Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Colorado Cyber TTX attack AAR After Action Report ESF 18

1,523 views

Published on

Posted as a courtesy by:

Dave Sweigert
Emergency Management Specialist

Published in: Technology
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Colorado Cyber TTX attack AAR After Action Report ESF 18

  1. 1. MILE HIGH DICE CYBERSECURITY DOMAIN TABLETOP EXERCISE Mile High DICE FY-2015 Denver Interagency Continuity Exercise (DICE), A Cybersecurity Seminar and Tabletop Exercise November 13, 2014 After Action Review November 20, 2014 Cybersecurity Is Not An Information Technology Issue; It’s A Leadership Issue!
  2. 2. UNCLASSIFIED After Action Review Mile High DICE THIS PAGE IS INTENTIONALLY LEFT BLANK. i
  3. 3. UNCLASSIFIED After Action Review Mile High DICE Handling Instructions 1. The title of this document is the Mile High DICE FY-2015 Cybersecurity Domain Table Top Exercise (TTX) After Action Review (AAR). 2. The information gathered in this AAR is UNCLASSIFIED. The control of information is based more on public sensitivity regarding the nature of the exercise than on the actual exercise content. 3. All exercise participants should use appropriate guidelines to ensure the proper control of information within their areas of expertise and protect this material in accordance with current agency-specific directives. 4. Public release of exercise materials to third parties is at the discretion of FEMA Region VIII and the Colorado Federal Executive Board (CFEB). 5. For more information, please consult the following points of contact (POCs): Exercise Sponsor Gay Page Executive Director Colorado Federal Executive Board PO Box 25567 Denver Federal Center Bldg 810 Room 5014 Lakewood CO 80225 303 202 4588 gpage@colorado.feb.gov www.colorado.feb.gov Exercise Coordinator/Officer Michael D. Brinkman Regional Continuity Manager 303-235-4982 michael.brinkman@fema.dhs.gov FEMA Region VIII Denver Federal Center, Building 710 Denver, CO 80228 i
  4. 4. UNCLASSIFIED After Action Review Mile High DICE CONTENTS Handling Instructions ..............................................................................................i Executive Summary ................................................................................................1 Exercise Overview...................................................................................................3 Participating Organizations ....................................................................................4 Number of Participants...........................................................................................4 Exercise Design Summary ................................................................................................ 5 Analysis of Objectives ....................................................................................................... 7 Conclusion .......................................................................................................................... 9 Appendix A: Recommendations...................................................................................A-1 Appendix B: Participant Feedback Form ................................................................... B-1 Appendix C: Acronyms.................................................................................................C-1 Appendix D: Glossary of Terms...................................................................................D-1 ii
  5. 5. UNCLASSIFIED After Action Review Mile High DICE Executive Summary The Mile High Denver Interagency Continuity Exercise (DICE) Cybersecurity Domain was comprised of two components: a training session and a continuity tabletop exercise (TTX) focused on Cybersecurity. The purpose of this event is to provide a forum for interagency coordination and improvement of continuity plans – this year focus is cybersecurity, increasing awareness of cyber risks that may impact the performance of essential functions.. The exercise relied on the Homeland Security Exercise and Evaluation Program (HSEEP) building block approach, where some agencies examined their COOP plan or annex, and other agencies, with less robust plans, could learn from the presenters, and each other, how to build their expertise. Mile High DICE Cybersecurity Domain established a learning environment for all players to focus on improving understanding of a response concept, identifying opportunities or problems, and achieving a change in attitude. At the TTX portion of the exercise, agency representatives were seated at tables, based on their agency, with a facilitator