Upload
robbin
View
41
Download
0
Tags:
Embed Size (px)
DESCRIPTION
CyberSMART Scenario Modeling And Reporting Tool Technologies for Critical Incident Preparedness Conference 2008. October 29-31, 2008 Jim Marshall , Utah State University Research Foundation Ernest Drew, Dennis McGrath , Norwich University Applied Research Institutes Chris Fogle , Delta Risk. - PowerPoint PPT Presentation
Citation preview
DeltaRisk
DeltaRisk
SDL/08-470 slide:
CyberSMARTScenario Modeling And Reporting Tool
Technologies for Critical Incident Preparedness Conference 2008
October 29-31, 2008Jim Marshall, Utah State University Research Foundation
Ernest Drew, Dennis McGrath, Norwich University Applied Research InstitutesChris Fogle, Delta Risk
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 2
Acknowledgments• The development team would like to thank the following
individuals for their support of the project:– Douglas Maughan, PhD/DHS Science & Technology Directorate– Glenn Fiedelholtz, Annabelle Lee/DHS National Cyber Security Division– John Foti, Tracy Carruth, Scott Keifer, Bridgette Spencer Walsh/Booz Allen
Hamilton– Tim Guerriero and the Massachusetts “Mass Panic” Exercise Team
• Contract No. NBCHC060088• The underlying concepts presented today are protected under patents or other
means by the team members.
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 3
Who we are …
Utah State University Research Foundation• Program
Management
• Visualization Development
Norwich University Applied Research Institutes• Subject Matter
Expertise
• Cyber Exercise Design & Execution
Dartmouth College Institute of Security Technology Studies• Technical Team
Lead
• System Design & Database Development
Delta Risk, LLC
• Operations SME
• Cyber Exercise Design & Execution
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 4
Team Experience• Livewire/DHS• TOPOFF/National Exercise Program• Bulwark Defender/Air Force• State, Regional, and Local Exercises• International Exercises
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 5
Why CyberSMART?
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 6
CyberStorm II: National Level Exercise
• Conducted March 10-14, 2008 in Washington, DC by DHS National Cyber Security Division (NCSD)
• $6.4M Budget• Five Countries• 18 Federal Departments and Agencies• 40+ Private Sector Companies• 1,800 Detailed Scenario Events (“injects”)
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 7
Cyber ExercisesAll-Hazards Exercises Cyber Exercises
Well-established exercise culture and response plans, and authorities
Cyber exercise culture tends to be less mature.
Focused on what happens after the incident Focused on what happens before the incident; indicators and warnings may be the primary
point of the exerciseRehearsal of known coordination processes Discovery of complex interdependencies,
constituencies, and decision processesLimited technical content Highly technical audience requires more
technical content in the scenario
Geographical scope is well understood Geographical scope may be unknown
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 8
Cyber Exercise Challenges• Participation is voluntary; players may withdraw if their
expectations aren’t being met.• Player perception of risk:
– Security breaches– Embarrassment– Return on investment
• For the players to find the exercise credible, (1) the scenario must be true to life and (2) the events should not contradict each other.
• Events should proceed at a pace that engages each player without overwhelming him.
• The flow of events must not overwhelm the control team.• The scenarios are complex, the events themselves may not be
observable to some of the participants, the problem chains are often non-intuitive.
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 9
Exercise Types• Discussion-Based Exercises
– Seminars– Workshops– Tabletop Exercises (TTX)– Games
• Operations-Based Exercises– Drills– Functional Exercises– Full-Scale Exercises
…involves mobilization and response
CyberSMART is suitable for both types of exercises.
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 10
Exercise Objectives
Initial Decision
Exercise Inputs
Example:Needs
Assess-ment
Gamespace Definition
Scenario Development
Scenario Validation
Exercise Execution
After Action
Analysis
Game Space
Ground Truth
MSEL
CyberSMART
Scenario Planning
CyberSMART Scope
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 11
How Does CyberSMART Work?
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 12
Approach
The CyberSMART Methodology Aligns to HSEEP Milestones and is Organizedaccording to Three Parallel and Iterative Planning Tracks
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 13
Features• Developed tool around the scenario design concepts
outlined above• Web-based tool that can be used by a distributed team• Users can query, edit, save their own scenarios• Participant data is segregated within the system, access
based on user roles and authentication• Validation/visualization tools allow users to view scenarios
and timelines as they develop, check for inconsistencies, etc.
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 14
Planning View and Data View
Planning View:OrganizedChronologically
Data View:OrganizedFunctionally
• The Planning View guides users through the planning process. The Data View focuses on objectives, gamespace, and scenario.
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 15
CyberSMART Testing & Deployment
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 16
Beta Testing• Vermont State-Level Exercise, December 2007• NCSD Support Contractor Focus Group, December 2007• Massachusetts “Mass Panic” State-Level Exercise, May
2008
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 17
CyberSMART Hosting• CyberSMART is currently hosted on a server at Utah State
University• Planned for hosting on FEMA’s Homeland Security
Exercise and Evaluation (HSEEP) Toolkit website– At FEMA’s request, the team drafted an annex to the HSEEP
guidance documents titled “Cyber Exercises”– Currently at FEMA in draft status
DeltaRisk
DeltaRisk
SDL/08-504 Slide: 18
Contact Information
Jim MarshallSpace Dynamics Laboratory
Utah State University(435) 797-4725