1

Céline Pigot

Les notes σtratégiquesLes notes σtratégiques

Hugo LemarchandJulien LepotGuillaume Tissier

Les notes σtratégiques

Cyber training : a key eLement to imProve resiLienCe

2

3

Les notes stratégiques

Policy Papers – Research Papers

The views and opinions expressed in this document are those of the authors and do not necessarily represent the views of CEIS.

4

a ProPos de Ceis

CEIS is a strategy and risk-management consultancy firm. Our mission is to assist our clients in their development in France and

abroad and to contribute to protecting their interests. To that end, we systematically combine a forward-looking vision and an

operational approach, full understanding of useful information for decision-making and support to action.

5

Cyber training : a key eLement to imProve resiLienCee

Content .............................................................................................................................. 5

1. context ................................................................................................................................. 6

1.1 Towards the failure of conventional cybersecurity? ......................................................... 7

1.2 Increasingly heavy legal constraints ................................................................................ 7

1.3 The need to raise awareness and to prepare all stakeholders .......................................... 7

1.4 Serious consequences for company business .................................................................. 9

2. The challenges ..................................................................................................................... 10

2.1 Beyond the compliance stage ....................................................................................... 10

2.2 Ensuring the resilience of structures ............................................................................. 10

2.3 Mobilising top management ......................................................................................... 10

2.4 Reinforcing public-private cooperation and facilitating international cooperation ....... 10

3. Diverse needs .................................................................................................................... 11

3.1 Objectives ..................................................................................................................... 11

3.2 Levels ........................................................................................................................... 11

3.3 Themes ......................................................................................................................... 11

4. What training plan ? ............................................................................................................. 12

4.1 Technical simulation ...................................................................................................... 12

4.2 Role-playing .................................................................................................................. 14

4.3 What interactions between the two environments? ...................................................... 16

4.4 Gamification of the exercise .......................................................................................... 17

5. Examples of scenarios .......................................................................................................... 18

5.1 Scenario intended for government entities .................................................................... 18

5.2 Scenario for critical operators ...................................................................................... 19

5.3 Scenario for SME ........................................................................................................... 20

6. Why CEIS ? ........................................................................................................................... 22

6.1 A combination of three types of expertise ..................................................................... 22

6.2 Some CEIS references related to crisis exercises .......................................................... 22

6

1 http://hackmageddon.com/2013/12/30/2013-top-20-breaches/2 http://www.darkreading.com/attacks-breaches/chinese-apt-campaigns-may-be-more-connec/2401638583 http://www.net-security.org/secworld.php?id=158124 http://www.quocirca.com/media/reports/022013/798/EMC%20CRD%20February%202013%20final.pdf5 http://www.lemondeinformatique.fr/actualites/lire-attaques-ciblees-les-entreprises-europeennes-toujours-de-sarmees-52618.html6 http://2020.trendmicro.com/Project2020.pdf7 http://www.infodsi.com/articles/142875/couts-lies-violations-donnees-entreprises-francaises-elevent-2-86- millions-euros-incident.html

1. Context

1.1 towards the failure of conventional cybersecurity ?

All cybersecurity stakeholders agree that threats have changed: attacks are more numerous, more sophisticated and more targeted.

Analysis of the data collected during cyber-attacks reveals that hackers have significantly improved the efficiency of their tactics and often pool their resource2, which allows them to multiply their operations and better conceal their identities3.

There is no longer a typical profile for potential targets. At the beginning of 2013, a cybersecurity study undertaken with major European companies4 showed that 72 % of the 300 companies surveyed in the United Kingdom, France and Germany had already been targeted by attacks.

Beyond highlighting the vulnerability of businesses, the report showed that their protection systems were not adapted to the profiles of attack5 : almost half of the businesses stated that they had not rolled out or tested security solutions to detect and curb attacks. These targeted attacks should increase exponentially as they are rather simple to implement and above all very effective, as emphasised by the International Cyber Security Protection Alliance6.

