We usually conduct emergency preparedness exercises as training activities in which we rehearse an established incident response plan. But today’s critical infrastructure is increasingly complex, interdependent, and controlled by information technology that is almost always connected to the web. As government agencies and private sector enterprises join forces to develop strategies for critical infrastructure protection, we find that cyber response exercises serve another purpose – discovery of the complex interdependencies, decision processes, constituencies, and considerations that must come into play for an effective response to a threatening incident.

This is particularly true in a cyber exercise, where the “playing field” is a series of complex networks of information systems that control our critical infrastructures. Within those networks, a diverse collection of computers, routers, and control systems enable electronic transactions that are essential to business and government continuity. These networks, largely owned by the private sector, are difficult to characterize even by the people who keep them running on a daily basis. Furthermore, when an attack on those networks is suspected, information passes through a complex human network that involves both they have grown in participation and complexity.

Cyber exercises require the participation of a variety of organizations from both the public and private sectors. Historically, cyber exercise scenario development has been challenging due to the diversity of participants, and their differing information assets, monitoring methods, and response doctrines. Event experienced exercise development teams have difficulty building a storyboard with engaging, plausible cyber events that challenge exercise participants while simultaneously satisfying exercise objectives. Furthermore, very little guidance exists for a structured approach to the development of a comprehensive master scenario events list (MSEL), leaving exercise development teams with the impossible task of writing hundreds or thousands of events at the end of the exercise planning process. 

CyberSMART is a web-based collaborative tool that enables a cyber exercise planning team to research, organize, enter, and edit critical exercise background information. The team can develop and validate scenario elements to ensure they are logical, that they do not conflict with each other, and that they meet the specific objectives of each exercise. CyberSMART guides exercise developers through a rigorous planning process, resulting in a scenario that is engaging and credible, and exercises those issues and plans desired by each player organization. CyberSMART provides the ability Planning Team members to work independently and access the work of other team members behind a secure portal. CyberSMART provides a simple user interface, and includes Wiki Help page explanations of cyber-exercise development terminology and guidance for the user in the process of cyber exercise development.