OECD Strategic Crisis Management Workshop, presentation by Mr. Ulrik Keller


Published on

This presentation by Mr. Ulrik Keller, Head of section, Danish Emergency Management Agency, was made at the 2014 OECD/Swiss Federal Chancellery Strategic Crisis Management Workshop (12-13 June, Geneva).

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

OECD Strategic Crisis Management Workshop, presentation by Mr. Ulrik Keller

  1. 1. National Crisis Management Exercise Ulrik Keller Centre for Preparedness Planning and Crisis Management Danish Emergency Management Agency
  2. 2. Objectives • KRISØV has taken place every two years since 2003 • The overall objective is to exercise and test strategic parts of the national crisis management system
  3. 3. Participants Multiagency crisis management Organizations Government Security Committee Senior Officials Security Committee National Operational Staff Local Operational Staff (Copenhagen) Others Energinet.dk Dong Energy Metro NETS Danish Broadcasting Coperation Version2 Computerworld The British Embassy The Norwegian Embassy The Swedish embassy Agencies Prime Ministers Office Ministry of Defence Ministry of Justice Ministry of Foreign Affairs National Police Danish Emergency Management Agency Danish Security and Intelligence Service Danish Defence Intelligence Service Centre for Cyber Security Danish Health and Medicines Authority Defence Command Denmark Agency for Governmental IT Services Danish Agency for Digitization Danish Energy Agency Danish Veterinary and Food Administration Danish Maritime Authority Danish Geodata Agency Danish Transport Authority Danish Serum Agency Local Police (Copenhagen) The Capital Region of Denmark Municipality of Copenhagen Total: • 4 Multiagency crisis management organizations • 23 Agencies (4 ministries) • 7 Private organizations • 3 Embassies
  4. 4. Exercise control Participants G-SC Agencies Local Operational Staff National operational staff  Departements Decentralized Agencies Region/Municipality S-SC Ministers Media Private organizations Embassy Injects Players’ action (Response cell + media and public cells)
  5. 5. Outcome The exercise served as a basis for: • Assessing the effectiveness of the crisis management system • Identifying recommendations on potential adjustments in order to strengthen the crisis management efforts • Raising awareness and developing knowledge regarding cyber threats, vulnerabilities, and dependencies within critical societal functions
  6. 6. Priorities for KRISØV 2013 • Coordinated cyber attack • Derived physical consequences (simulated) • Fewer, but more comprehensive scenarios • Unstable and unpredictable situation
  7. 7. Side 7 Mobile phones down Unstable energy supply Public transport stops E-mail and internet down Altering of sensitive data Netservices not responding Unauthorized access to sensitive information Warning systems hacked
  8. 8. Website during the exercise www.krisoev.dk Practical information, phone book, exercise rules. Agencies own exercise webpages Social media Exercise controlled news media Media(Participants)
  9. 9. Social media ’Blokken’ 3265 ”Tweets” • Public: 79 % • Agencies: 12,3 % • Media: 8,7 %
  10. 10. 2. juli 2014 Dette skrives ind i sidehoved / sidefod Side 10 Danish Broadcasting Coperation: News on the net + live radio during the execise
  11. 11. Challenges • Participant = Planning • Planners don´t have the knowledge on cyberthreats • Focus on the CYBER incidents
  12. 12. Key factors for succes • High level strategic ownership (Prime Ministers office) • Extensive public and media simulation • Preparatory activities: – Seminars on cyber threats and cyber security, crisis communications and use of social media – Get-Ready- for- KRISØV 2013 – Table top exercise “To go”
  13. 13. Lessons identified: Crisis management system The positive: • National crisis management system can be used to handle a massive cyber attack • National Operational Staff has good procedures, support and cooperation amongst the participating agencies • Bilateral cooperation between the cyber agencies were good Room for improvement: • The National situation picture • Some agencies lack knowledge on the role and responsibilities of the cyber agencies • Crisis communication needs to be coordinated better
  14. 14. Lessons identified: Knowledge on cyber threats The positive: • Better knowledge on cyber for NON-cyber agencies, who doesn´t work with cyber security on a daily basis • Better understanding of cyber dependencies • Better understanding of the derived consequences of a cyber attack Room for improvement • More advice from the cyber agencies on cyber threats and cyber security to NON-cyber agencies • Preparedness plans needs to be updated so they include cyber incidents
  15. 15. Lessons identified: Exercise methodology The positive: • The 4 recommendations from KRISØV2011 gave a significant boost: – One big dynamic scenario instead of five small scenarios – Relevant injects for all participant – Further development of media and public response cells – Preparatory activities Room for improvement • IT-platform outdated (more server capability) • Fewer sub-scenarios
  16. 16. error – connection lost