The changing nature of threats therefore involves rethinking cybersecurity. Traditional methods (anti-malware, firewalls) and a technical approach are no longer sufficient. To develop the resilience of organisations, we now need a comprehensive approach, combining risk analysis, security technologies and preparation of teams.

Cybersecurity training is therefore an essential element of any security posture, even more so given that although malicious and criminal attacks remain the first cause of data breaches in France (42 % of cases), they are immediately followed by human error7.

Faced with cybersecurity challenges, governments, administrative authorities and large groups, but also SME, need to develop a security posture combining prevention, protection, detection and reaction. Traditional measures (audit, certification or implementation of security solutions) are no longer enough: not only has the threat evolved, but new obligations, in particular in the legal domain, as well as new uses, such as recurrent use of social networks by employees, have arisen.

There were many IT-related incidents in 2013, concerning companies or States1 :

- Ubisoft: 58 million user accounts hacked (names, e-mail addresses, passwords);

- Adobe: the passwords of 38 million users were stolen;

- LivingSocial : 50 million client account passwords were compromised;

- Turkey: data concerning the identity of 54 million Turkish citizens were stolen by Russian hackers;

- South Korea : personal information concerning 2 million people was made public by an anonymous group of hackers.

7

8 Applied to the turnover of Microsoft, this fine could reach 1.8 billion dollars.

1.2 increasingly heavy legal constraints

1.3 the need to raise awareness and to prepare all stakeholders

A stricter legal and regulatory environment also calls for development of “cyber” training.

The draft European regulation on protection of personal data intends to impose more obligations on entities processing person data and to increase their liability.

The main consequence is the obligation for companies to inform the national supervisory authority in the country where they do business of serious breaches of personal data within the shortest possible time frame.

Although they are unrelated to the potential financial impact of data leaks or thefts, these new obligations give rise to substantial costs for companies in terms of compliance, as well as to tough sanctions, given that fines can reach up to 1 million Euros or 2% of turnover8.

Insurance companies and brokers are developing new offers combining technical expertise and insurance to allow companies to insure their cyber risks.

This therefore presupposes that the organisation undertakes a risk assessment and implements a risk management and prevention plan. There again, “cyber” training can play an essential role, to allow the company to better comply with future legal obligations and reduce the cost of the insurance policy.

Cybersecurity is inherently a cross-functional issue, at two levels. First between business sectors : an incident impacting a specific sector can have immediate repercussions on all other sectors owing to interdependency of many activities.

And secondly within a company : the issue goes way beyond the teams in charge of designing and operating the information system and directly concerns the business units, where business continuity could be jeopardised.

Organising joint training, for example in the form of regular crisis exercises, is also essential to raise awareness among the stakeholders concerned but also their capacity to react with consistency and coordination faced with a security incident.

That is why the European Commission has committed itself to a programme involving regular exercises. At the national level, France is doing the same with the Piranet exercise.

In keeping with the spirit of the 2008 and 2013 white papers on defence and national security, the State is therefore training to be able to confront a major crisis situation affecting information systems that are essential for the functioning of the nation. The objective is to validate management of failures in telecommunication networks and information systems, but also to assess the capacity of the State to take the necessary measures in a situation calling for a quick and strong response.

8

9 Role-playing system dedicated to training designed and developed by CEIS

Contribution by country :

Case study : the EuroCybex exercise

In the framework of the CIPS European Programme (protection of critical infrastructures) CEIS moderated the EuroCybex project which gave rise to a European exercise in September 2011.

The project partners were the French Network and Information Security Agency (ANSSI, France), the Centro Nacional para la Proteccion de las Infraestructuras Criticas (CNPIC, Spain), the Theodore Puskas Foundation (CERT, Hungary), the Ministry of Economy, Industry and Employment (France), Ingenieria de Systemas para la Defensa de Espana (ISFEDE, Spain). ENISA and DG INFSO of the European Commission also supported the project and participated in the Scientific Committee.

Based on the CRITIS role-playing platform9, the objective of the exercise was to test and improve communication and crisis management procedures.

