The Department of Homeland Security (DHS) National Cyber Exercise and Planning Program (NCEPP) develops and supports integrated cyber incident response plans and guidance and cyber-focused exercises for governmental and critical infrastructure partners. Located within DHS’s National Cybersecurity and Communications Integration Center (NCCIC), NCEPP conducts a full spectrum of exercises in cooperation with the public and private sector and international partners, particularly those who support U.S. critical infrastructure.
DHS established the Cyber Exercise Program (now called NCEPP) in 2004 as a resource responsible for developing and managing a portfolio of cyber exercises ranging from small-scale, limited scope, discussion-based exercises (e.g., two-hour seminars) to large-scale, internationally scoped, operations-based exercises (e.g., multi-day, full scale exercises like the Cyber Storm national-level cyber exercise.
NCEPP’s goals are to:
- Strengthen U.S. national cybersecurity resilience through cyber exercise planning and execution
- Advance exercise stakeholder relationships and cooperation
- Expand opportunities for engagement across the stakeholder spectrum.
Cyber Continuity Planning Support
NCEPP works with is public and private sector partners to develop and revise integrated cyber incident response plans and guidance.
Key planning products available include:
- Cyber Capabilities Planning Framework
- Sector-Specific Operations Playbooks
- State, Local, Territorial, Tribal (SLTT) Cyber Incident Annex Template
National, Statewide and International Exercises
NCEPP directly supports DHS stakeholders in the public sector, including both federal and SLTT organizations on cyber-focused exercise initiatives. Since 2012, NCEPP has co-sponsored the Cyber Guard exercise series, the largest tactical-level cyber exercise series in the nation, in cooperation with the U.S. Cyber Command and the Federal Bureau of Investigation.
NCEPP support to SLTT government partners includes cyber exercise design, development, conduct, and analysis. NCEPP’s cyber exercises familiarize the public sector on roles, responsibilities, policies, plans, and procedures to prepare for a significant cyber incident.
Recognizing that there are no borders in cyberspace, NCEPP supports DHS operational and policy initiatives to improve international cybersecurity cooperation. NCEPP sponsored exercises and workshops help raise awareness and advance cybersecurity coordination globally.
Critical Infrastructure Exercises
NCEPP provides direct support to critical infrastructure assets, assisting in the development and execution of cyber exercises for individual organizations and critical infrastructure sectors.
Cyber Storm Exercise Series
Cyber Storm is the Department’s capstone national-level cyber exercise series. Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public and private sectors. Participation spans across federal, SLTT, international, and public and private sector critical infrastructure stakeholders.
These capstone exercises are typically a week long and involve more than a thousand distributed players. Participating organizations respond to simulated attacks by practicing response policies and procedures, which help to identify findings, including relative strengths, interdependencies, and areas for improvement.
Special Event Support
NCEPP also conducts cyber exercises to help public and private sector partners prepare for special events, such as Special Event Assessment Rating (SEAR) events or National Special Security Events (NSSE). These exercises take into account the risk profiles and multi-stakeholder coordination mechanisms unique to each event.
Cyber Exercise Toolkit (CTEP)
NCEPP has developed a comprehensive, adaptable, and scalable cyber tabletop exercise package (CTEP) as a toolkit for interested organizations. CTEP allows stakeholders to produce and customize their own tabletop cyber exercise, tailored for their organization.
Enhancing Cyber Incident Response Capabilities
The nation’s cyber incident response capabilities need to mature and adapt to ever-evolving cyber risks and threats. Cyber exercises like Cyber Storm allow the cyber incident response community to practice and measure the effectiveness of their capabilities and continuously improve.
For more information on the National Cyber Exercise and Planning Program, email email@example.com.