Will you and your team be able to protect against an unpredicted attack? You can assess and test your capabilities by doing exercises.
Protecting against malicious acts by criminals or terrorists is an essential element of global efforts to ensure that nuclear and other radioactive materials, associated activities, and facilities housing them, are kept safe and secure.
Exercises are a key assurance activity supportive of nuclear security. Nuclear Security Fundamentals recognizes that routinely performing security assurance activities is an essential element of nuclear security. Exercises can provide unique insight in the state of preparedness of security. They can also be the basis for continued improvement programmes for all organizations within the State’s nuclear security regime. However, to be most useful, security exercises need to be well organized, professionally conducted and their evaluation must focus on constructive improvement potential.
Exercises is one way to learn about your organizations capabilities. Are you and your organization prepared to tackle the unknown attack? Where is your weak spot? Is it the armed adversaries, cyber attacks, insiders, disruption of communications, a blended attack or some other kind of a nuclear security event that you need to be prepared against?
Do you train your personal and evaluate adminstrative and technical measures? Which are your requirements for physical protection? Does it reflect a concept of several layers and methods of protection (structural, other technical, personnel and organizational) that have to be overcome or circumvented by an adversary?
Is your preparation enough or do you need to do more?
Exercise is a fantastic tool to plan and prepare yourself and your organization to handle unpredicted situations. It will improve your organizations skills and capabilities and give an understanding of its up’s and down’s. From my long experience I will reveal the magic tools behind a successful exercise, it is all about planing and preparing.
I will explain how you could plan for your and your organizations need. Using my long experience of doing exercises will give you a model on how to answer questions like:
Which type of exercie do I need to do?
Which one gives the best result?
Which tools and manuals can I use?
How do I plan, prepare and conduct an exercise?
What to avoid.
How to do national or international exercises, small ones with a few participants or bigger ones with several hundred participants. Simple ones and complex ones. By adding different languages, culture and traditions gives an even more complexed picture.
In summary I have been doing lots of exercises and also been deeply involved in IAEAs developing of the handbook on Transport Security Exercises and the ongoing work with the handbook regarding Computer Security Exercises.
My presentation will give you the tools and thoughts behind planning of a successful exercise.
The objectives of an exercise may on an organizational level include (but not be limited to):
• awareness (of all personnel)
• training team, decision makers and TSOs
• test the internal procedures and how they are followed
• understanding roles and responsibilities of all, including stakeholders
• testing the communications through chain of command
• continuous collaboration and cooperation between all stakeholders
• justifying the resources for security
identify gaps in internal procedures and guides, regulations
understanding the risks
• develop the security culture
• measure overall programme effectiveness
• test the effectiveness of administrative, technical and physical security measures
• test the knowledge and skills of personnel; procedures and knowledge of the procedures (step by step)
• prepare the action plan for improvement of security measures
• lessons learned
Exercise planning with:
-target group and limitations,
-exercise types and forms,
-time table for exercises,
-using IAEA exercise handbooks.
Exercises are a powerful tool for verifying and improving the quality of computer security arrangements. Each exercise represents a significant investment of effort, financial resources and people. It is therefore important for each exercise to yield the maximum benefit. That benefit depends primarily on the quality of the preparation, conduct and evaluation of the exercise.