CISA conducts tabletop exercises with the Chevron Salt Lake Refinery, other state and local partners

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) held tabletop exercises with the Chevron Salt Lake Refinery and other state and local partners to test plans for responding to a potential emergency at the refinery. The tabletop collaboration brought together operational leadership, security, and first responder teams from several groups in addition to CISA and Chevron.

More than 40 participants and observers participated in the tabletop exercises.

Critical infrastructure, which includes the industrial sector, government agencies, and commercial operations and systems, like refineries and communications, forms the backbone of the U.S. economy. The exercise, which was planned over the past two months, included several objectives related to response procedures at the refinery, including evacuation and shelter-in-place decision-making, roles and responsibilities during investigations, communication with first responders, and public messaging before and following an incident.

“CISA routinely partners with industry and government to plan and practice a wide range of possible scenarios,” Shawn Graff, CISA Regional Director for the Rocky Mountain region, said in a media statement. “Our goal with tabletop exercises is centered around uniting partners and stakeholders to practice how we as a community respond to an emergency. This is an important part of maintaining the security of our national infrastructure.”

“This type of training is a critical measure of how well we design and activate our emergency response and security plans. It evaluates our overall preparedness, highlighting both what we’ve done well and where we can do even better,” said Bryon Stock, general manager at Chevron Salt Lake Refinery. “We appreciate the opportunity to collaborate with national, regional and local leaders in public safety and security and to partner with CISA on this exercise.”

In addition, the security agency released the CISA Tabletop Exercise Package (CTEP), designed to assist critical infrastructure owners and operators in developing their own tabletop exercises to meet the specific needs of their facilities and stakeholders. CTEP allows users to leverage pre-built exercise templates and vetted scenarios to build tabletop exercises to assess, develop, and update information sharing processes, emergency plans, programs, policies, and procedures.

The CTEP allows users to leverage pre-built exercise templates and vetted scenarios to build tabletop exercises to assess, develop, and update information sharing processes, emergency plans, programs, policies, and procedures. This program provides exercise planners with tools, scenarios, question sets, and guidance in developing an interactive discussion-based exercise for their communities of interest. Each CTEP template can be customized and further developed to exercise and evaluate specific areas of concern for critical infrastructure owners and operators.

CTEP fosters effective partnership building through the development of improved information sharing and collaboration. In addition, CTEP enables the development of after-action reports that support mitigating risks while increasing the resilience of critical infrastructure.

CISA Director Jen Easterly said on Wednesday at the RE:WIRED conference held virtually that the agency is, “beefing up its disinformation and misinformation team in the wake of a divisive presidential election that saw a proliferation of misleading information online. I am actually going to grow and strengthen my misinformation and disinformation team,” The Hill reported.

“One could argue we’re in the business of critical infrastructure, and the most critical infrastructure is our cognitive infrastructure, so building that resilience to misinformation and disinformation, I think, is incredibly important,” Easterly added. “We are going to work with our partners in the private sector and throughout the rest of the government and at the department to continue to ensure that the American people have the facts that they need to help protect our critical infrastructure.”

Last week, the Department of Homeland Security published in the Federal Register a notice of the establishment of a new ‘Federal Advisory Committee,’ whose primary purpose will be to develop, at the request of the CISA Director, recommendations on matters related to the development, refinement, and implementation of policies, programs, planning, and training pertaining to the cybersecurity mission of the Agency. The CISA Cybersecurity Advisory Committee will operate in an advisory capacity only and is in the public interest.”

The CISA Cybersecurity Advisory Committee will terminate two years from the date of its establishment unless extended by the Secretary, the notice added.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.