'Cyberwar' To Test Response

Team Infidel

Forum Spin Doctor
Washington Times
March 10, 2008
Pg. 6
Exercise simulates hacker attacks on networks
By Shaun Waterman, United Press International
Officials from 18 federal agencies, nine states, four foreign governments and more than three dozen private companies will take part in a cyberwar exercise staged this week by the U.S. Department of Homeland Security.
The exercise, code-named Cyber Storm II, will run today through Thursday and is based at U.S. Secret Service headquarters in Washington. It is the second DHS biannual cyber-exercise, designed to test the ability of federal agencies and their partners in state, local and foreign governments and the private sector to respond to and recover from hacker attacks on computer networks.
"The goal of Cyber Storm II is to examine the processes, procedures, tools and organizational response to a multisector coordinated attack through, and on, the global cyber infrastructure," a fact sheet from the department states.
Details of the planning for the event are not disclosed, in part to avoid tipping off participants. The fact sheet states only that the exercise — a culmination of more than 18 months of planning led by the Homeland Security department's National Cyber Security Division — will simulate a series of coordinated physical and cyber-attacks on information technology and communications systems and chemical, rail and pipeline infrastructure.
The adversary is not identified but has a "a specific political and economic agenda," says the fact sheet. In the last Cyber Storm exercise in 2006, the enemy was an anarchistic coalition of politically motivated hackers called the Worldwide Anti-Globalization Alliance.
The attacks will be simulated on special systems set up for the exercise, "and will not impact any live networks," the fact sheet states.
Participants in the exercise, which consists of a series of detailed scenarios unfolding according to a strict timetable, will learn of developments via phone calls or e-mails from exercise managers or through a mock TV news channel set up for the event.
But some of what players will learn from the channel will be bogus, former DHS official Jerry Dixon told Brian Krebs' Security Fix blog.
"They'll inject some red-herring attacks and information to throw intelligence analysts and companies off the trail of the real attackers," said Mr. Dixon, who helped plan the exercise.
The $6 million event will involve thousands of participants across the world, including the Australian, British, Canadian and New Zealand governments, and from U.S. agencies including the Department of Defense, CIA, National Security Agency and the FBI.
In Australia, which has ramped up its level of participation since the last exercise, officials from the federal police, the Attorney General's office and the Australian Computer Emergency Response Team will participate, Attorney General Robert McClelland said at a press conference Friday.
In New Zealand, participating agencies include the Ministry of Foreign Affairs and Trade, the Ministry of Health, the Customs Service and the New Zealand Defense Forces.
Companies taking part include Cisco Systems Inc., which owns much U.S. Internet infrastructure, Dow Chemical Co., IBM, computer security firm McAfee Inc., software giant Microsoft Corp. and Verizon.
The 2006 exercise helped participants answer basic questions about who to call at various levels of government or partner organizations, according to an after-action report released that year by the DHS.
 
Back
Top