National Level Exercise 2012 (NLE 2012) is being conducted in accordance with the National Exercise Program (NEP), which serves as the nation’s overarching exercise program for planning, organizing, conducting and evaluating national level exercises.
NLE 2012 is part of a series of congressionally mandated preparedness exercises designed to educate and prepare participants for potential catastrophic events. The NLE 2012 process will examine the nation’s ability to coordinate and implement prevention, preparedness, response and recovery plans and capabilities pertaining to a significant cyber event or a series of events. NLE 2012 will also examine national response plans and procedures, including the National Response Framework (NRF), NRF Cyber Incident Annex, and the Interim National Cyber Incident Response Plan (NCIRP).
DHS has documented a three-fold increase in reported events on federal government networks over the past three years. This will be the first National Level Exercise that tests our existing protocols and addresses the challenges in preparing for and responding to a cyber incident that has virtual and real-world implications.
Participants in NLE 2012 include representatives from the federal, state, local, and territorial agency officials, nongovernmental and private sector organizations, and international partners.
NLE 2012 includes four main component exercises with common scenario and planning elements. These exercises began in March and will continue through June 2012.
- Exercise #1: Information Exchange: Held in late March, this exercise brought together representatives from federal, state, and private sector partners, the Cyber Unified Coordination Group, and others to evaluate information sharing capabilities and build a cyber Common Operating Picture.
- Exercise #2: National Tabletop Exercise: Held in late April, this exercise focused on evaluating the National Cyber Incident Response Plan.Participants tested the coordination, authorities, responsibilities, and operational capabilities among U.S. governmental entities, partner nations, and the private sector in response to a significant cyber event.
- Exercise #3: Capstone Event: This event began on June 4 and lasts several days. It will address cyber and physical response coordination among a variety of sectors.
- Exercise #4: Eagle Horizon/ Continuity Exercise: This event will be held in late June and will evaluate the continuity capability of federal departments and agencies through a full-scale continuity exercise.
DHS Role in Cybersecurity
The Department of Homeland Security plays an integral role in helping to maintain our nation’s cyber infrastructure.
DHS is responsible for securing unclassified networks for Federal Executive Branch civilian departments and agencies (the .gov domain). DHS works with owners and operators of critical infrastructure and key resources (CIKR) — private sector, state, and municipality-owned—to support cybersecurity preparedness through risk assessment, mitigation, and incident response capabilities.
DHS Cybersecurity Capabilities and Activities
Incident Response Capabilities
- The United States Computer Emergency Readiness Team (US-CERT) collaborates with government, private sector, research community, and international entities to monitor cyber trends. US-CERT provides access to actionable situational awareness reports; detection information about emerging cyber threats and vulnerabilities; and cybersecurity warning and alert notifications through the National Cyber Alert System.
- Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) coordinates control systems-related security incidents and information sharing through Fly-Away Teams with the public and private sectors, as well as international and private sector CERTs. ICS-CERT also operates a Malware Lab to analyze vulnerabilities and malware threats to ICS equipment.
Cyber Assessments, Evaluations and Reviews
- The Cyber Security Evaluation Program (CSEP) performs Cyber Resilience Reviews (CRRs), which measure an organization’s ability to manage cyber risk to critical infrastructure and key resources.
- The Cyber Security Evaluation Tool (CSET) provides a systematic and repeatable approach to assess the cybersecurity posture of ICS networks. CSET is a stand-alone software tool that enables users to assess their network and ICS security practices against industry and government standards and provides prioritized recommendations.
- The Cybersecurity Assessment and Risk Management Approach (CARMA), a tool of the Critical Infrastructure Protection – Cyber Security (CIP-CS) program, assists critical infrastructure sectors; state and local governments; and other partners to assess, prioritize, and manage cyber infrastructure risk by providing a picture of sector-wide risks for different categories of cyber critical infrastructure.
Cyber Exercise Program
- The Cyber Exercise Program conducts cyber exercises and workshops with federal, state, local, private sector, and international partners with the goal of strengthening the security and resiliency of our cyber systems, and protecting the broad range of infrastructure that they support.
- The CyberStorm Exercise Series focuses on simulated cyber-specific threat scenarios intended to highlight critical infrastructure interdependence and further integrate federal, state, international, and private sector response and recovery efforts. The series helps participants assess their response and coordination capabilities specific to a cyber incident.
National Cybersecurity and Communications Integration Center
- The National Cybersecurity and Communications Integration Center (NCCIC) is a 24/7 integrated watch and warning center;
- Through the NCCIC, DHS provides actionable information to the private sector, other government agencies and the international community to mitigate risk.
Public-Private Sector Partnerships
Over the past three years, DHS has worked closely with our many partners to enhance the federal government’s capacity to protect against cyber threats in a number of ways, including:
- Increasing the number of cyber experts at the Department by nearly 600 percent;
- Developing and testing the country’s first-ever National Cyber Incident Response Plan.
- DHS released the Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise, which calls for a coordinated effort across the homeland security community to protect our nation’s critical information infrastructure and build a safer and more secure cyber ecosystem. Specific actions outlined in the strategy range from hardening critical networks and prosecuting cybercrime to raising public awareness and training a national cybersecurity workforce.
Protecting critical infrastructure and cyberspace – including the systems and networks that support the financial services, energy and defense industries – requires a full range of partners.
In 2011, DHS continued to make strides to safeguard and secure cyberspace:
- Deploying 18 on-site technical response teams
- Leading multi-agency response activities for cyber incidents at NASDAQ and the technology security company RSA
- Arresting a Malaysian hacker with 400,000 stolen debit/credit card numbers. The hacker confessed to having broken into the Federal Reserve Bank of Cleveland’s systems.
- In FY 2011, DHS’s U.S. Computer Emergency Readiness Team (US-CERT) responded to more than 100,000 incident reports, and released more than 5,000 actionable cybersecurity alerts and information products.
So far in FY2012, US CERT has responded to over 65,000 incident reports – this reflects a 35% increase above the incidents we responded to by this time in 2011.