to encourage discussion, while a selected member of their group acted as a scribe to capture their lessons learned. Mile High DICE Cybersecurity Domain focused on the following objectives: 1. Increase organizational awareness about the importance of incorporating Cybersecurity into continuity planning 2. Discuss and examine the challenges, issues and best practices associated with Cybersecurity 3. Discuss how Essential Functions will continue through a Cybersecurity emergency and the planning required to perform those functions 4. Identify solutions or alternative actions to cyber challenges, gaps or vulnerabilities in organizational continuity plans and procedures The exercise was conducted on November 13, 2014 at the United States Department of Justice, Bureau of Prisons’ National Corrections Academy, 11900 East Cornell Avenue, Aurora, CO 80014, between 8:00 AM and 4:00 PM. Overall, Mile High DICE Cybersecurity Domain successfully provided a learning environment that presented an opportunity for agencies to review their cybersecurity plans and procedures, interact with other agencies, and reinforce the need for robust continuity planning, training, and exercises. This report will analyze the exercise results, identify strengths to be maintained and built upon, identify potential areas for further improvement, and support development of corrective actions. 1
  6. 6. UNCLASSIFIED After Action Review Mile High DICE Major Strengths The major strengths identified during this exercise are as follows: • The exchange of ideas, networking opportunities and lessons learned. • Use of recent and relevant Continuity and cybersecurity examples. • The effective relationship between critical infrastructure and the private sector with cybersecurity programs. • Identifying common challenges with cybersecurity. Primary Areas for Improvement Opportunities for improvement were identified throughout the exercise. The primary areas for improvement, including recommendations, are as follows: Observation 1: Presenters were the best choice as effective tactical experts to discuss the important issues of cybersecurity. Issue: Cybersecurity is a unique topic that excited individuals, but the presenters at time spoke in terms that were way above the audience’s knowledge base. Recommendation: In knowing the audience, presenters should be advised to use non- expert (or layman’s) terms. Speakers were briefed of the target audience composition. • Emergency Preparedness Counsel members should make attempts to view a speaker’s presentation prior to DICE to discern if it is a good fit for audience and subject. • Consider using a panel discussion to help convey technical information. Observation 2: More time is needed for the tabletop exercise. Issue: Mile High DICE FY-2015 is an opportunity to provide a summary of the major changes in Continuity directives and policies. These updates can be reviewed and addressed during exercises, assisting with Corrective Action Planning. Recommendation: Allow more time for exercise play. • Consider a 3 hour TTX for FY-2016. • Limit outbriefs to ½ the tables. Mix it up, ask if anyone has something to add • Allow time for Facilitator wrap up at tables 2
  7. 7. UNCLASSIFIED After Action Review Mile High DICE Exercise Overview Exercise Name Mile High (Denver Interagency Continuity Exercise) DICE, FY-2015, Cybersecurity Domain Type of Exercise Training and lessons learned seminar, followed by a tabletop exercise (TTX) Exercise Date November 13, 2014 November 20, 2014 After Action Review Duration One Day Location United States Department of Justice Bureau of Prisons National Corrections Academy 11900 East Cornell Avenue, Aurora, CO 80014 Sponsors Colorado Federal Executive Board (CFEB) Federal Emergency Management Agency (FEMA), Region VIII Mission Continuity of Operations/Essential Functions/Cybersecurity Scenario Type Cyber-attack on the organization’s network systems 3
  8. 8. UNCLASSIFIED After Action Review Mile High DICE Participating Organizations Participating Agencies & Organizations Anticus International Corp. CACI International Inc. Chertoff Group City of Colorado Springs City & County of Denver Coalfire Systems, Inc. Colorado Federal Executive Board Colorado National Guard Dept of Agriculture – Office of Chief Information Officer Dept of Agriculture – Grain Inspection, Packers & Stockyards Administration Dept of Commerce – National Institute of Standards and Technology Dept of Commerce – National Oceanic and Atmospheric Administration Dept of Commerce – National Telecommunications & Information Administration Dept of Defense - Defense Contract Management Agency