Perses Consulting provided the Metropolitan Washington Council of Governments with exercise design, development, conduct, and evaluation of cyber-based table-top exercise focused on the National Capital Region’s Cyber Mutual Aid Operations Plan (MAOP). The intent of the Cyber MAOP is to ensure the fullest cooperation amongst National Capital Region (NCR) cybersecurity partners in preparation for, response to, or recovery from a state of emergency or public service event which requires assistance beyond the capacity of a single signatory agency/jurisdiction.

The exercise consisted of three modules / scenario vignettes as follows:

• Public Service Event

  • In the weeks leading up to July 4th, cybersecurity teams across the National Capital Region observe a significant spike in hostile cyber activity — including credential stuffing, perimeter scans, and known command-and-control (C2) beaconing.

  • Larger jurisdictions have been actively defending their environments, but several resource-constrained jurisdictions express concern about potential undetected intrusions.

  • These smaller jurisdictions initiate MAOP requests for intrusion detection, forensic triage, and incident response support.

• Emergency Event

  • On July 4, Jurisdiction A experiences a rapid ransomware outbreak that disables critical services — including 911 dispatch, public health alerting systems, and enterprise email.

  • Jurisdiction A declares a cyber emergency and activates the NCR Cyber MAOP, requesting:

    • Technical incident response teams

    • Backup communications solutions

    • Digital forensics and containment assistance

  • By midday, signs of lateral spread emerge in other jurisdictions via CAD2CAD and NCRNet systems. Jurisdictions B and C report similar Indicators of Compromise (IoCs).

• Day-to-Day Resource Sharing

  • Jurisdiction A — a mid-sized locality in the National Capital Region — has operated without a dedicated Chief Information Security Officer (CISO) for over a year. The gap has led to missed cyber policy updates, poor risk visibility, and minimal coordination with NCR-wide cybersecurity efforts.

  • Faced with growing threats and a lack of internal capacity, Jurisdiction A submits a request through the NCR Cyber MAOP for a temporary, part-time CISO to assist with the following tasks:

    • Draft a CISO hiring plan

    • Help align the jurisdiction with regional initiatives

    • Ensure basic cyber security protocols and processes are in place

  • The proposed engagement is for 30 hours of support over 6 months, potentially virtual or hybrid.