The scenario simulated simulated multiple targeted attacks leading to publication of many sensitive documents on the web.

Eurocybex facts and figures :- Project duration : 18 months ;- 1-day exercise including briefings ;- 4 participating national agencies: France, Austria, Germany, Hungary ;- 50 players connected to the exercise platform ;- 20 observer states ;- 20 simulated events ;- Budget : 200,000 Euros.

A public version of the report is available at the following address : http://www.ceis.eu/en/system/files/pictures/eurocybex_-report_light-final.pdf

9

10 In 2010, 30,000 computers in the Aramco oil group, based in Saudi Arabia, were targeted by a cyber-attack undertaken by hacktivists from the group Cutting Sword of Justice11 http://www.infodsi.com/articles/142875/couts-lies-violations-donnees-entreprises-francaises-elevent-2-86-millions-euros-incident.html12 http://technologies.lesechos.fr/transformation-digitale/infographie-cybersecurite-les-plus-grandes-at-taques-informatiques-de-l-histoire_a-37-874.html

1.4 serious consequences for company business

The consequences of an IT incident, whether a cyber-attack or an accident, can have serious repercussions for businesses in the short and medium term :

- Undermining information assets, such as the theft of information from thousands of player accounts on the Sony Playstation platform;

- Destruction or at least paralysis of the production facility, such as the incident that affected the Aramco oil company10.

Companies therefore need to protect their information assets (client and supplier data, know-how, patents, etc.) and their production facilities not only for themselves, but also for their partners in order to maintain a trust relationship in business.

According to a recent study11, the cost of data breaches increased in 2012 to reach € 2.86 million versus 2.55 million in 2011, which represents an average cost per compromised record of € 127 in 2012, versus € 122 in 2011, i.e. a 4.1% increase. Loss of business or contracts due to attacks therefore represents a cost assessed at € 780,000 to € 1,190,00012 per company in France.

today the issue is no longer to contemplate the probability of an attack, but to identify when it will occur. Companies therefore need to be ready to face attacks by implementing a response and business continuity plan and keeping it operational. In this framework, cybersecurity training is an essential condition for the resilience of organisations.

10

2. the ChaLLengestoday, many companies have a security and crisis management strategy, generally supported by several implementation tools. the aim of organising training and crisis exercises is to test the strategy and check its effectiveness and relevance. training is the only way to confront security plans and procedures with the realities the company will encounter. But beyond testing, exercises also make it possible to adjust the role of each participant in incident management.

The objective of training is to go beyond the stage of mere compliance with security standards to strive to reach the best possible operational level. Generally speaking, the existence of resources and procedures is by no means a guarantee of security if it is not supported by preparation in conditions close to reality. Only this type of preparation, repeated regularly, makes it possible to achieve a genuine operational capacity. The operational capacity of a company is a prerequisite for an effective response when confronted with a crisis or tension situation.

Exercises are an excellent way to reinforce cohesion of teams and public-private cooperation, which is one of the key conditions for an effective response in the event of a serious IT attack.At the international level, exercises involving several countries like the EuroCybex exercise mentioned above are an excellent way to foster international cooperation in the field of cybersecurity and the fight to tackle cybercrime.

2.1 beyond the compliance stage

2.4 reinforcing public-private cooperation and facilitating international cooperation

2.2 ensuring the resilience of structures

2.3 mobilising top management

The resilience of the information system of a company is not restricted to a technical approach with installation of security systems (firewall, antivirus, probes, etc.) and certification of the system. The human factor must obviously be taken into account.

Beyond optimising the capacity of a company to react when faced with a crisis, a crisis exercise makes it possible to give each person within the company a specific role and to ensure that the person is capable of fulfilling that role. By testing the material and human capacities of a company in the event of a cyber-crisis, the resilience of the company is assessed.

The exercise also makes it possible to ensure proper compliance of the company with the imposed technical and legal standards, in particular those related to protection of personal data.

The security of the information system is not only the responsibility of the Chief Information Security Officer (CISO) or of the Information Systems Division (ISD): the security policy serves no purpose if no-one else in the company applies it. It is therefore indispensable to ensure that top management is involved in order to reconcile the needs of business units with the security requirements imposed by the information system.