Dept of Defense - Defense Coordinating Element Dept of Defense - Defense Health Agency Dept of Defense – North American Aerospace Defense Command & Northern Command Dept of Homeland Security - Citizen & Immigration Services Dept of Homeland Security - Federal Emergency Management Agency Dept of Homeland Security - Federal Protective Service Dept of Homeland Security - Transportation Security Administration Dept of Interior - National Park Service Dept of Interior - Office of Natural Resource Revenue Dept of Interior - US Geological Survey Dept of Justice - Bureau of Prisons Dept of Transportation – Federal Highway Administration Environmental Protection Agency - National Enforcement Investigations Center General Services Administration National Archives & Records Administration National Transportation Safety Board Poudre Fire Authority Selective Service System Social Security Administration State of Colorado - CO Dept of Public Safety State of Colorado - Dept of Labor & Employment State of Colorado - Division of Emergency Management University of Colorado - Colorado Springs Number of Participants  37 Agencies & Organizations 158 Registrations  108 Participants on site 90 Participant Feedback Forms 4
  9. 9. UNCLASSIFIED After Action Review Mile High DICE Exercise Design Summary Purpose The purpose of this event is to provide a forum for interagency coordination and improvement of continuity plans – this year’s focus is the Cybersecurity domain, increasing awareness of cyber risks that may impact the performance of essential functions. Exercise Purpose and Objectives - TTX 1. Increase organizational awareness about the importance of incorporating Cybersecurity into continuity planning. 2. Discuss and examine the challenges, issues and best practices associated with Cybersecurity. 3. Discuss how Essential Functions will continue through a Cybersecurity emergency and the planning required to perform those functions. 4. Identify solutions or alternative actions to cyber challenges, gaps or vulnerabilities in organizational continuity plans and procedures. Exercise Scenario - TTX Your organization’s IT staff has informed leadership that they have detected a highly sophisticated cyber-attack on the organization’s network systems. In response to the attack and with leadership approval, the IT team has disconnected all internet and email access to include shared folders and wireless access. Incoming emails have also been blocked. IT is assessing the current damage and providing leadership with regular reports. The team is also working on protecting systems from future attacks. At this time, IT is uncertain if any information was stolen and if sensitive or classified information has been compromised. But there is a chance that several essential records stored on the primary server were corrupted. At this point, leadership has been informed that it will take a few days to sort things out, secure systems and get them back online. 5
  10. 10. UNCLASSIFIED After Action Review Mile High DICE Exercise Schedule – Training/TTX Time Session Comments 8:00 am Registration Participants sign in 8:30 am Welcome Opening comments • Jim Gray, Director, Bureau of Prisons – National Corrections Academy • Doug Gore, Deputy Regional Administrator, FEMA Region VIII • Gay Page, Executive Director, Colorado Federal Executive Board 8:45 am Introductions Agency leads introduce members 9:00 am The Cyber Universe and You! Mr. Mark Weatherford Principal, Chertoff Group & former Deputy Undersecretary, DHS Cybersecurity 10:15 am Networking Break 10:30 am Challenges & Threats in the Cloud Mr. Rick Dakin Chief Executive Officer, Co-Founder and Chief Security Strategist, Coalfire - Independent Information Technology Audit and Compliance Leadership 12:00 pm Lunch On your Own 1:00 pm Overview of NIST Cybersecurity Framework Ms. Donna Dodson Associate Director and Chief Cybersecurity Advisor of the Information Technology Laboratory (ITL) and the Chief Cybersecurity Advisor for the National Institute of Standards and Technology (NIST) 1:45 pm Networking Break 2:00 pm Discussion Based Exercise Participants will be divided into groups (primarily by agency) and guided through a discussion of issues related to Cybersecurity 4:00 pm Adjourn 6
