Exercise Report: SAFE Cyber 2019
Publish date: 2020-01-30
Report number: FOI-R--4885--SE
Pages: 66
Written in: Swedish
Keywords:
- Cyber defence exercise
- Cyber security exercise
- Discussionbased exercise
- CDX
- TTX
Abstract
This report describes how cyber defence exercises are planned and conducted both from a general perspective and from the perspective of FOI. Furthermore, the report describes planning, development, execution, evaluation and experience from the SAFE Cyber 2019 exercise. SAFE Cyber 2019 was an exercise conducted by the Swedish Armed Forces in conjunction with FOI. The exercise was aimed at Swedish authorities with responsibility for cyber security, as well as authorities and companies with a connection to the Swedish Armed Forces. The purpose of the exercise was to give incident management practice to the participants in the event of computer and network operations against Sweden. The exercise was comprised of two different parts: a technical cyber defence exercise (CDX) and a discussion-based exercise (TTX). In total, 60 individuals from 21 different organisations related to the Swedish Armed Forces participated in the exercise. The report shows that planning and conducting exercises comprised of two different interacting exercise types is a complex process. However, SAFE Cyber 2019 does show that it is possible to combine a technical simulation exercise with a discussion-based exercise in a way that creates value for participants, as well as customers and the exercise management team. At the same time, the results show that there is potential for improvement regarding the interaction between the exercise types in order to create even greater value for everyone involved in future exercises. Based on the knowledge gained in this report the most important aspects for planning and conducting successful joint CDX and TTX exercises in the future are planning the aims and goals of the exercise, an experienced planning team and flexibility to handle issues as they arise.