The state of Indiana executed CRIT-EX 16.2 on the 18th and 19th of May, 2016, at the Muscatatuck Urban Training Center. This cyberattack readiness exercise aimed to improve the overall security and responsiveness of Indiana’s critical infrastructure in the face of an advanced cyber incident that disrupts essential water utility services and presents a public safety threat.
The Indiana Department of Homeland Security in conjunction with the Indiana National Guard, Indiana Office of Technology, Cyber Leadership Alliance, and over 16 other public and private partners developed this controlled functional cyberattack exercise to allow participants to deploy resources and communicate with response partners to mitigate adverse effects and expedite recovery. Additionally, CRIT-EX is the first joint public-private partnership simulating responses to cyberattacks on the Muscatatuck water treatment plant, with expert programming and cybersecurity teams acting as cyberterrorists who attack the facility’s Supervisory Control and Data Acquisition (SCADA) systems.
The exercise had three very important themes that differentiated Crit-Ex from other cyber exercises: First, participants had to agree on a common language. Second, privacy was at the center of the exercise. The third unique theme and what is considered to be the hallmark of Crit-Ex 16.2 was the complexity of the event.
This presentation will cover the importance of training cybersecurity for industrial control systems in a complex environment. While using lessons learned as examples, the presenter will provide a roadmap to plan and execute a complex cyber exercise.
View a detailed description of the talk here