  11. 11. UNCLASSIFIED After Action Review Mile High DICE Analysis of Objectives This section of the report reviews the performance of the exercised objectives, activities, and tasks. Observations are organized by objective, followed by a summary and corresponding observations and recommendations. OBJECTIVE 1: INCREASE ORGANIZATIONAL AWARENESS ABOUT THE IMPORTANCE OF INCORPORATING CYBERSECURITY INTO CONTINUITY PLANNING Observation: Successful Analysis: Participants in this training and exercise event were provided with a schedule designed with multiple briefings and a discussion based exercise to encourage interaction at all levels. Presentations were specifically designed to raise awareness of Cybersecurity, challenges affiliated with cybersecurity, and the potential to improve individual plans. Discussion: Given that the basic premise of a cyber-attack, it is imperative that agencies place an emphasis in their COOP planning efforts working with IT on security and compliance assessments. Recommendations: 1. Agencies should actively address any deficiencies and/or train and test the effectiveness of their emergency plans under a variety of conditions. 2. Agencies should ensure that they have the right individuals on their Continuity Working Group when developing and reviewing their COOP plans. OBJECTIVE 2: DISCUSS AND EXAMINE THE CHALLENGES, ISSUES AND BEST PRACTICES ASSOCIATED WITH CYBERSECURITY Observation: Mixed, mostly successful Analysis: Executive Order (EO) 13636 requires the development of a Cybersecurity Framework that develops voluntary critical infrastructure cybersecurity program and proposes incentives as well as identifying gaps. Discussion: Mile High DICE Cybersecurity Domain was an opportunity to provide a summary of the common challenges with cybersecurity as the threat increases. Overview of the EO proved challenging during the FY-2015 DICE since agencies wanted to review best practices and lessons learned from agencies that have dealt with this threat. Recommendations: 1. Agencies should review Executive Order 13636 that provides a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. 7
  12. 12. UNCLASSIFIED After Action Review Mile High DICE OBJECTIVE 3: DISCUSS HOW ESSENTIAL FUNCTIONS WILL CONTINUE THROUGH A CYBERSECURITY EMERGENCY AND THE PLANNING REQUIRED TO PERFORM THOSE FUNCTIONS Observation: Successful Analysis: Members have an increase organizational awareness about COOP and individual roles and responsibilities. Discussion: There is room for improvement in training staff on ways around limited communication, such as limited internet access and phone service. Recommendations: 1. More training with the ERG staff and non-ERG members is needed. Agencies also need to train backup ERG personnel on their roles and responsibilities during Continuity operations. Create detailed checklists and decision matrices for notice and no notice events. OBJECTIVE 4: IDENTIFY SOLUTIONS OR ALTERNATIVE ACTIONS TO CYBER CHALLENGES, GAPS OR VULNERABILITIES IN ORGANIZATIONAL CONTINUITY PLANS AND PROCEDURES Observation: Mixed, mostly successful Analysis: Not all agencies present had prepared adequately for cybersecurity. Discussion: Smaller organizations and larger organizations’ smaller field offices may not have the same access and plans to support secondary continuity locations as larger organizations or offices. Recommendations: 1. Agencies must develop annexes to their COOP plans that include threats associated with cybersecurity. 2. Agencies should review the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. 8
  13. 13. UNCLASSIFIED After Action Review Mile High DICE Conclusion Based on the participant feedback forms, Mile High DICE, FY-2015 Cybersecurity Domain training and lessons learned session relative to Cybersecurity and Continuity planning tabletop exercise (TTX) was a success. On a scale of 1 to 5, the overall rating for this year came in at 4.6. Participants were able to evaluate their plans against the scenario, take lessons learned from each other, and find areas to improve their continuity programs. Observations or areas for improvement for the next event include: • Increase the awareness of government, business and not-for profit organizations of the requirement to incorporate continuity planning into everyday business. • Discuss the planning required to perform those Mission Essential Functions (MEFs) that must continue through an emergency. • Recognize the critical functions of our organizations’ Information Technology components in continuity planning. 9
