Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

This section specifically addresses city executives: decision-makers whose role includes responsibility for public safety. Its role is to explain the potential advantages of adopting advanced technologies, such as IMPETUS to help improve public safety.

Compared to the Operations Practitioners Guide, this Summary is not restricted to the SOC Operation, but covers the motivation and preparation of the Secure City at large.

NOT FINALIZED

Building up a Resilient City

Increased security is one of the main aspects of the quality of life in the more and more complex city environment. To achieve this, the smooth integration of technologies and processes at all levels is necessary.

While the smaller incidents may be handled under control of SOCs and associated services, major events affect the whole structure of the city, its management, services and citizens. Their interaction need to be managed and communicated across the organisational structures. The SOC will be a centre of communication, monitoring, information sharing and coordination of activities. But the key decisions are being made by executives as they may affect the citizens and properties, the spending of abnormal resources, the limitation of standard city life, personal freedom and subsequent economical losses.

The implementation of a resilience strategy for the city as whole and the associated tactics may be outlined through several key documents:

Capstone: single publication specifying an organisation (here, the city), its legitimate mandate, ethos and key orientation expressed through, e.g., vision, mission, and values.

Fundamentals: principle-based detail about the organisations major function. E.g., the AIIMS (REF) manual offers a principles-based doctrine for organisations which have emergency management functions

Procedural: Detailed descriptions for executing tasks and actions, e.g., Standard Operating Procedures (SOP) and Standard Operating Guidelines (SOG).

Technical: application of knowledge for discrete actions or tasks e.g.  operating instructions, AIIMS  Aide- memoirs and checklists. (Check if these are good examples)

A key aspect of resilieney building also for cities is an evaluation. This can be done by various kind of audits and tests. The testing should be executed in alignment with education and training of personnel.

Stress Tests as a Tool to Build Preparedness

The purpose of this guidance is to provide city management with a guide for building a sustainable process to build and maintain the preparedness to cope with crisis situations, utilizing various types of exercises. The exercises use various types of scenarios that test not only the robustness of the city and its systems, but also its readiness to deal with unexpected situations. These include both a review of staffing, the capabilities of people in various key and decision-making roles and their ability to respond to unforeseen events, and a review of the actual resources needed to deal with different situations.

These exercises should be prepared and conducted in accordance with ISO 22398 - Societal Security - Guidelines for Exercises and therefore be conducted in such a way that the results can be measured and evaluated.

The form of exercises may be basically

  • Tabletop

  • Functional

  • Combined

Tabletop Exercises

Participants in the tabletop exercises, walk through the procedures without any actual operations occurring. Tabletop exercises are the most basic and least costly and should be conducted before performing a functional exercise. It is designed to test the knowledge and awareness of the teams and to ensure that participants are aware of their roles and participation in the processes to react properly to the crisis situation. A written test can be a useful component of the tabletop exercise allowing the Test Leader to obtain information from geographically and organisationally diverse groups.

Similar, and preferably aligned, tabletop tests may be executed at the SOC level, to build robustness and resilience at the SOC level (see Potentials for Enhanced Operation ).

Functional Exercises

Functional exercises are more extensive than tabletops, requiring an event to be really played. Functional exercises include simulations and “war-gaming”. Often, scripts are written out for role players pretending to be external organisation contacts, or there may be actual inter-agency and vendor/service provider participation.

Combined exercises

This is the most complex, most costly, but most telling and most beneficial kind of exercise.

Example of practical application: Using IMPETUS in preparation and execution of practical exercises

The IMPETUS platform and tools are excellent means not only for daily operations and solutions at SOC level, but can also be instrumental for exercises that aims at keeping the city as a whole aware and ready to act in in the event of an exceptional situation. 

Pre-accident awareness

The detection tools, (especially CTI, CTM, PTI) can help to speed-up the threat-awareness process. The pre-accident awareness is an important factor, allowing to Increase vigilance and mobilise the protection system to prevent or nip a potential crisis in the bud, or to prevent its escalation and enable recovery and return to normal operations as quickly as possible.

