UK to put its defences to the test in international cyber-attack exercise

The UK is to take part in an international exercise that will test the ability of governments and industry to respond to major international cyber attacks.

The UK is to take part in an international exercise that will test the ability of governments and industry to respond to major international cyber attacks.

The exercise, dubbed Cyber Storm II, is due to take place in March 2008. It will model a range of hacking and terrorism attacks designed to disrupt internet communications and damage critical national infrastructures.

The exercise will bring together security experts from industry and government in the US, UK, Australia and New Zealand over five days, to test their responses to a gradually unfurling cyber attack as it escalates into an international incident.

Jerry Dixon, deputy director of operations for the National Cyber Security Division's US Computer Emergency Readiness Team, told Computer Weekly that the exercise would test realistic scenarios, including terrorism attacks on critical communications systems.

More than 100 government agencies - including the FBI, the US Department of Defense and the UK's National Infrastructure Security Co-ordination Centre - and private sector organisations would take part in the exercise, Dixon said.

The exercise builds on an earlier Cyber Storm simulation last year, which modelled an escalating series of attacks against the root certification authorities of the internet, which validate genuine websites. It also simulated hackers attacking passenger screening systems at airports and defacing websites.

"Part of the aim of the exercise was for people to separate out the serious threats from the noise," said Dixon.

"Early on in the week there were a number of isolated attacks. By Wednesday it was clear that the attacks were connected and had national implications."

The next exercise would test whether governments, security suppliers and businesses had learned key lessons from Cyber Storm, said Dixon.

"One lesson is that you have to quickly bring in the right people from industry. You need to have companies that are experts in the area you are dealing with," he said.

Being able to communicate with businesses and organisations that might be affected by the attacks, and being able to give them advice on countermeasures, was also critical, said Dixon.

Cyber Storm exercise report

David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security

Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management

Comment on this article:

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.