  14. 14. UNCLASSIFIED After Action Review Mile High DICE Appendix A: Recommendations Below is a consolidated list of the recommendations previously presented in the AAR, a result of exercise Mile High DICE Cybersecurity Domain: Table A.1 Recommendations Objective Recommendations Increase organizational awareness about the importance of incorporating Cybersecurity into continuity planning. 1. Agencies should actively address any deficiencies and/or train and test the effectiveness of their emergency plans under a variety of conditions. 2. Agencies should ensure that they have the right individuals on their Continuity Working Group when developing and reviewing their COOP plans. Discuss and examine the challenges, issues and best practices associated with Cybersecurity. 1. Agencies should review Executive Order 13636 that provides a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. Discuss how Essential Functions will continue through a Cybersecurity emergency and the planning required to perform those functions. 1. More training with the ERG staff and non-ERG members is needed. Agencies also need to train backup ERG personnel on their roles and responsibilities during Continuity operations. Create detailed checklists and decision matrices for notice and no notice events. Identify solutions or alternative actions to cyber challenges, gaps or vulnerabilities in organizational continuity plans and procedures. 1. Agencies must develop annexes to their COOP plans that include threats associated with cybersecurity. 2. Agencies should review the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. A-1
  15. 15. UNCLASSIFIED After Action Review Mile High DICE Appendix B: Participant Feedback Form Assessment Factor Strongly Disagree Strongly Agree The Training and Exercise event was well structured and organized. 1 2 3 4 5 The design was conducive to group discussion. 1 2 3 4 5 The featured Speaker’s presentation was helpful in understanding key concepts for Cybersecurity. 1 2 3 4 5 The tabletop discussion helped provide an examination of your plan and procedures for Cybersecurity. 1 2 3 4 5 The Case Studies provided in the Participant Handbook helped provide insight on the challenges with Cybersecurity. 1 2 3 4 5 This event was valuable for helping provide information for the development of refinement of your Continuity Plan. 1 2 3 4 5 Note: The figures below are based on 90 feedback form submissions 1. The Training and Exercise event was well structured and organized? 90 responses 3 (3.3%) 1 (1.1%) 6 (6.7%) 34 (37.8%) 46 (51.1%) Strongly Disagree Strongly Agree 2. The design was conducive to group discussion? 90 responses 3 (3.3%) 1 (1.1%) 11 (12.2%) 25 (27.8%) 50 (55.6%) Strongly Disagree Strongly Agree 3. The featured Speaker’s presentation was helpful in understanding key concepts for Cybersecurity? 81 responses 5 (6.3%) 2 (2.5%) 10 (12.3%) 28 (34.5%) 36 (44.4%) Strongly Disagree Strongly Agree B-1
  16. 16. UNCLASSIFIED After Action Review Mile High DICE 4. The tabletop discussion helped provide an examination of your plan and procedures for Cybersecurity? 88 responses 3 (3.4%) 2 (2.3%) 9 (10.2%) 35 (39.8%) 39 (44.3%) Strongly Disagree Strongly Agree 5. The Case Studies provided in the Participant Handbook helped provide insight on the challenges with Cybersecurity? 84 responses 3 (3.6%) 1 (1.2%) 16 (19%) 31 (36.9%) 33 (39.3%) Strongly Disagree Strongly Agree 6. This event was valuable for helping provide information for the development of refinement of your Continuity Plan? 89 responses 3 (3.4%) 1 (1.1%) 11 (12.4%) 35 (39.3%) 39 (43.8%) Strongly Disagree Strongly Agree B-2
  17. 17. UNCLASSIFIED After Action Review Mile High DICE 46 7. Please provide any other comments or recommendations regarding this event that may help in the development of future events. Format: • Excellent Speakers and Great participant handbook. The information will be used to improve COOP plans and develop future cybersecurity exercises. • There needs to be more time for exercises and less for speakers. • Reduce the number of out briefs, at some point they lose value and the interest of people. • COOP/Exercise were knowledgeable, some topics more relevant than others, but overall worth hearing. • Presentations were a bit high level, our requirements and responsibilities are somewhat lower. • This training was more relevant to policy makers. No working in the IT or computer field wasn’t applicable to some individuals jobs. • It would have been helpful to provide more focus on potential solutions, resources and best practices. Felt that too much time was spent reviewing the complexity of cyber security. More info about what to do about it would be great. • Combining two agencies at one table made it difficult to address questions during the exercise. • If possible make interspace the guest speakers in with the group discussions. The guests were great; it was just a lot to take in one right after another. • Great event for collaboration, review and lesson learned. DICE Stats (Nov 2014) Overall = 4.7 Highest = 4.9 ONRR Lowest = 4.3 DCMA Overall = 4.7 Highest = 4.9 Design (conducive for group discussion) Lowest = 4.3 Speaker’s B-3