From that viewpoint, exercises are an excellent way to increase top management awareness. They make it possible to concretely illustrate risks and their potential consequences before an actual incident occurs.

11

3. diverse needs

Cyber training makes it possible to address different case scenarios. Before presenting the solutions to be implemented, it is therefore useful to provide a quick overview of needs.

Training can address several objectives :

- Awareness of cyber risks. This short training makes it possible to concretely illustrate threats, in particular for strategic levels.

- Training of technical teams, for example within a Security Operation Centre. This presupposes relying on a computer simulation environment reflecting the real situation to avoid any risk of incorrect operations;

- Assessment of the security and crisis management tool. The objective here is to test the entire chain which involves including operational teams in the training, as well as business unit management and top management. The system can be assessed for all or part of its capacities : protection, prevention, anticipation, detection, response, internal and external communication etc.

3.1 objectives

3.2 Levels

3.3 themes

To cater to these needs, there are three levels of training :

- Technical training. These sessions can be organised in the framework of initial or ongoing training ;

- Strategic training. The duration of the exercises depends on their objective. For awareness sessions, the training should be short (less than a day). To ensure that the exercise reflects actual conditions, these exercises need to include a technical game, for example in the form of technical demonstrations spread out over the exercise. A significant part of the time can be devoted to discussion and reflection ;

- Mixed training sessions bringing together technical and non-technical trainees. The challenge is to test the interactions between the two levels.

Depending on the objectives and level of training, the next step is to define a theme for the exercise using a realistic scenario combining the following aspects, partially or totally depending on the focus chosen :

- A strategic context (origin of the threat, stakeholders involved etc.) ;

- Technical factors (type of attack, system targeted etc.) ;

- “Business” events (consequences of the cyber-attack on the activities of the organisation, processes affected etc.) ;

- Socio-political factors (reactions from civil society, interactions with other business sectors, exchanges with the public sphere etc.).

12

4. What training PLan ?

A “cyber” training centre requires two types of environment :

- A technical simulation environment ;

- A role-playing environment.

these two environments must remain separate and must be able to be used together or separately.

The technical simulation environment is based on a digital “sandpit” offering the following capacities, in particular :

- Virtualisation of work stations and servers ;

- Virtualisation of the network layer (links and equipment) ;

- Creation (with assistance) of technical scenarios ;

- Generating traffic.

In the framework of a training centre, all or part of the information system of the organisation can be modelled, which then makes it possible to undertake all the operations without risk, both for attack and for defence.

Two game modes are therefore possible :

- A “blue” mode in which the players (blue team) defend themselves from an attack or events steered by the moderating team ;

- A “red” mode in which players are broken down into two teams: a red team playing the attack role and a blue team playing the defence role.

Above and beyond training, this type of platform makes it possible to prototype networks and systems and to do tests without impacting the real environment, which is an essential advantage in the framework of complex infrastructures with major constraints in terms of availability.

4.1 technical simulation

13

Hynesim, a hybrid simulation platform

Hynesim is a computer simulation platform developed by the company Diateam13.

The platform models the system layer but also the network layer in order to obtain the most complete representation of reality possible. It is referred to as “hybrid” because it makes it possible to connect real equipment to the simulated network.

Thanks to its realistic and immersive interface, Hynesim allows the following, in particular :

- Real experimentation on a virtual infrastructure ;

- Education and training in design of system architectures ;

- Cybersecurity training and awareness ;

- Analysis of threats using hybrid “honeypots” ;

- Testing and prototyping of new architectures ;

From the real infrastructure…

13 http://www.diateam.net/

14

… to the modelled infrastructure

Alongside technical simulation, a training system must also include a “role-playing” component to reproduce human interactions and allow the exercise to take place, in particular from a strategic viewpoint. Each participant in the exercise therefore has a real or simulated role and is part of a hierarchical and functional organisation.

