Government Stages Cyberattack Exercise to Test Response
Government and company information security professionals spent the week fending off a simulated cyberattack on the nation’s infrastructure in a Department of Homeland Security exercise. Cyber Storm II continues a series of Congressionally-mandated exercises testing U.S. cybersecurity response. The week-long event included participants from 18 federal agencies, nine states, Australia, Canada, New Zealand, the U.K. and more than 40 companies including McAfee, Microsoft, Wachovia, and Cisco.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
In a plain room on the first floor of an unmarked Secret Service headquarters, experts hunched over desks strewn with empty coffee cups and Coke cans, struggling with a devastating online attack taking down key parts of infrastructure. They dodged desk to desk, coordinating their actions as a large screen tracked progress repairing the “outage.” Phones rang, presumably offsite experts reporting in, though DHS didn’t explain the calls. Officials were scant on details but said the exercise could have included government Web site outages, loss of phone service and more. Department of Homeland Security staff gave reporters a tour of the exercise control center after a briefing with department officials.
Thousands of “players” responded to such scenarios as nationwide loss of Internet access, supplied by an “exercise control center” hosted by the Secret Service. Possible disasters were posted on the wall, but journalists were asked not to report them. Each one tested participants’ analytical and communication skills. It’s like “piecing together a digital jigsaw puzzle with some of the pieces missing,” said Greg Garcia, DHS assistant secretary for cyber security.
The exercise is evolving, Garcia said. Unlike last year, players were involved in the 18 months of planning. More people participated and “more sophisticated” attacks were unleashed, to reflect increasingly complex threats, he said. Cyber Storm, funded by the DHS National Cyber Security Division, cost about $6.4 million. It’s part of a larger effort to secure government networks and the infrastructure they operate. Agencies also are trying to reduce the number of Internet access points and hire and train more skilled personnel to handle emerging threats, he said.
DHS will report on Cyber Storm’s lessons in late summer, but one thing is already clear, Garcia said: The exercise “strained some of the best and brightest minds and that’s just what it’s intended to do.” Many participants said they wish the control room in the Secret Service headquarters really existed, he said.