  18. 18. UNCLASSIFIED After Action Review Mile High DICE • Provide these quarterly. • Ken Hudson did a terrific job hosting, moderating and keeping DICE on point and on time. Speakers • Some of the guest speakers were dry and technical. • For individuals who are not technical, some of the speakers were hard to follow and understand. Less technical people are in the audience and needed more explanation of cyber procedures. • Amazing expertise, great that we were given the opportunity to hear from top level experts. (Several similar type comments) • Need longer Q&A with speakers. • Outstanding topic, less technical and more “lay person” information would be helpful from a decision making standpoint. • Knowing your audience, some of the speakers were definitely geared towards IT folks rather than non-IT members making it hard to understand. Materials • It would be good if a network list was provided to the attendees. • Hope that attendees can receive e-copies of the PowerPoint presentations; will they be available on the CFEB website? • Excellent Speakers and Great participant handbook. The information will be used to improve COOP plans and develop future cybersecurity exercises. Venue • Great location, comfortable room, utilizing resources at all levels (i.e. screens and microphones). TTX / Facilitators • Appreciate the facilitators diving in to keep conversation and thinking going during the exercise. • A few of the questions during the exercise dealt with physical destruction rather than cybersecurity, making it somewhat confusing. • Group discussion was excellent with the exercise. • TTX exercises and discussions are always very helpful; more time for table discussions would have been useful. • More time on TTX and one less speaker. (Several similar comments) • The group discussions and exercise scenario did not flow as well as expected. Outcomes • Response plans are strong, but need to work on how to avoid, mitigate, and minimize effects of cyber disruptions. • Great reminder of work that needs to be done no only with our agency, but partner agencies too. • Agencies would like to conduct similar exercise, who do we contact to explore this? • Previously did not consider Fed RAMP as a tool to help improve cyber security policy. B-4
  19. 19. UNCLASSIFIED After Action Review Mile High DICE Appendix C: Acronyms Table C.1 Acronyms Acronym Meaning AAR After Action Report CFEB Colorado Federal Executive Board COOP Continuity of Operations DICE Denver Interagency Continuity Exercise ERG Emergency Relocation Group FEMA Federal Emergency Management Agency HSEEP Homeland Security Exercise and Evaluation Program NCP National Continuity Programs POC Point of Contact TTX Table Top Exercise C-1
  20. 20. UNCLASSIFIED After Action Review Mile High DICE THIS PAGE IS INTENTIONALLY LEFT BLANK C-2
  21. 21. UNCLASSIFIED After Action Review Mile High DICE Appendix D: Glossary of Terms This glossary explains some generic terms used in exercise planning, and those used during the development, conduct, and observation of the Mile High DICE FY-2015. Terms are listed alphabetically. After Action Report (AAR) - A comprehensive assessment of the exercise prepared by the Evaluation team. It includes a summary of the exercise scope, scenario, participants, and play. Most importantly, it contains an analysis of the achievement of each exercise objective. It may also include an assessment of the exercise management process including the planning, control, and observation of the exercise. This report is developed from the comments and observations recorded by Evaluators during and after the exercise. It identifies deficiencies, problems, and issues that require corrective action. Controller - Controllers plan and manage exercise play, set up and operate the exercise incident site, and possibly take the roles of individuals and agencies not actually participating in the exercise (i.e., in the Simulation Cell [SimCell]). Controllers direct the pace of exercise play and routinely include members from the exercise planning team, provide key data to players, and may prompt or initiate certain player actions and injects to the players as described in the Master Scenario Event List (MSEL) to ensure exercise continuity. The individual controllers issue exercise materials to players as required, monitor the exercise timeline, and monitor the safety of all exercise participants. Continuity of Operations (COOP) - Continuity of Operations, as defined in the National Security Presidential Directive-51/Homeland Security Presidential Directive-20 (NSPD- 51/HSPD-20) and the National Continuity Policy Implementation Plan (NCPIP), is an effort within individual executive departments and agencies to ensure that Primary Mission Essential Functions (PMEFs) continue to be performed during a wide range of emergencies, including localized acts of nature, accidents and technological or attack-related emergencies. Corrective Action Program (CAP) - The formal program that supports the identification and resolution of requirements for corrective action and the formal, appropriate integration of corrective action into interagency Continuity of Operations community. Managed by NCP with assistance from the CAP Review Board, the CAP ensures the continuing evolution and refinement of the Federal Executive Branch Continuity of Operations capability. ENDEX - The end of the exercise. This term refers to the formal conclusion of the exercise. No player activity occurs after this time. Emergency Relocation Group - Personnel identified as essential to the accomplishment of agency essential functions. These personnel are expected to relocate to an agency’s continuity site upon activation of the agency COOP plan. Controller/Evaluator Handbook - A document that establishes how the Evaluation effort will be managed. It includes the overarching objectives and a copy of all Evaluation forms. Data Collectors - Individuals who record their own as well as participants' observations during the exercise. They note the actions taken by participants and maintain a chronology of those D-1
  22. 22. UNCLASSIFIED After Action Review Mile High DICE actions. Their responsibility is to provide an assessment of how well the objectives were accomplished. Data Collectors may also be Controllers and/or Evaluators. Evaluator - Chosen for their expertise in the functional areas they will observe. Evaluators measure and assess performance, capture unresolved issues, and analyze exercise results. Evaluators passively assess and document participants’ performance against established emergency plans and exercise evaluation criteria, in accordance with HSEEP standards. Exercise Planning Team - The exercise director, the deputy exercise director, and the senior controller. These are the senior personnel at the exercise location who oversee the actions of the Evaluators, controllers, and interagency response cell members. Exercise Objectives - The specific actions to be performed or the capabilities to be demonstrated by exercise participants. Developed early in the planning effort, effective exercise objectives will ensure that participants know what is to be accomplished, who will do it, under what conditions and finally to what measurable standard. Objectives are the basis for the assessment/observation effort. Exercise Plan (EXPLAN) - The comprehensive plan for the exercise. The EXPLAN provides all exercise participants with pertinent information: the lead-in scenario, participants, points of contact, exercise objectives, assumptions, responsibilities, and administrative and security information. It is developed from the approved Concept and Objectives Paper that contains the approved exercise objectives. Inject - Injects are MSEL entries that controllers must simulate—including directives, instructions, and decisions. Exercise controllers provide injects to exercise players to drive exercise play towards the achievement of objectives. Injects can be written, oral, televised, and/or transmitted via any means (e.g., fax, phone, e-mail, voice, radio, or sign). Master Scenario Events List, MSEL - The MSEL is a chronological timeline of expected actions and scripted events to be injected into exercise play by controllers to generate or prompt player activity. It ensures all necessary events happen so that all objectives can be met. Players - Exercise participants who respond in a realistic manner to the scenario events. They do so by using the plans, procedures, and equipment on which they have been trained. In other words, they demonstrate their ability to carry out their mission. Also referred to as responders in exercises. Scenario - A sequential, narrative account of a hypothetical incident or accident. The scenario provides the catalyst for the exercise and is intended to introduce situations that will inspire responses and thus allow demonstration of the exercise objectives. STARTEX - The start of the exercise. This term refers to the formal beginning of player activity. Trusted Agent - Trusted agents are the individuals on the exercise planning team who are trusted not to reveal the scenarios details to players prior to the exercise being conducted. D-2

×