Beruflich Dokumente
Kultur Dokumente
Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and
maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information,
including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington
VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it
does not display a currently valid OMB control number.
16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF 18. NUMBER 19a. NAME OF
ABSTRACT OF PAGES RESPONSIBLE PERSON
a. REPORT b. ABSTRACT c. THIS PAGE
SAR 32
unclassified unclassified unclassified
/
Skill
Building
Experience
/
Building
Formats
Evaluati on Techniques
Pl anning Te am
an d Con s iderations
Com pos ition
Exercise Cycle
Scenario Planning
Metho dology
~
--.::::"' Seftware Engineering Institute Carnegie Mellon © 2014 Carnegie Mellon University
Cyber Exercise Hurdles
• Requires operational realism to enhance value
• Lack of codified best practices leads to ad hoc
formats and planning methodologies
• Unique complexities based on the technical
nature of cyber exercises
• Rapidly evolving policies, actions, and doctrine
Planning/Training
- Discussion-Based Operations-Based
14
Figure 3: HSEEP Building-Block Approach
---~ S0ftware Engineering Institute Carnegie Mellon © 2014 Carnegie Mellon University
Foundation: Exercise Planning
• Executive and leadership support and
commitment
– Objectives
– Resources
• Establish an exercise planning team
• Develop a project management timeline and
clearly identify milestones
• Exercise Description
• Exercise Objectives
• Stakeholders
• Participating Sectors
• Participating Organizations
• Organization Objectives (Sub-Objectives)
• Scenario Summary
• Threat Description
• Problem Sets
• Determine Ongoing Collaboration Needs
~
--.::::"' Seftware Engineering Institute Carnegie Mellon © 2014 Carnegie Mellon University
Teams
• Planning teams are usually based on the type
of exercise, complexity, scenario, location, and
resources available
• Scalable 4-cell planning construct
– Exercise Control (White Cell)
– Threat Emulation (Red Cell)
– Observer/Controllers/Evaluators (Black Cell)
– Trusted Agents
# D 0 0 0 '
":;btl;;~~...._~......
== f"WM
&
,~
•
~
~ Seftware Engineering Institute J CarnegieMellon © 2014 Carnegie Mellon University
Summary
• Cyber exercises enable experience building in
a controlled environment
• Effective planning is critical to the success of
the exercise
• HSEEP provides a framework for designing
cyber exercises based on best practices and a
proven methodology
Chairman of the Joint Chiefs of Staff Manual 3500.03D – Joint Training Manual for the Armed Forces
of the United States
http://www.dtic.mil/doctrine/training/cjcsm3500_03d.pdf