Fast targeted communication

The IMPETUS Platform messaging system may be extended to reach other organizations linked to the City operations. They may be engaged to attend the exercise mainly for the purpose to understand the processes running to assure the business continuity and to keep them aware of possible signals, situations and acts which may arise during the crisis.

Public communication, PR

Communication with the public is extremely important in crisis situations. It should be conducted in conjunction with City staff. It is a good practice to involve important media as part of the exercise scenario, to practice communicating with the public during the exercise, and to evaluate the impact of that communication on the public. It is worth engaging sociological survey providers to assess the accuracy, effectiveness, and potential of this public communication. These results are an important part of the preparedness assessment.

Improved synergy and efficiency

Ways to improve the synergy of various bodies responsible for prevention and emergency management (police, ambulance, firemen, cyber-sec, traffic management, power, heating, logistics, hospitals, schools, …..).

This type of exercises will be ideal contexts also for building robustness and resilience at the SOC level, as recommended in Potentials for Enhanced Operation of the SOC.

Building Scenarios for the City as a whole

Although IMPETUS is primarily focused on cybersecurity, the scenarios for verifying and demonstrating a city's preparedness should be extended to other areas. The goal is to test the city's resilience in a manner as close as possible to a potential real-world situation. Therefore, situations such as blackout, flood, earthquake, epidemic or similar should also be practiced. This is also due to the fact that often there is a synergy of crisis phenomena (looting and social disorder during a flood, protests during a blackout and non-functioning of supply ...).
More complex scenarios will allow to better assess the resilience of the city as a whole and provide incentives for improving the robustness of security measures. Details of resilience and robustness you find here.

Modelling and simulation

During the preparation of the exercise and during its execution, it is advisable to use simulation tools that can provide appropriate impulses for the possible development of the situation. These are, for example, simulators for evacuation of public spaces (one such tool - Evacuation Optimizer is part of the IMPETUS equipment), simulations of evacuation of closed spaces (buildings, tunnels), simulations of the spread of hazardous substances (CFD - computational fluid dynamics) - fires, chemical attacks, flood simulations, etc. The use of such tools will make the estimation of possible developments more accurate - both in the framework of exercises and in a possible crisis situation.
In this context, these models will then help in optimising the design of new buildings, creating crisis plans for existing buildings, etc. The latest modelling systems work with space descriptions in the BIM (Building Information Modelling) standard, which makes it possible to speed up the start of modelling of a given building.

Real events/attacks simulation

When planning an exercise, it is advisable to include "classified" parts in the scenario that are not known to the participants in advance. These are not only hidden points of the exercise, but also some activities for which the participants are not prepared. For example, a not announced real attack on an information system (de-facto penetration test) can be inserted into a civil riots exercise, which serves mainly to determine how real the warning signals penetrate to the crisis staff and whether, for example, it will not remain only an attempt to quickly solve the problem at the IT level.

Evaluation – calibrated evaluators

It is very difficult to assess the real preparedness of the city for crisis situations. An exact measurement of anything is almost impossible and most of the time the result depends on subjective assessment by qualified persons. In order to compare the results of different exercises over time, or to compare different cities with each other, a common metric needs to be established and a team of calibrated assessors needs to be created.
The metric can usually be simple - a multi-stage assessment of the execution of scenario steps or the quality of decisions.
In order to apply the metric, it is necessary to train evaluators who have sufficient knowledge and experience in the field and, in addition, are "calibrated" so that the variance of their ratings is not too large. This can be achieved through years of practice.
This process works quite well, for example, in emergency services exercises, trauma plan reviews or fire response. For complex scenarios in smart cities, there is the potential of creating such a team in the future, for example within COSSEC.

Exercise results - follow-up measures – Robustness vs Resilience

The distinction between robustness and resilience (see Robustness vs Resilience ) applies for the city as well for the SOC (as described in Potentials for Enhanced Operation for the SOC).

The scenarios for city level exercises should as far as possible be commensurable with the Regular, Anticipated and Surprise scenario types (see scenario building) applied in SOC training and exercises

  • No labels