November 8, 2019


 ICC Office of Cybersecurity & Risk Management to Host Cyber, Communications, and Resiliency Joint Exercise

The ICC will host its 3rd annual Cyber, Communications and Resiliency Joint Exercise Tuesday, December 17 in Springfield. Dominic Saebeler, Director of the ICC Office of Cybersecurity & Risk Management, is designing and hosting the exercise and is looking for local exchange carriers to participate in this year’s exercise. Dominic was a speaker at the ITA Vendor Showcase in September.  Please address any questions or RSVP to [email protected] or contact Randy Nehrt at the ITA with any questions.

Invitation and Information Summary

When: December 17, 2019 (Est. 8:30am-5pm)

Where: Memorial Center for Learning and Innovation (228 W. Miller St. Springfield, Illinois).

Invitees: Investor-owned utilities (IOUs), cellular, ISP and telecom companies, municipal and co-operative utilities and associations, State (IEMA), Local and City EMS, 911 and other crisis response entities, representatives from critical healthcare sector. The Illinois National Guard and FBI were invited to participate and assist the cyber design team with strategy planning, day-of-event presentations and table-top-exercise (TTX) facilitation.

Food: The Memorial facility has food options available for on-site participants.

What: The 3rd annual Illinois Commerce Commission (ICC) - Office of Cybersecurity and Risk Management (C&RM) Cyber, Communications and Resiliency Joint Entity Exercise. The focus will continue to be on collaborative exchanges and discussions to test response and communication plans and approaches through use of a simulated cyber/weather series of disruptive events impacting operations at utilities and large customer environments. This combined education session and TTX will serve to bring together a number of utilities providing critical electric, gas, water and telecom services together with large, medium and small sized healthcare facilities.

Goal: Jointly address and work through response capabilities and communications challenges should some combination of the above entities experience coordinated, accidental, intentional or successively occurring cyber-attacks that are able to penetrate the operational (OT) environments of multiple entities that have critical co-dependencies. New – Only IOUs attended the first two exercises – in 2019 we invited the healthcare and public health sector (hospitals, clinics, etc.) to collaborate on optimal response planning and execution.

Learn: Those who are not cyber conversant will get a chance to better understand how cyber response teams address a cyber originated crisis and how recovery might be navigated. Cyber risk savvy participants will get a chance to work through some complex problems with peers who are also responsible for addressing challenging cyber issues. Communications and crisis response teams will work with peers and cyber focused teams to better understand handoffs/tradeoffs, impact points and areas where disjointed responses might occur.

Agenda: Is being finalized – High level current view: four Sessions (S1-S4) covering these general areas:

(S1) AM - A 1.5 to 2-hour focus on specifics of how a successful cyber intrusion into OT would play out in one or more simulated scenarios. How operations might be impacted and how the cyber teams actually triage such a scenario will be discussed and explained to the entire group during interactive session.

(S2) AM – A 1.5 to 2 hour focus on multiple communication dynamics – including how all of these entities might expect to, and how they actually will, interact with each other during response & recovery phase of this type of cyber event and who, where & how priorities might be determined & information flow handled during a complex disruptive environment.

(S3) PM – 2 hours of a role based working session. Participants will attend a facilitated break-out session for a deep dive with peers, in similar roles across entities, to work through simulated situation in a TTX consistent with the overall theme of the joint exercise.

(S4) PM – Hot wash and group discussion: lessons learned, surprises or unique outcomes and feedback from breakout groups. Ideas for future exercises will be discussed if time permits.


Specific Areas of Representation: The exercise is intended to facilitate both large group interactive sessions (morning S1 & S2) and role specific cross company TTX exercise work (afternoon). Each company is encouraged to have one or more participant, each of whom might fit into one of the below described groups. The exercise is designed to provide challenges to at least five (5) different general areas of a company’s response capabilities: 

1. Emergency Management/Crisis Response Team/Response Plan Execution and Management;

 2. Cyber Response and IT Systems (technical staff who are responsible for system integrity, defense and recovery);

 3. Engineering/System Operations/Operations Restoration (staff involved in recovery of impacted OT and physical systems); 

4. External (Internal) Corporate Communications (messaging/group coordination/information flow/press interaction); and 

5. Regulatory Affairs/Legal/Executive Decisions (key decisions/governmental relations/crisis determination/legal matters). 

Facilitation: The ICC C&RM (with assistance) will facilitate the exercise. Some participant entities may be involved in designing, editing and facilitating the prior to or the day of the event. 

Scenario: The specific scenario is under development and some more details will be provided soon. Some information will not be revealed until a few days before, and some information on the day of the exercise.   

Attendees: Each company should decide the right number of participants for this exercise. In the past participating IOUs brought staff from multiple areas of concentration. New entities (and attendees) are free to send a single representative, one from each group, some combination, or simply observers if appropriate.   

Healthcare and Public Health Sector Participants: This is an opportunity to assess levels of preparedness for handling a cyber based disruption to operations, while interacting with key providers of critical services who might also be impacted by the same or parallel events and to whom you may need to actively communicate.   

Energy and Utility Sector Participants: This is an opportunity for you to continue to evaluate and assess your own capabilities should your OT environment be compromised, while working and coordinating communication with some of your most critical customers who rely on your ability to be resilient in both traditional weather-created events but also in the face of a successful cyber-attack. This is an opportunity to collaborate with service providers of different sizes and different sub sectors (electric, gas, water and communications). 

Emergency Services Sector Participants: An opportunity to interact with both service providers and critical customers and assist in determining the specific roles, timing, jurisdictions and lines of communication.   

Please address any questions or RSVP to [email protected] or contact Randy Nehrt at the ITA with any questions.


Telecom Headlines

Statewide broadband access goal of 'Connect Illinois' (State Journal-Register)

FCC's Starks call for 10-year review of High-Cost Universal Service Fund (telecompetitor)

FCC adopts new testing procedures for rural broadband USF recipients (telecompetitor)

FCC releases order approving T-Mobile/Sprint merger, modifying Dish deadlines (FierceWireless)

Illinois Telecommunications Association

312 S. 4th Street, Suite 100

           Springfield, IL 62701             

 (217) 572-1262