Exercises to impove network resilience

8/14/2019 Exercises to impove network resilience

1/26

Exercises for ResilienceAn ENISA best practice guide


2/26

Why Exercises?

The obvious returnStaff is prepared and increases capability torespond to incidents and follow proceduresUnexpected implications are revealed

Also for authoritiesObservation of incident handling in practiceInterdependencies are identified

Cooperation and PPPs are stimulatedTrack improvement over time


3/26

Life Cycle of an Exercise


4/26

What measures are we testing?What is the target group for the exercise?What resources do we have to plan andconduct the exercise?

How much commitment can we expect fromparticipants?How much experience do all have withexercises?

What is the type, size and scope of theexercise?


5/26

Measures to Test

Identify a need in the form of one or moremeasures that require testingIdentify the group targeted by exercisingthese measuresChoose measures that addresscoordination and cooperation acrossorganizations

to test and improve cooperation and to revealinterdependencies.


6/26

Discussion-BasedExercises

Seminars, workshops,tabletop exercises, or

gamesOperations-BasedExercises

The exercise typeshould

Fit the need you haveidentified

The measures thatshould be tested

Incorporate differentkinds of exercises totest various measures

Types of Exercises


7/26

Participants Involved

Choose participating organizationsRelevant to the tested measuresWilling to participate

On the geographic focus of the exerciseInvolve them in the planning process

To ensure their commitment

For a realistic scenario


8/26

Large ExercisesAwareness of the issuePublicity for participantsTrain large numbers ofparticipantsReveal interdependenciesSimulate the stress andtension of real-life incidents

Small ExercisesQuicker to plan and executefrequent repetition or a quickmove on next topic

Less costly

Easier to recruit participantsEasier to planFocused measures to test

Size of Exercise

More costly, in terms of time andbudgetsMore difficult to plan andexecuteLessons may get lost in thecomplexityVery long time and be difficult toplan effectively

Less publicity and generate

less widespread awarenessNot putting all the piecestogetherMay not generate the tensionand stress of real-life incidents


9/26

Local, regional,national,Pan- EuropeanA local incident cancascade to other

regionsIncidents may takeplace in multiplelocations at onceIncidents can begeographicallydispersed by nature(DDOS)

A mix of geographicscales

procedures to respondto incidents at each of

those scalesWhere cooperation isless established startsmall

Geographic Scope


10/26

Extensive work in the planning phase!!Who leads the exercise?What is the duration of the planning?

Who gets involved in planning?How are the participants recruited?How is the scenario developed?

What do you monitor and by whom?Are the media involved?


11/26

Leading the Exercise Planning

The selected leader should either beThe one that identified the needA person that embraces the needs and objectives

Have enough resources allocated to planningthe exerciseExternal consultants can be used

Can bring useful experience, tools, and resourcesEither way have enough internal resourcesallocated to work with them and ensureeverything stays on track


12/26

Schedules will varySize and complexity ofthe exercisePreference

Degree of commitmentby participants thatexistsAmount of resources

dedicated to it.

Operational exercisesAllow extended planningcycles of at least a year

Smaller exercisesPlanning cycles ofseveral months

While experiencebuilds, times willbecome shorter

For the first exercise,allow extra time

Duration of Planning


13/26

Participants in the Planning

Participation in the planning is crucial for thesuccess of the exerciseInclude in the planning processrepresentatives of the key organizations that

should participateThat ensures that the scenario will be as realisticas possibleCommits the organization

The specific individuals will not participate inthe exercise itself


14/26

Recruiting Participants

Convincing reluctant participantsDue to resources, benefits, confidentiality,prioritization

Provide incentives

Recruit via the planning processSeminars or workshops about resilience,vulnerabilities and interdependencies

Focus on the trust issueUse trust to move more quickly in recruitingparticipants


15/26

Developing the Scenario

Scenarios should be as realistic as possibleScenarios must provide alternatives andallow flexibility to improviseIt should include detailed injects of newinformation depending on how the exerciseproceedsThe concept must align with the objectives ofkey stakeholdersPlanners need to coordinate the detailsthrough an extended process


16/26

Observe and evaluateparticipants actions,decisions, andeffectivenessReport to moderatorsRelay injectsAnswer questions

Provide input for theevaluation

External Monitors // Self-monitoringPrefer experiencedmonitorsEnsure that monitorshave sufficienttraining

Prepare material

Monitors and Monitoring


17/26

Deciding on a Media Policy

Consider the media policy before theexercise takes placeDecide on communication before, during andafter the exercise

Small exercises will not need or want toinform the mediaLarge exercises may need to notify them toavoid mistaken alarmMay decide to promote the exercise

Positive incentive


18/26

How are the participants notified?How is the scenario played?What is the role of the monitors?

What is the role of the media during theexercise?


19/26

Training of Participants

Participants will need some understandingof what will happen !!!Briefing about the rules and regulations

and background of the scenarioSeminar or online training about the toolsused during the exercise

Make the participants feel comfortable


20/26

Monitoring

ModeratorManage the overall scenarioReceive the actions taken byparticipants

Via the monitors

Determine the path of thescenarioRelay scenario injects

To monitors

MonitorsObserve participants

Actions and DecisionsEffectiveness

Report to ModeratorTake notes for evaluationRelay injects to participants

Ensure that there is a central exercise management teamEnsure that there is a clear structure and process for themonitoring team to follow


21/26

Scenario Injects

Very effective communication is requiredA detailed scenario with many paths ofpossible development is required

those paths must accurately predict theactions that participants will take.

A software tool can help moderators

Injects should simulate real-worldcommunication about an incident


22/26

Media During The ExerciseOperations-based exercises that include publicactivities or just take place on a large scale shouldinform the media in advance to avoid confusion oralarmTake advantage of the interest of the media to

generate publicityfor the initiatives you are undertakingfor the participating stakeholders

Avoid divulging sensitive information.


23/26

What do we do now?How do we improve the processes?What do we communicate to the public?

How do we measure the success?


24/26

After-Action Review

Ensure a high level of commitment to theevaluation processThe evaluation process must be planned inadvance of the exercise

Should be inclusiveworking with the stakeholders to reach consensusrecommendations will be accepted bystakeholders

Avoid blaming individual participants orstakeholders


25/26

After-Action Review

Sources of InformationSeek information for evaluationfrom many sources

Reports from the monitorsQuestionnaires completed bymonitors and participantsDebriefing sessionsTechnical results from tools

Obtain information at interimperiods as well as aftercompletion plan for obtaining

in advance

Types of Evaluation

ReportsSeparate reports

Individual, Consensus andPublic reportsTailor each to the type andamount of informationrequired

Sensitive information is onlyrevealed to the stakeholder

to which it pertainsContinue the process by moving to the next exercise


26/26

Measuring Success

Effectiveness of the Exercise ProcessesEffectiveness of the Exercise in MeetingObjectives

Specific factors are easier to measureUse questionnairesRepeat the testingFollow-Up on Lessons Learned and Action

Plans Individuals General

Date post:	30-May-2018
Category:	Documents
Upload:	pssara
View:	220 times
Download:	0 times

Exercises to impove network resilience

Documents