise participants identified several core issues that, as they worked through the crisis scenario, proved critical to address:
- The importance of clear leadership;
- The need for an effective, rapidly applicable methodology to contain the attack;
- The value of disseminating information to direct response efforts; and
- The importance of multi-sector communication in coordinating efforts and smoothing response processes.
The full after-action report captures the exercise’s findings and recommendations. Click below to read the full INSA report, Managing a Cyber Attack on Critical Infrastructure: Challenges of Federal, State, Local, and Private Sector Collaboration.