The role-playing environment facilitates preparation of scenarios, organisation of exercises and post-exercise analysis, while developing player immersion in the scenario. The exercise can then take place in “bubble” mode without any outside communication using the communication functions offered by the platform, or in “real” mode injecting game events and exchanges among players on real information and communication systems. One must, however, bear in mind all the risks that the second option could involve : by mistake, a large French company published a press release announcing a major disaster on its website for a few minutes...

4.1 role-playing

15

Critis, a role-playing system dedicated to training

CRITIS is an original CEIS design and development, created to cater to the needs of the French Defence Procurement Agency (DGA). It is a mature and stable IT role-playing platform dedicated to crisis exercises. It is simple, convivial and perfectly mastered by the coordination teams.

This role-playing environment reproduces a virtual situation centre and offers the following features, among others :

- Management of complex scenarios ;

- Media and societal pressure ;

- “High” and “low” coordination ;

- Intelligence and situational awareness ;

- Log entry ;

- Communication among participants (message service, chat…) ;

- All exchanges among participants are recorded for the post-exercise analysis ;

- A dedicated interface for observers ;

- Management of assessment questionnaires.

CRITIS uses 100% web technologies and is therefore very easy to roll out. It makes it possible to organise an exercise with players in the same location or in different locations.

In France, CRITIS is used by the French National Institute for Advanced Studies in Security and Justice (INHESJ) and by the National School of Administration (ENA), but also by CEIS to prepare and moderate public and private crisis exercises.

From creation to management of scenarios…

16

… to coordination of exercises (player interface)

The two environments must be able to function totally autonomously, but it must also be possible to use them simultaneously in the framework of comprehensive exercises.

Examples of interactions between the technical game and the strategic game in the framework of a DDOS attack scenario

4.2 What interactions between the two environments?

17

One of the keys to success of an exercise is gamification. The cybersecurity exercise must encourage participants to get involved in order to maximise acquisition of skills of knowledge.

To that end, two indicators, in the form of scores, can be included in the exercise :

The cybersecurity level, awarded on a standard basis to each person at the beginning of the exercise, drops if players adopt high-risk behaviour and rises if they behave well. An information capital which varies depending on the line of business of the company concerned.

The exercise can therefore be broken down into several phases, with an increasing feeling of immersion for participants who aim to finish the exercise with the highest possible score :

Phase 1 : Anticipation

The first anticipation phase has several objectives :

- Assess the actual level of cybersecurity of the company (audit)

- Raise participant awareness of cyber risks through a common core of knowledge

- Explain how the exercise works and how the indicators allocated are managed

- Organise the different working groups

- Implement monitoring tools during the exercise.

Phase 2 : Preparation

The objective of the second phase is to allow participants to access the practical phase of the exercise gradually by developing the right reflexes and effective communication. To that end, several education tools can be used :

- Collecting cybersecurity points

- Teamwork

- Appointing a leader who coordinates the action of the working group

- Awarding random prizes throughout the exercise

Phase 3 : Implementation

The objective of the last phase is to simulate a crisis on a larger scale and creation of a crisis unit. The company must then react as fast as possible to limit losses and recover its full capacity to operate.

Here again, education tools can be used :

- The hero : this mechanism awards prizes to the most efficient working group or individual

- Ranking : each working group finishes with a result which can be compared to that of other participants.

4.3 gamification of the exercise

18

5. examPLes of sCenarios

Irrespective of the objective, target and theme of the exercise, it must allow assessment of all or part of the following points :

This scenario is based on a humanitarian crisis taking into account the geostrategic aspects of the current global context. Above and beyond technical aspects, it makes it possible to work on all the aspects of crisis management on a large scale.

Scenario

Following a power struggle between two ethnic groups in country (A), the victorious ethnic minority has pushed the other ethnic group to flee massively to a neighbouring country (B).

The creation of refugee camps has alerted part of the international community and has given rise to creation of a humanitarian mission.

Country (B) has asked one of its oldest allies (C) to help it implement a communication network in order to coordinate NGO action and facilitate external communication with a view to raising awareness of the humanitarian crisis in the international community.

