Exercise History

2003 – TOPOFF 2:

TOPOFF was a U.S. Congressionally‐mandated exercise that tested response to a terrorist WMD incident on a national and regional level. This was the first time cyber incidents were factored into a Tier 1 exercise, with NUARI personnel asked to develop and conduct a Standalone Cyber Exercise in support of the Full Scale Exercise, limited to a single state.

 

2003 – Livewire:

Livewire was a simulation‐supported exercise developed by the Institute for Security Technology Studies at Dartmouth College. A predecessor to the DHS Cyber Storm Series, Livewire was a nationwide exercise that engaged relevant decision‐makers from federal, state, and local governments, along with private‐sector counterparts in the finance and energy sectors. This multi‐day cyber “discovery” exercise practiced response to a complex cyber‐attack by a capable adversary.

 

2004 and 2005 – Senior Officials Exercise (SOE):

NUARI staff led the SOE team of U.S. Government Cabinet Level Principals, deputies, and senior department/agency managers in creating this program designed to validate policies and procedures, develop concepts and focus issues, and rehearse for specific events at the policy level.


2005 ‐ TOPOFF 3 National Level Inter‐Agency Exercise:

In support of this full‐scale exercise, NUARI conducted a Standalone Cyber Exercise for each of two venues.

 

2006 through 2008 – Japanese Cyber Exercise Development:

NUARI was asked to train Japanese telecommunications companies in the development and execution of cyber exercises. The capstone exercise included participants from the Ministry of Internal Affairs and Communications (MIC) and telecommunication corporations. About 13 distinct corporate entities represented by about 80 individuals, participated in the exercise. The life cycle of this endeavor ranged from initial training in 2006, which included threat discussions and demonstration exercises, to development of the first full‐ scale exercise with ISP employees in 2007, and concluded in 2008, when NUARI observed and evaluated an ISP‐developed exercise. The final exercise took about four months’ preparation time, including scenario development against new threats.

 

2007 – TOPOFF 4:

NUARI personnel were responsible for private sector play in the Portland and Guam venues and provided essential support to the Cyber Working Group.

 

2008 – Massachusetts Regional Cyber Exercise:

NUARI personnel created the gamespace for this regional exercise intended to raise awareness of vulnerabilities and response capabilities associated with service delivery during a significant cyber incident across sectors. Participants included state and local agencies.

 

2010 – Emerald Down:

Puget Sound stakeholders conducted a regional cyber exercise with Washington State and federal agency partners to improve cyber‐event awareness and response and to identify regional cross‐sector partnerships. NUARI served as the principal design and implementation agent for this exercise. NUARI developed the exercise to examine current cyber‐event preparedness efforts and response and recovery plans, including roles and responsibilities for public sector entities; regulatory response requirements; public and private sector collaboration; and current communication capabilities. NUARI employed a distributed exercise process allowing individual organizations to participate from their own locations.

 

2011 – Quantum Dawn:

In November 2011 the Financial Services Sector Coordinating Council (FSSCC) conducted an operational risk exercise designed primarily to test the Financial Annex to the National Cyber

 

Incident Response Plan (NCIRP):

Quantum Dawn tested the performance of national cyber incident response structures to a cyber crisis that falls outside of DHS’s primary responsibility to manage, in this case, within the finance sector. Quantum Dawn was a six‐hour functional exercise, distributed between New York, Chicago, Washington D.C., and other venues, using the DECIDE® platform.

 

2012 – Green Mountain Flash:

In September 2012, NUARI provided support to the Vermont Army National Guard in the conduct and development of a three‐day, web‐based, cyber security training exercise at the 124th Regiment located on Camp Johnson, as well as pre‐exercise technical support and a post‐event review.

 

2013 – Quantum Dawn 2:

In July 2013, NUARI, with the Security Industry Financial Markets Association (SIFMA), conducted Quantum Dawn 2, a simulation‐supported exercise distributed event to enable individual firms (50 firms with 500+ players) and the financial sector participants as a whole to test their response plans in order to maintain effective and orderly markets and protect clients in the event of a systemic cyber‐attack. Organizations participated from their individual locations; the exercise was executed in the United States and simultaneously in three international locations.

 

2014 – SIFMA TTX:

Under the auspices of SIFMA, cyber security exercises were held in March through June 2014 with SIFMA member firms and certain exchanges. The exercises were presented as a series of 3 table‐top exercises with a total of 35 firms participating. These events were conducted in a single venue location to allow organizations to interact informally during the crises.

 

2015 – Quantum Dawn 3:

For QD and QD2, SIFMA and NUARI coordinated two cybersecurity exercises for the financial services sector (Sector). These wide‐scale simulations provided a forum for participants Cyber Security and Incident Response to exercise risk practice responses to a systemic cyberattack. In September 2015, SIFMA hosted Quantum Dawn 3 (QD3), the third cyber simulation in the series. It included over 650 participants from more than 80 financial institutions, government agencies and market utilities. QD3 was designed with a focus to improve the readiness of the Sector to respond to Sector‐wide cyberattacks. The exercise allowed firms to rehearse response mechanisms, both internally across departments and externally across the Sector, against a broad range of attacks, as well as to simulate public and private sector market‐wide communications, information sharing, threat monitoring and decision‐making during a systemic cyber‐attack. The QD3 scenario, designed by NUARI, was a one‐day exercise which featured several different attacks that participants faced over a simulated three‐business‐day timeline. The scenarios were built on lessons learned from past exercises and with thoughtful input from industry specialists. The exercise was completed successfully and demonstrated the critical importance of information sharing in responding to a cyberattack and the value of having established and regularly utilized processes for information sharing prior to a crisis.

 

2015 – DHS Higher Ed Exercise:

NUARI conducted a half‐day tabletop exercise for 80 higher education institutions and more than 400 participants. The event was conducted in a single room with participants receiving injects electronically, and collecting responses from the participants in real time.

 

2015 – SIBOS:

NUARI, in support of SWIFT’s annual SIBOS conference, conducted two 90‐minute immersive, simulation‐supported cyber exercises. Participants were grouped into ad‐hoc teams and presented with a cyber disruption to manage and respond. The system produced metrics and immediate feedback to engage the audience in discussions of differences in organizational approaches to cyber security response and recovery policy.

 

2016 – South Africa:

NUARI designed, developed and delivered two customized, two‐hour exercise events for 13 financial institutes and agencies in South Africa.

 

2016 – Vigilant Guard:

Working with the Vermont National Guard, NUARI assisted in the conduct of a cyber training exercise during the execution of Vigilant Guard 2016 to test incident response handling and civilian incident command coordination.