UK to participate in international cyber-attack exercise

The UK is to take part in an international exercise that will test the ability of governments and industry to respond to major international cyber attacks.

The UK is to take part in an international exercise that will test the ability of governments and industry to respond to major international cyber attacks.

The exercise, dubbed Cyber Storm II, is due to take place in March 2008 and will model a range of hacking and terrorism attacks designed to seriously disrupt internet communications and damage the critical national infrastructures.

It will bring together security experts from industry and governments in the US, UK, Australia and New Zealand over five days, to test their responses to a gradually unfurling cyber attack as it escalates into an international incident.

Jerry Dixon, deputy director of operations of the National Cyber Security Division’s US Computer Emergency Readiness Team, told Computer Weekly that the exercise would test realistic scenarios, including terrorism attacks on critical communications systems.

More than 100 government agencies –– including the FBI, the US Department of Defense and the UK’s National Infrastructure Security Co-ordination Centre –– and private sector organisations will take part in the exercise, Dixon revealed.

The exercise builds on an early Cyber Storm exercise last year, which modelled an escalating series of attacks against the root certification authorities of the internet, which validate genuine websites. Hackers also attacked passenger screening systems at airports, and defaced websites.

“Part of the aim of the exercise was for people to separate out the serious threats from the noise," said Dixon.

“Early on in the week there were a number of isolated attacks. By Wednesday it was clear that the attacks were connected and had national implications.”

The next exercise will test whether governments, security suppliers and businesses have learned key lessons from Cyber Storm, said Dixon.

“One of the lessons is you have to quickly bring in the right people from industry. You need to have companies that are experts in the area you are dealing with,” he said.

Being able to communicate with businesses and organisations that might be affected by the attacks, and being able to give them advice on countermeasures, is also critical, he said.

The US National Cyber Security Division is planning a series of table top exercises in the run up to Cyber Storm II, to help the organisations involved develop their emergency responses before the final exercise.

Penetration tests measure firms' security

Read David Lacey’s security blog

Read Stuart King’s risk management blog

Comment on this article:

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.