National Crisis Management Exercise

Ulrik Keller Centre for Preparedness Planning and Crisis Management Danish Emergency Management Agency

Objectives

• KRISØV has taken place every two years since 2003

• The overall objective is to exercise

and test strategic parts of the national crisis management system

Participants

Multiagency crisis management Organizations Government Security Committee Senior Officials Security Committee National Operational Staff Local Operational Staff (Copenhagen)

Others Energinet.dk Dong Energy Metro NETS Danish Broadcasting Coperation Version2 Computerworld The British Embassy The Norwegian Embassy The Swedish embassy

Agencies Prime Ministers Office Ministry of Defence Ministry of Justice Ministry of Foreign Affairs National Police Danish Emergency Management Agency Danish Security and Intelligence Service Danish Defence Intelligence Service Centre for Cyber Security Danish Health and Medicines Authority Defence Command Denmark Agency for Governmental IT Services Danish Agency for Digitization Danish Energy Agency Danish Veterinary and Food Administration Danish Maritime Authority Danish Geodata Agency Danish Transport Authority Danish Serum Agency Local Police (Copenhagen) The Capital Region of Denmark Municipality of Copenhagen

Total: • 4 Multiagency crisis management organizations

• 23 Agencies (4 ministries) • 7 Private organizations • 3 Embassies

Exercise control

Participants

G-SC

Agencies

Local Operational Staff

National operational staff

Departements

Decentralized Agencies Region/Municipality

S-SC

Ministers

Media Private organizations

Embassy

Injects

Players’ action

(Response cell + media and public cells)

Outcome

The exercise served as a basis for:

• Assessing the effectiveness of the crisis management system

• Identifying recommendations on potential adjustments in order to strengthen the crisis management efforts

• Raising awareness and developing knowledge regarding cyber threats, vulnerabilities, and dependencies within critical societal functions

Priorities for KRISØV 2013

• Coordinated cyber attack

• Derived physical consequences (simulated)

• Fewer, but more comprehensive scenarios

• Unstable and unpredictable situation

Side 7

Mobile phones down Unstable energy supply

Public transport stops

E-mail and internet down

Altering of sensitive data

Netservices not responding

Unauthorized access to sensitive information

Warning systems hacked

Website during the exercise www.krisoev.dk

Practical information, phone book, exercise rules.

Agencies own exercise webpages

Social media

Exercise controlled news media

Media(Participants)

Social media ’Blokken’

3265 ”Tweets”

• Public: 79 %

• Agencies: 12,3 %

• Media: 8,7 %

2. juli 2014 Dette skrives ind i sidehoved / sidefod Side 10

Danish Broadcasting Coperation: News on the net + live radio during the execise

Challenges • Participant = Planning

• Planners don´t have the knowledge on cyberthreats

• Focus on the CYBER incidents

Key factors for succes

• High level strategic ownership (Prime Ministers office)

• Extensive public and media simulation

• Preparatory activities:

– Seminars on cyber threats and cyber security, crisis communications and use of social media

– Get-Ready- for- KRISØV 2013 – Table top exercise “To go”

Lessons identified: Crisis management system The positive:

• National crisis management system can be used to handle a massive cyber attack

• National Operational Staff has good procedures, support and cooperation amongst the participating agencies

• Bilateral cooperation between the cyber agencies were good

Room for improvement:

• The National situation picture

• Some agencies lack knowledge on the role and responsibilities of the cyber agencies

• Crisis communication needs to be coordinated better

Lessons identified: Knowledge on cyber threats The positive:

• Better knowledge on cyber for NON-cyber agencies, who doesn´t work with cyber security on a daily basis

• Better understanding of cyber dependencies

• Better understanding of the derived consequences of a cyber attack

Room for improvement

• More advice from the cyber agencies on cyber threats and cyber security to NON-cyber agencies

• Preparedness plans needs to be updated so they include cyber incidents

Lessons identified: Exercise methodology The positive:

• The 4 recommendations from KRISØV2011 gave a significant boost:

– One big dynamic scenario instead of five small scenarios – Relevant injects for all participant – Further development of media and public response cells – Preparatory activities

Room for improvement

• IT-platform outdated (more server capability)

• Fewer sub-scenarios

error – connection lost