Cybersecurity Seminar After-Action Summary Report[Date]

The After-Action Summary Report aligns objectives with preparedness doctrine to include the National Preparedness Goal and related frameworks and EMPG guidance.

1

Instructions: Delete these instructions once the report is completed.This Summary Report was specifically developed for this Cybersecurity Seminar and can earn jurisdiction a needed cybersecurity EMPG credit.The Texas Division of Emergency Management in coordination with the Texas Department of Information Resources (DIR) and the Texas A&M University System (TAMUS) has developed this seminar for jurisdictions needing to meet the FY-2020 EMPG requirement to exercise the Cybersecurity Core Capability. This seminar video was created from interviews with Danny Miller, the Cybersecurity Information Security Officer (CISO) for TAMUS and Andy Bennett Deputy CISO for DIR. How to conduct this exercise: Invite jurisdictional leadership, government officials with an emergency

management roles, local utilities, and any other agency or organization that would be involved in a cyber-response.

Watch the video, individually or in web-based meeting or small group. The video can be accessed at: https://www.youtube.com/watch?v=N9jhrrvf7zM&feature=youtu.be

The Texas Department of Information Resources publishes the Incident Response Team Redbook which can be found here:https://pubext.dir.texas.gov/portal/internal/resources/DocumentLibrary/Incident%20Response%20Template%202018.pdf . Download the Redbook as it can guide your discussion on how your community would handle a cyberattack.

Following the video, discuss how your jurisdiction would respond to a cyberattack, what safeguards and resources you have in place and what assistance you are going to need. Do you know where to get needed resources? Does your jurisdiction have a plan or annex dealing with cybersecurity and is it up to date.

Record you findings in the Cybersecurity After-Action Summary Report. Remember, to earn EMPG credit for seminars, you must chose a minimum of two core capabilities.

Submit the report to the Exercise Unit: TDEM.Exercises@tdem.texas.gov ResourcesThe Texas Department of Information Resources (DIR) provides many resources and training to keep your community safe from cyberattacks. There website is https://dir.texas.gov/ If you have any questions, please feel free to contact us.

Delete items that do not apply.

2

3

After-Action Summary Report Cybersecurity Seminar

Exercise OverviewExercise Name

Date

Type Seminar

Scope (Local, Regional,

Multi-jurisdictional)Mission Area(s)

(Prevention, Mitigation, Protection, Response)

Core Capabilities

(check a minimum of two Core Capabilities)

CybersecurityIntelligence and Information SharingLong-Term Vulnerability ReductionOperational CommunicationsOperational CoordinationPlanningPublic Information and WarningRisk and Disaster Resilience AssessmentRisk Management for Protection Programs and ActivitiesSituational AssessmentThreat and Hazard IdentificationOther (Add your own)

Objectives 1.2.

Threat Cyberattack

Major Strengths

1.2.3.

Point of Contact

Name:Title:Phone:Email:

4

After-Action Summary Report Cybersecurity Seminar

Exercise Discussion SummaryInstructions: Delete this shaded area after the report is completed.Below are all the core capabilities applicable to this exercise. Select the ones you will use in your exercise. Delete the rest.Enter your observations or discussion highlights associated with the core capability in the space provided.Core Capability CybersecurityMission Area: ProtectionDescription: Protect (and if needed, restore) electronic communications systems, information, and services from damage, unauthorized use, and exploitation.Observations:

Core Capability Intelligence and Information SharingMission Areas: Prevention, ProtectionDescription: Provide timely, accurate, and actionable information resulting from the planning, direction, collection, exploitation, processing, analysis, production, dissemination, evaluation, and feedback of available information concerning physical and cyber-threats to the United States, its people, property, or interests; the development, proliferation, or use of WMDs; or any other matter bearing on U.S. national or homeland security by local, state, tribal, territorial, federal, and other stakeholders. Information sharing is the ability to exchange intelligence, information, data, or knowledge among government or private sector entities, as appropriate.Observations:

Core Capability Long-Term Vulnerability ReductionMission Area: MitigationDescription: Build and sustain resilient systems, communities, and critical infrastructure and key resources lifelines so as to reduce their vulnerability to natural, technological, and human-caused threats and hazards by lessening the likelihood, severity, and duration of the adverse consequences.

5

After-Action Summary Report Cybersecurity Seminar

Observations:

Core Capability Operational CommunicationsMission Area: ResponseDescription: Ensure the capacity for timely communications in support of security, situational awareness, and operations by any and all means available, among and between affected communities in the impact area and all response forces.Observations:

Core Capability Operational CoordinationMission Areas: AllDescription: Establish and maintain a unified and coordinated operational structure and process that appropriately integrates all critical stakeholders and supports the execution of core capabilities.Observations:

Core Capability PlanningMission Areas: AllDescription: Conduct a systematic process engaging the whole community as appropriate in the development of executable strategic, operational, and/or tactical-level approaches to meet defined objectives.Observations:

Core Capability Public Information and WarningMission Areas: AllDescription: Deliver coordinated, prompt, reliable, and actionable information to the whole community through the use of clear, consistent, accessible, and culturally and linguistically appropriate methods to effectively relay information regarding any threat or hazard, as well as the actions being taken and the assistance being made available, as appropriate.Observations:

6

After-Action Summary Report Cybersecurity Seminar

Core Capability Risk and Disaster Resilience AssessmentMission Area: MitigationDescription: Assess risk and disaster resilience so that decision makers, responders, and community members can take informed action to reduce their entity's risk and increase Observations:

Core Capability Risk Management for Protection Programs and ActivitiesMission Area: ProtectionDescription: Identify, assess, and prioritize risks to inform Protection activities, countermeasures, and investments.Observations:

Core Capability Situational AssessmentMission Area: ResponseDescription: Provide all decision makers with decision-relevant information regarding the nature and extent of the hazard, any cascading effects, and the status of the response.Observations:

Core Capability Threat and Hazard IdentificationMission Area: MitigationDescription: Identify the threats and hazards that occur in the geographic area; determine the frequency and magnitude; and incorporate this into analysis and planning processes so as to clearly understand the needs of a community or entity.Observations:

7

After-Action Summary Report Cybersecurity Seminar

8

After-Action Summary Report Cybersecurity Seminar

ConclusionInstructions: Delete this area after report is completed.Summarize the outcomes of the exercise. Did your discussion reveal shortfalls and if so, how will you address them. Describe the way forward: updating current plans or developing a new plan. Will you attend or offer training courses?

9

After-Action Summary Report Cybersecurity Seminar

Participant ListLocal, State, Federal Organizations

10