The Retail and Hospitality ISAC (RH-ISAC) and the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with top trade associations in the retail, hospitality, and travel industry, today announced that they will be hosting the first retail, hospitality, and travel industry-wide cybersecurity exercise in June 2021.
The exercise, EX-RH2021, will be virtual and will cover a full day of play including a training session at the start for participants to get the most out of the exercise. EX-RH2021 will include exercise inputs that are designed to challenge infosec teams as well as executive decision making, operational decision making and coordination, and cross-disciplinary coordination in the corporate environments impacted by cybersecurity threats. The exercise construct is designed for companies with information security teams and capabilities of all sizes and ranges of competence.
“RH-ISAC is the epicenter for information sharing for retail, hospitality, and travel organizations, and as such is the ideal host for the first sector-wide exercise,” commented Suzie Squier, president of RH-ISAC. “Together, with CISA and key trade associations, we’ll be able to mature our enterprise security activities as well as our collective coordination.”
The exercise scenario will contemplate the impacts of compromised information and operational technology including point-of-sale and reservation/property management systems.
EX-RH2021 will incorporate coordination between the retail, hospitality, and travel sector, the U.S. government, and federal law enforcement agencies to inform key aspects of incident management and coordination for participants when real-world situations require such coordination.
“CISA is proud to support the retail, hospitality, and travel industry in their first exercise and to assist with testing communication, coordination, and decision-making protocols if an incident were to occur,” said CISA Executive Assistant Director for Infrastructure Security Dr. David Mussington. “This exercise is essential to preparing for an incident and participants will be able to gain valuable information on how to handle and respond to an incident within the industry.”
Participation will benefit personnel in roles including:
- C-level executives (CCO, CFO, CLO, CMO, COO, CSO, CISO).
- Security practitioners who are direct reports to C-level.
- Analysts as well as IT practitioners with security operations and incident management responsibilities.
- Practitioners associated with retail privacy, compliance, and IT/OT/point-of-sale issues and controls.