by Glynn Wilson
President Obama participated in the 2012 National Level (Security) Exercise, sponsored by the Federal Emergency Management Agency as a part of its mandate to “regularly test and evaluate our ability to respond to and recover from catastrophic events.”
Tuesday’s exercise examined challenges related to managing a cyber incident involving physical impacts on our nation’s critical infrastructure, according to a White House press release. As a part of this exercise, the President hosted a Cabinet meeting to discuss with his leadership team the time-sensitive decisions that would have to be made if a significant cyber event affected critical infrastructure systems.
“This is an important tool in the government’s efforts to protect the United States in the event of a cyber incident affecting our critical infrastructure,” the White House statement said. “An increase in reported cyber intrusions into our nation’s critical infrastructure networks shows that these systems are not being adequately protected.”
There was no report on how the administration and all the agencies performed, at least not yet. Will we find out?
Last May, the administration sent a legislative proposal to the Congress that would give the federal government and private sector new tools to ensure our most vital critical infrastructure systems are properly secured. The Senate is now considering legislation that would build on the administration’s proposal to protect critical infrastructure.
As President Obama said in his State of the Union address, “we need Congress to pass legislation to secure the nation from the growing danger of cyber threats, while safeguarding the privacy and civil liberties of our citizens. The American people expect their government to ensure the cybersecurity of the critical infrastructure upon which so much of our national security, economic well-being, and daily lives depend.”
National Level Exercise 2012 is being conducted in accordance with the National Exercise Program, according a statement from the Department of Homeland Security. This program serves as the nation’s overarching exercise for planning, organizing, conducting and evaluating national level exercises. It is part of a series of congressionally mandated preparedness exercises designed to educate and prepare participants for potential catastrophic events.
The process will examine the nation’s ability to coordinate and implement prevention, preparedness, response and recovery plans and capabilities pertaining to a significant cyber event or a series of events and examine national response plans and procedures, including the National Response Framework, Cyber Incident Annex, and the Interim National Cyber Incident Response Plan.
The Department of Homeland Security has documented a three-fold increase in reported events on federal government networks over the past three years.
“This will be the first National Level Exercise that tests our existing protocols and addresses the challenges in preparing for and responding to a cyber incident that has virtual and real-world implications,” according to the statement.
Secretary of Homeland Security Janet Napolitano met with industry and small business representatives at the White House to discuss the Department’s current efforts to secure cyberspace and develop the cyber workforce.
“Today we face an increasing demand for the best and brightest in the cybersecurity field across industry, academia and government,” Secretary Napolitano said.“DHS is committed to working with our partners at universities and throughout the private sector to develop the next generation of cyber professionals to protect against evolving cyber threats.”
During the event, Secretary Napolitano announced that the Homeland Security Advisory Council will launch an effort focused on cyber workforce development. The new task force, co-chaired by Jeff Moss and Alan Paller, will consider strategies that may include expanding DHS involvement in cyber competitions and university programs, enhancing public-private partnerships, and working with interagency partners to develop an agile cyber workforce across the federal government
In addition to protecting civilian government networks (the .gov domain), DHS also works with owners and operators of critical infrastructure to help them secure their own networks by conducting risk assessments and developing plans to mitigate risks. Last year, the U.S. Computer Emergency Readiness Team, part of DHS’ 24-hour watch and warning center, responded to more than 106,000 incident reports, and released more than 5,000 actionable cybersecurity alerts and information products to public and private sector partners.
Recently, Secretary Napolitano traveled to California where she spoke to students at San Jose State University on cybersecurity and expanding the cybersecurity workforce, as part of the DHS Campus Lecture Series.
Participants in the exercises include representatives from the federal, state, local, and territorial agency officials, nongovernmental and private sector organizations, and international partners. These exercises began in March and will continue through June 2012.
Exercise #1: Information Exchange: Held in late March, this exercise brought together representatives from federal, state, and private sector partners, the Cyber Unified Coordination Group, and others to evaluate information sharing capabilities and build a cyber Common Operating Picture.
Exercise #2: National Tabletop Exercise: Held in late April, this exercise focused on evaluating the National Cyber Incident Response Plan. Participants tested the coordination, authorities, responsibilities, and operational capabilities among U.S. governmental entities, partner nations, and the private sector in response to a significant cyber event.
Exercise #3: Capstone Event: This event began on June 4 and lasts several days. It will address cyber and physical response coordination among a variety of sectors.
Exercise #4: Eagle Horizon/ Continuity Exercise: This event will be held in late June and will evaluate the continuity capability of federal departments and agencies through a full-scale continuity exercise.
© 2012, Glynn Wilson. All rights reserved.