FEMA Brings Cybersecurity Testing to Your Desktop

Earlier this month, President Barack Obama and members of his administration participated in the National Level Exercise 2012 (NLE), a FEMA security exercise that tested how the nation would recover from a devastating cyberattack. The president discussed decisions in a Cabinet meeting with other participants to consider options that would help during a real-life incident.

FEMA currently offers a self-directed downloadable version of the exercise for organizations that want to test their own cyber-fitness. 

The live exercise with the president took place on June 5, but several details about the exercise emerged weeks later in various media outlets. According to Computerworld, the exercise contained fake TV news reports to heighten the suspense, comprising three videos in which a fictitious VNN reporter (played by real-life reporter Jeanne Meserve) tells the audience about the Void, a hacktivist group planning to unleash a nightmarish wave of malware around the world. The group’s opening salvo would damage America’s critical infrastructure.

NLE 2012 is the latest in a series of annual tests that are conducted as part of the National Exercise Program, America’s umbrella program for organizing exercises of this nature.  

Both FEMA and the DHS declined to share details about 2012’s exercise when contacted by Emergency Management magazine, but the DHS has made some information public.

The June 5 exercise that Obama participated in was just one component of a larger test that began in the spring and won’t end until later this month.

According to a DHS fact sheet, there are four exercises.

• Exercise #1 (late March): Various partners, including those from federal, state and private-sector groups, evaluated information sharing capabilities;

• Exercise #2 (late April): Participants tested how well they could coordinate activities and responsibilities in response to a significant cyberevent as part of an evaluation of the National Cyber Incident Response Plan;

• Exercise #3 (early June): This weeks-long event addresses cyber and physical response coordination across sectors, and included Obama’s participation earlier this month; and

• Exercise #4 (late June): This continues the previous exercise and will assess how well the parties involved kept up and executed their goals.

The downloadable tabletop version is an interactive exercise with scripted video injects and PDF facilitator’s notes. This on-demand package focuses “on the areas of crisis communications and search and rescue.”

The White House press release stated that June 5’s exercise “examined challenges related to managing a cyberincident involving physical impacts on our nation’s critical infrastructure.” The statement ended by writing of the president’s desire for Congress to pass legislation to secure cyberspace while maintaining citizen privacy and civil liberty.