Organizations should conduct internal exercises to help ensure that their personnel and processes are prepared to respond effectively to a variety of potential emergencies, ranging from natural disasters to cyber-attacks. Doing so can help ensure that the organization can continue operations in case of significant disruption and can help minimize the impact of the disturbance on the organization, its personnel, customers, and other stakeholders. Internal exercises can also help alleviate the risk of potential emergencies by identifying gaps in existing processes and procedures and providing opportunities to test and improve upon existing plans.
During our annual meeting at NUARI’s headquarters in Northfield, VT, NUARI team members participated in an organization-wide incident response exercise utilizing the DECIDE® Platform. NUARI decided to focus on designing and executing an activity to bring together several NUARI departments to exercise a coordinated response in the event of a significant physical and cyber incident. During the design phase of the exercise, NUARI stayed focused on exercising a “whole of organization” approach that included multiple departments across NUARI’s enterprise. The purpose of the four-hour exercise was multi-faceted:
- Advancing the continuous development and improvement of procedures and practices aimed at improving information and knowledge sharing across the NUARI team.
- Exercising our Incident Response Plan and assessing our organizational structure for a response.
- Assessment of forensic tactics to assist with the identification of security issues.
During the training, exercise participants were presented with a scenario that simulated a physical threat to the NUARI on-site staff, who activated their incident response plan and reacted per the existing guidance from the Department of Public Safety, Norwich EMS, and NUARI Emergency Action Information leaflet. Additionally, a cyber incident impacting the operations of every department within NUARI was simultaneously introduced to remote and on-site employees. The intent will be to determine NUARI’s ability to continue delivery of services while sheltering in place, evacuating, or implementing ad-hoc solutions to ongoing operations.
This exercise presented an opportunity for NUARI to work together in a new way, which revealed other areas for adjustments. There was full buy-in and engagement at all levels, pointing out that this was not just a “check the box” event and was a welcomed action aimed at the overall improvement of the administrative and operational practices holding great potential for the further improvement of the maturity of the organization.
Exercise objectives were accomplished during this exercise, and NUARI now better understands its current capabilities, policies, procedures, and communication requirements when responding to an incident, whether it is physical or cyber-related.
Jakon is the Senior Marketing and Strategic Communications Specialist for Norwich University Applied Research Institutes (NUARI). He develops and executes digital and social media awareness initiatives promoting NUARI's mission of enabling a resilient society through rapid research, development, and education in cybersecurity, defense technologies, and information warfare.More posts by Jakon Hays