But country A does not welcome creation of refugee camps along its borders, given that it hopes to become a regional leader and therefore does not want negative publicity or an unstable southern border. This desire to be internationally recognised prevents country A from taking military action in the region. As it is very advanced technologically, it could use its cyber superiority to reach its objectives indirectly. Moreover, extremists in country A have created a group of hackers, who attack websites supporting the refugee cause.

The government of country B has decided to massively install fibre optics in the country in order to boost its economy. The population therefore benefits from a high rate of internet penetration, but is also confronted with increasing cybercrime. The authorities of the country have very limited control mechanisms and have not created a CERT.

Country C has a cyber-cooperation policy with country B, and helps country B create a first cyber Rapid Response Unit.

5.1 scenario intended for government entities

19

This scenario takes into account the constraints and requirements imposed on entities which have critical operator status. The scenario makes it possible to raise awareness of top management but also of all company staff in conditions as close as possible to reality.

Scénario

The company VITALIS is a critical operator which recently diversified its business to include a broad range of services beyond its core business. Although the core network is not connected to the internet in compliance with the recommendations of the national security agency, the other computers in the company are connected to the internet.

VITALIS recently allowed its staff to have access to social networks using their work stations and to mention their job in the company in the framework of a transparency policy. Although the top management team is aware of the critical operator status of the company, it is not very aware of cyber risks. The same applies to the staff.

Many computers are infected by malicious software which gradually spreads to the entire information system.

The malicious software acts in three different ways :

- Exfiltration and later destruction of sensitive data of the company

- Staff held to ransom

- Theft of personal identifiers

5.2 scenario for critical operators

Progress of operations

The exercise can be organised in several phases that can be modulated depending on requirements and on the context in which it is organised :

- Several attacks and creation of a network of machines infected by the extremists

- Activation of a malicious code and beginning of sabotage operations against sites in the target country and its allies

- Disinformation campaign and launch of an APT

Objectives of the exercise

Given that the exercise is intended for staff training, training objectives have been identified :

- Awareness of the different forms of attacks that exist and of their level of severity

- Knowledge of the basic computer hygiene rules

- Ability to detect weak signals

- Ability to react quickly with the right behaviour

- Ability to communicate about attacks due to interconnection of networks

- Awareness of C2LID functioning

20

All these activities slow down the internal network. At the same time, the company website becomes unavailable. Top management is informed but is slow to respond. The ISD is increasingly unable to deal with the problems caused by the malicious software. The issue of disconnecting the internal company network from the internet is raised, in order to resolve the crisis and limit data destruction. The seriousness of the crisis increases when the company realises that the malicious software was in fact hiding the activity of another malware, which is much more sophisticated, with higher destructive potential.

The core network, although it is not connected to the internet, is infected by the second malicious software and starts malfunctioning seriously.

Although many workstations are destroyed, the critical points of the company are only briefly affected. The company will however have to rebuild its networks after the attack.

Objectives of the exercise

This exercise has several objectives :

- Raise awareness and train critical operator staff

- Test the crisis management plan created by the company

- Assess the level of preparation of participants

- Highlight the weak points of the critical operator

Embaltex, a mid-cap company specialised in plastic packaging for beauty products and cosmetics, with a few high-tech products such as mini-pumps for bottles, is hit by a cyber-attack which negatively impacts its production facility.

ScénarioTechnical scenario

The Embaltex information system is targeted by an attack impacting the industrial information system, the in-house office automation system and the company website (hosted by a provider) which is defaced. The company discovers that the attack against the industrial system went through an external gateway used for maintenance operations which had kept its default identifiers.

Socio-political scenario

A consumer whose face was burned by an Embaltex product discovers a potentially harmful overdose in a bottle of sun cream. Responsibility for the attack is claimed by an anti-vivisection group (the “Enraged”) by defacing the company website, although no-one knows at the outset if the claim is serious or not.

