DRDC Support to Exercise Cyber Storm III

Abstract

This paper presents an overview of the DRDC command and control (C2) analysis support for Exercise Cyber Storm III, held in September 2010. It documents what was done, who was involved, challenges encountered, recommendations for improvement, and an indication of the overall effort required. After obtaining client support, DRDC teams were created for Public Safety Canada's Canadian Cyber Incident Response Centre (CCIRC), Government Operations Centre (GOC), the Canadian Forces Network Operations Centre (CFNOC), and the Royal Canadian Mounted Police (RCMP) National Operations Centre (NOC). Analysts prepared for the exercise by becoming familiar with exercise documentation and attending pre-exercise training and meetings. During the exercise, teams of one to three analysts observed exercise play at each operations centre, interviewed staff, and administered surveys. Following the exercise, DRDC letter reports synthesising information were delivered to clients. Key recommendations that result from providing C2 analysis for CSIII include: (1) for future exercises, DRDC should engage earlier to have ample time for preparation; (2) analysts and management must be educated on, and agree to, the commitment required to deliver this type of analysis; (3) the commanding officer of each operations centre should be engaged by DRDC prior to the exercise; (4) DRDC should deliver reports and briefings to clients within two to three weeks of the exercise for optimal impact; and (5) federal response plans related to cyber incidents are underdeveloped and require revision and harmonization. Despite several challenges, CSIII proved to be a worthwhile endeavour for both DRDC and the operations centres, helping to build strategic relationships and improve Canada's readiness for responding to major cyber incidents.

Document Details

Document Type

Technical Report

Publication Date

Oct 01, 2011

Accession Number

ADA553118

Entities

Tags