Infrastructure Security Month (November) will soon come to a close, but that doesn’t mean efforts to build security and resilience should stop! Quite the contrary – never stop seeking to improve your utility’s security posture, especially given all the resources (oftentimes free) that exist to help in this critical endeavor.
For this final posting for this year’s Infrastructure Security Month, WaterISAC is highlighting exercises, in particular the CISA Tabletop Exercise Packages (CTEPs). Tabletop exercises, or TTXs as they are often called, prompt participants to walk through their plans for responding to incidents, such as a ransomware infection or an active shooter situation, by presenting them with a realistic scenario. TTXs are discussion-based exercises, meaning the simulations and participant responses are only talked about, lessening the amount of resources, planning, and disruption that might otherwise be required. And with the CTEPs, CISA has completed most of the work planning a TTX, although some customization from the organization conducting the exercise is still necessary. The available CTEPs cover a broad array of physical security and cybersecurity topics, such as natural disasters, pandemics, civil disturbances, industrial control systems, ransomware, vehicle ramming, insider threats, active assailants, and unmanned aerial systems. As part of the cybersecurity scenarios, there’s even a Water Systems CTEP, which WaterISAC helped CISA develop by working with a group of its members. Access CISA’s CTEP webpage.
In a further illustration of how exercises can help improve organizational security and resilience, during the December Cyber Threat Briefing WaterISAC will highlight the significant findings from two TTXs (one focused on cybersecurity, the other on physical security) it conducted during H2OSecCon. Visit the Upcoming Events section of the WaterISAC portal for more information and to register.