Media scenario

The overdose is front-page news in the press. This compels the company to recall all similar products on the market and to undertake all the necessary checks in-house. A France 3 report interviews a trade union delegate who explains that the incident is undoubtedly due to recent staffing reductions. Subsequently, the results of the internal investigation showing that the system was hacked are leaked to the press. This compels the company to communicate on this topic. Consumer blogs are full of scaremongering rumours.

5.3 scénario à destination des Pme

21

Progress of operations

The exercise is organised in different phases in order to assess various capacities :

- Detection and assessment of the situation : what is the impact of the attack? What are the potential consequences? Which services should be contacted?

- Analysis and investigations : what is the modus operandi? Who caused the attack?

- Crisis communication : how should the company communicate internally and externally in this type of situation? Who are the targets (press, social networks…)?

- Feedback and improvement: what should be done to avoid this type of attack in the future, or to prepare an appropriate response?

Objectives of the exercise

The objective of the exercise is to raise player awareness of the following issues :

- The issue of SCADA networks can affect all industry players, not only critical operators

- Network segmentation is an essential security element

- Hosting provider contracts must be carefully prepared and monitored (guaranteed restoration, security plans…)

- Risk mapping (threats and vulnerabilities) is indispensable to identify sensitive issues and implement prevention and protection plans

- From a technical viewpoint, security is based on different types of equipment, but suitable processes (log management…) and organisation must also be implemented

22

6. Why Ceis?

Société de conseil en stratégie et en management des risques, CeIS a développé depuis 10 ans une expertise particulière en matière de formation et d’entrainement à la gestion de crise « cyber ».

Our expertise is based on a combination of three types of know-how :

- “Cybersecurity” expertise : CEIS undertakes audit and consultancy assignments in information security and conducts risk assessments;

- Crisis management expertise : CEIS designs, implements and moderates risk and crisis management plans for its clients ;

- Acknowledged experience in engineering of “exercises and training” : CEIS prepares and moderates crisis exercises on diverse themes (cybersecurity, business continuity, civil security…).

6.1 a combination of three types of expertise

The objectives of the exercises organised by CEIS are the following :

- Initial or ongoing training ;

- Initial assessment of a crisis management system ;

- Brainstorming and risk analysis ;

- Maintaining a crisis management system in operational condition.

- Organisation of one of the first European crisis exercises in the field of cybersecurity (Eurocybex).

- Preparation of many socio-political scenarios for major crisis exercises (SGDSN).

- CRITIS role-playing platform supplied to the INHESJ (Ministry of the Interior).

- Preparation and moderation of a “White Plan” crisis exercise for a hospital in the Paris region.

- Creation of civil security crisis scenarios for the INHESJ (Ministry of the Interior).

- Creation of a role-playing simulation demonstrator dedicated to NRBC crisis management for the French Defence Procurement Agency (DGA).

6.2 some Ceis references related to crisis exercises

23

24

Déjà parus :

Cybersécurité des pays émergents - Etat des lieux. Janvier 2014

Monnaies virtuelles et cybercriminalité - Etat des lieux et perspectives Janvier 2014

De l’Union douanière à l’Union eurasiatique – Etat et perspectives d’intégration dans l’espace post-soviétique. Octobre 2013

Une nouvelle approche du terrorisme – Mieux comprendre le profil des groupes terroristes et de leurs membres. Mai 2013 – English version available

La coopération technologique et industrielle de défense et sécurité

du Brésil – Un instantané, côté Sud. Mai 2013

Le financement de la R&D de défense par l’Union européenne. Avril 2013

Les drones et la puissance aérienne future. Février 2013

Nouvelles guerres de l’information : le cas de la Syrie. Novembre 2012

Ariane et l’avenir des lancements spatiaux européens. Août 2012

Compagnie Européenne d’Intelligence Stratégique (CEIS)

Société Anonyme au capital de 150 510 € - SIRET : 414 881 821 00022 – APE : 741 G

280 boulevard Saint Germain – 75007 ParisTél. : 01 45 55 00 20 – Fax : 01 45 55 00 60

Tous droits réservés

www.ceis.eu