GCN Hot Topics:

High-stakes war games

Cyber Storm II tests public and private sectors� ability to cooperate, communicate

By William Jackson

Ports in the storm

Participants in Cyber Storm II included:

FIVE COUNTRIES: Australia, Canada, New Zealand, United Kingdom and the United States.

18 FEDERAL CABINET-LEVEL AGENCIES, including the Defense, Homeland Security, Justice and State departments.

NINE STATES: California, Colorado, Delaware, Illinois, Michigan, Pennsylvania, North Carolina, Texas and Virginia.

MORE THAN 40 COMPANIES, including ABB Group, Air Products and Chemicals, Cisco Systems, Dow Chemical, Juniper Networks, McAfee, Microsoft, NeuStar, Nova Chemical, PPG Industries and Wachovia.

The exercise tested procedures, tools and organizational responses to a coordinated attack made through and on the cyber infrastructure of the chemical, information technology, rail and pipeline transportation, and communications industrial sectors.

Source: Homeland Security Department

The Homeland Security Department recently hosted a number of federal, state, local and international government agencies along with more than 40 private-sector companies in the second in a series of large-scale cyber defense exercises.

The Cyber Storm exercises are intended to test the technical and organizational limits of responses to a cyber attack.

“When the Internet burns to the ground, how are you going to get updates?” is how Carl Banzhoff, vice president and chief technology evangelist at McAfee, summed it up.

U.S. networks are under attack around the clock, said Bob Dix, vice president of government affairs at Juniper Networks.

“Our adversaries are trying to infiltrate and take information from our systems. One of the things that Cyber Storm addressed was the interdependency across sectors. This was a successful collaboration between industry and government. Industry was invited from the very beginning.”

Dix and Banzhoff were planners of and participants in Cyber Storm II, held March 10 through 13. Dix was part of the central Control Cell, which monitored activities and injected alerts and situations that set off the scenarios to which players around the world responded.

Despite the success of the exercise, it pointed up some weaknesses in the country’s ability to respond to cyber attacks, Dix said. “We are still inherently governmental in our thinking about incident response,” he said. Private- and public-sector resources need to be more fully integrated, as do responses to natural disasters and intentional attacks.

Despite some progress in this area, “the government has not figured that out yet completely.”

Participants will be meeting during the next several months to discuss the lessons learned and prepare an after-action report, although not much of the report will be released to the public.

“The details are kept pretty confidential,” and participants sign nondisclosure agreements, Banzhoff said. Some of the information involved in the exercise is classified, and some of it could be embarrassing. “Even though the scenarios are simulated, if a lot of the details are known, it could be turned into a negative event for the participants.”

« Previous12 Next »


GCN.com	Latest News	FCW.com

Government Computer News

GCN Hot Topics:

High-stakes war games

Cyber Storm II tests public and private sectors� ability to cooperate, communicate

Ports in the storm