Training and Exercising for Cybersecurity Threats

Situation

As part of a large exercise series, the New England Regional Catastrophic Preparedness Initiative (NERCPI) asked Hagerty to support a Homeland Security Exercise and Evaluation Program (HSEEP) compliant program, specifically to help the State of Rhode Island understand and prepare for a cybersecurity threat.

Need

Hagerty designed the exercises to understand institutional protocols, policies, and procedures for reporting a cyber incident, thresholds for operational communications, and how to use the area’s fusion center for streamlining information sharing. According to the Department of Homeland Security, fusion centers are “focal points within the state and local environment for the receipt, analysis, gathering, and sharing of threat-related information between the federal government and state, local, tribal, territorial, and private sector partners.”

Solution

The Hagerty team developed two tabletop exercises. The first exercise presented a variety of scenarios detailing a myriad of cyber threats to the financial sector and included members from financial institutions of all sizes from across Rhode Island, as well as state and federal partners.  The second exercise focused on threat scenarios to the water and wastewater sector; it included representatives from water and wastewater facilities within the state.

Outcome

Both tabletop exercises were well received by participants and led to several great discussions pertaining to information sharing and operational coordination in the event of a cyber incident. One issue that generated a lot of discussion was at what point operationally is the best time to involve the National Guard, state regulators, and Rhode Island Emergency Management Agency. Each of Hagerty’s After Action Reports included a summary of what was accomplished during each exercise, a list of the participants, gaps identified in the exercises with subsequent analysis, and recommended next steps.