Cyber Storm II, the world's
largest international cyber security exercise so far, ended on
Friday (15 March 2008). Undoubtedly, the US Department of Homeland
Security-sponsored event will report it as a resounding success and
learning experience in its final report due in late
summer.
The exercise, by the US
Department of Homeland Security simulated a coordinated cyber
attack on information technology, communications, chemical, and
transportation systems and assets. It simulated a crash of the US
and international telephone system which in turn caused problems
for top level domains such as .com, .net and .gov.
Crisis managers had to identify, evaluate and respond to more
than 1,800
malware incidents. These included botnet, phishing, and denial
of service attacks. Some were "white noise". These were relatively
harmless events designed to mask or confuse more serious attacks on
the systems.
Cyber security is one of four priorities at DHS, which is
responsible for securing the government's IT and critical national
infrastructure. Federal departments use an
intrusion detection sysem called Einstein, as well as
US-Cert, a 24x7
public-private operation that monitors and defends against malware
attacks. DHS also plans to cut the number of internet access points
that link to federal systems from about 4,000 to 50 to make the
federal IT system easier to guard.
Speaking to reporters near the end of the exercise, Homeland
Security under secretary Robert Jamison said the biggest lesson
from Cyber Storm II "is there is no substitute for having
established relationships and knowing who is on the other end of
the phone, and having tested the capabilities to respond and
prepare together."
Assistant secretary Greg Garcia said making the internet
unreliable "greatly impacted participants' ability to post critical
information externally to their constituents and communicate with
other stakeholders."
The event brought together the so-called "white-eye" community,
Australia, Canada, New Zealand,
the UK and the US, as well as participants from federal, state
and local governments, the private sector firms that run critical
national infrastructure, and IT industry suppliers.
The Cyber Storm II scenario imagined persistent, fictitious
adversaries with a distinct political and economic agenda. The
Cyber Storm II adversaries used sophisticated attack vectors to
create a large-scale incident requiring players to focus on
response, the organisers said.
This scenario parallels the
three-week botnet attack in March/April 2007 that crippled
Estonia's networks. Spokesmen for the DHS denied any links
between the Estonia attack and Cyber Storm II. The attack led
Nato to set up cyber attack research centre in Estonia.
Cyber Storm II follows the discovery late last year by
anti-malware supplier Kaspersky Labs of
botnet attacks apparently designed to take entire cities off the
internet.
The exercise follows repeated complaints from US and UK national
security chiefs of ongoing espionage attacks by Russian and Chinese
hackers. In November
MI5 warned 300 firms that run the UK's critical national
infrastructure systems that they were targets.
Cyber Storm II was the second in a series of congressionally
mandated exercises to test US cyber security preparedness and
response capabilities. It also comes hard on the heels of similar
exercises in the banking sector to stress-test plans to cope with
an avian flu epidemic.
Cyber Storm II aimed to test:
- participants' capacity to prepare for, protect against, and
respond to cyber attacks
- how they make strategic decisions and coordinate interagency
responses against national level policy and procedures
- how they validate and share information and what communications
paths they use to collect and share cyber incident situational
awareness, response and recovery information
- how to share sensitive information across boundaries and
sectors without compromising proprietary or national security
interests.
US Homeland Security Cyber Storm II >>