Incident Response Tabletop Exercise for TTEC Trinidad and Tobago Electricity Commission
Sign inUSAID
The Incident Response Tabletop Exercise, conducted under the Strengthening Utilities and Promoting Energy Reform (SUPER) Task Order, aimed to strengthen the incident response capabilities of energy and utility entities.
2024 · 52 pages

Abstract
The exercise was designed to identify strengths and weaknesses within an organization's Incident Response Plan (IRP), processes, and procedures. By simulating a real-life scenario, the exercise aimed to promote changes in attitude and perceptions, enhance overall cyber response posture, strengthen critical thinking, and increase decision-making capabilities during and after an incident. The exercise was guided by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which consists of five functions: Identify, Protect, Detect, Respond, and Recover. The Identify Function assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. This includes identifying physical and software assets, the environment supported by the organization, cybersecurity policies, asset vulnerabilities, threats, and risk response activities. The Protect Function outlines appropriate safeguards to ensure delivery of critical infrastructure services. This includes protections for identity management and access control, empowering staff through awareness and training, establishing data security protection, implementing information protection processes and procedures, protecting organizational resources through maintenance, and managing protective technology. The exercise aimed to evaluate the organization's incident response readiness and identify potential gap areas, using the Distributed Energy Resource Cybersecurity Framework (DERCF) tool and the Cybersecurity Capability Maturity Model (C2M2) to assess and optimize security investments. The goal of the exercise was to achieve MIL 1, which represents basic cybersecurity activities such as strengthening Asset, Change, and Configuration Management, Threat and Vulnerability, Risk Management, etc. The exercise was conducted in an open, no-fault environment, with varying viewpoints expected, and decisions not considered precedent setting. The scenario provided served as the basis for discussion, and participants were encouraged to present multiple options and possible solutions to resolve or mitigate a problem. The exercise was designed to promote changes in attitude and perceptions, enhance overall cyber response posture, strengthen critical thinking, and increase decision-making capabilities during and after an incident. By evaluating the organization's incident response readiness and identifying potential gap areas, the exercise aimed to strengthen the organization's incident response capabilities and minimize losses, mitigate exploited vulnerabilities, restore services and processes, and reduce the risks that future incidents pose.
Connected topics
Classification
USAID DEC