The Cybersecurity and Infrastructure Security Agency (CISA) conducts cyber and physical security exercises with government and industry partners to enhance security and resilience of critical infrastructure. These exercises provide stakeholders with effective and practical mechanisms to identify best practices, lessons learned, and areas for improvement in plans and procedures. These exercises may also inform future planning, technical assistance, training, and education efforts.
CISA works with partners to design and conduct exercises that range from small-scale, discussion-based exercises to large-scale, operations-based exercises. CISA also offers a wide portfolio of downloadable CISA Tabletop Exercise Packages (CTEPs) to serve as an off-the-shelf solution for a variety of stakeholders’ exercise needs.
Exercise Planning and Conduct Services
To assist stakeholders in examining their cybersecurity and physical security plans and capabilities, CISA provides end-to-end exercise planning and conduct support, including planning meetings, document and scenario development, facilitation, and after-action report development. CISA uses the Homeland Security Exercise and Evaluation Program (HSEEP) methodology in the design, development, and execution of exercises. HSEEP uses a common methodology across all mission areas to ensure maximum integration with all Department of Homeland Security (DHS) and external stakeholders.
Example Exercise Scenarios
- Active Shooter
- Complex Coordinated Terrorist Attack
- Vehicle Ramming
- Improvised Explosive Device (IED)
- Loss of Personally Identifiable Information (PII)
- Industrial Control Systems Compromise
For more information or to request an exercise, please contact: firstname.lastname@example.org
CISA Tabletop Exercise Packages
CISA Tabletop Exercise Packages (CTEPs) are a comprehensive set of resources designed to assist stakeholders in conducting their own exercises. Partners can use CTEPs to initiate discussions within their organizations about their ability to address a variety of threat scenarios.
Each package is customizable and includes template exercise objectives, scenarios, and discussion questions as well as a collection of references and resources. Available scenarios cover a broad array of physical security and cybersecurity topics, such as natural disasters, pandemics, civil disturbances, industrial control systems, election security, ransomware, vehicle ramming, insider threats, active assailants, and unmanned aerial systems. CTEPs also provide scenario and module questions to discuss pre-incident information and intelligence sharing, incident response, and post-incident recovery.
With over 100 CTEPs available, stakeholders can easily find resources to meet their specific exercise needs.
The cybersecurity Situation Manuals (SITMANs) cover topics such as industrial control systems (ICS), ransomware, insider threats, phishing, and elections-related cyber threat vectors.
The physical threat focused Situation Manuals (SITMANs) cover topics such as active shooters, vehicle ramming, improvised explosive devices (IED), unmanned aerial systems (UAS), and many more. There are also CTEPs that are geared towards specific industries or facilities to allow for discussion of their unique needs:
- Active Threat
- Complex Coordinate Attack
- Natural Disaster
Convergence CTEPs are those specifically designed to discuss the physical impacts resulting from a cyber threat vector, or the cyber impacts resulting from a physical threat vector. While CTEPs within the cyber and physical sections may touch on these subjects, convergence CTEPs are designed to further explore the impacts of convergence and how to enhance one’s resiliency.
CTEP package documentation allows users to leverage pre-built templates to develop a full understanding of roles and responsibilities for exercise planners, facilitators / evaluators, and participants. Additionally, the documentation includes templates for the initial invitation to participants, a slide deck to use for both planning meetings and conduct, a feedback form to distribute to participants post-exercise, and an After Action Report. In conjunction with selecting one of the above situation manuals, your exercise planning team will be able to fully develop your own tabletop exercise and update information sharing processes; emergency response protocols; and recovery plans, policies, and procedures.
CISA conducts various national exercises, including Cyber Storm and Tabletop the Vote.
Cyber Storm is CISA’s biennial national cyber exercise series. This is the Nation’s most expansive cybersecurity exercise and represents one of the few opportunities for the private sector to come together with all levels of government to address cyber response as a whole community.
Tabletop the Vote is CISA’s yearly national election security exercise. It provides an opportunity for federal partners, state and local election officials, and vendors to identify and share best practices and areas for improvement related to election security.
For more information about these exercises, please contact: email@example.com.