The UK is to take part in an international exercise that
will test the ability of governments and industry to respond to
major international cyber attacks.
The exercise, dubbed Cyber Storm II, is due to take place in
March 2008 and will model a range of hacking and terrorism attacks
designed to seriously disrupt internet communications and damage
the critical national infrastructures.
It will bring together security experts from industry and
governments in the US, UK, Australia and New Zealand over five
days, to test their responses to a gradually unfurling cyber attack
as it escalates into an international incident.
Jerry Dixon, deputy director of operations of the National Cyber
Security Division’s US Computer Emergency Readiness Team, told
Computer Weekly that the exercise would test realistic scenarios,
including terrorism attacks on critical communications systems.
More than 100 government agencies –– including the FBI, the US
Department of Defense and the UK’s National Infrastructure Security
Co-ordination Centre –– and private sector organisations will take
part in the exercise, Dixon revealed.
The exercise builds on an early Cyber Storm exercise last year,
which modelled an escalating series of attacks against the root
certification authorities of the internet, which validate genuine
websites. Hackers also attacked passenger screening systems at
airports, and defaced websites.
“Part of the aim of the exercise was for people to separate out
the serious threats from the noise," said Dixon.
“Early on in the week there were a number of isolated attacks.
By Wednesday it was clear that the attacks were connected and had
national implications.”
The next exercise will test whether governments, security
suppliers and businesses have learned key lessons from Cyber Storm,
said Dixon.
“One of the lessons is you have to quickly bring in the right
people from industry. You need to have companies that are experts
in the area you are dealing with,” he said.
Being able to communicate with businesses and organisations that
might be affected by the attacks, and being able to give them
advice on countermeasures, is also critical, he said.
The US National Cyber Security Division is planning a series of
table top exercises in the run up to Cyber Storm II, to help the
organisations involved develop their emergency responses before the
final exercise.
Penetration tests measure firms' security
Read
David Lacey’s
security blog
Read
Stuart King’s
risk management blog
Comment on this article:
computer.weekly@rbi.co.uk