U.S Code last checked for updates: Nov 22, 2024
§ 665h.
National Cyber Exercise Program
(a)
Establishment of program
(1)
In general
(2)
Requirements
(A)
In general
The Exercise Program shall be—
(i)
based on current risk assessments, including credible threats, vulnerabilities, and consequences;
(ii)
designed, to the extent practicable, to simulate the partial or complete incapacitation of a government or critical infrastructure network resulting from a cyber incident;
(iii)
designed to provide for the systematic evaluation of cyber readiness and enhance operational understanding of the cyber incident response system and relevant information sharing agreements; and
(iv)
designed to promptly develop after-action reports and plans that can quickly incorporate lessons learned into future operations.
(B)
Model exercise selection
The Exercise Program shall—
(i)
include a selection of model exercises that government and private entities can readily adapt for use; and
(ii)
aid such governments and private entities with the design, implementation, and evaluation of exercises that—
(I)
conform to the requirements described in subparagraph (A);
(II)
are consistent with any applicable national, State, local, or Tribal strategy or plan; and
(III)
provide for systematic evaluation of readiness.
(3)
Consultation
(b)
Definitions
In this section:
(1)
State
(2)
Private entity
(c)
Rule of construction
(Pub. L. 107–296, title XXII, § 2220B, as added Pub. L. 117–81, div. A, title XV, § 1547(a), Dec. 27, 2021, 135 Stat. 2059.)
cite as: 6 USC 665h