U.S. More Prepared for Attack but must Improve Public-Private Partnership as Cyber Storm III Concludes
The U.S. has made great strides in cybersecurity since 2006, when the Cyber Storm I exercise took place, said Andy Purdy, chief cyberstrategist at CSC, who headed the Department of Homeland Security’s National Cyber Security Division when it led that activity. But Congress needs to set a national cybersecurity plan with goals and milestones, he said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
"I'm heartened by the progress we made and encouraged by the commitment of the executive branch, but we haven’t made enough progress where can rest,” Purdy said Friday after the Cyber Storm III exercise. National security concerns prevented him from revealing specifics of the federal government’s performance in the three-day exercise, held every two years. The federal government must formalize and strengthen business participation in making federal cybersecurity policy, he said. It also must help identify cyberpriorities, goals, and milestones, so it can track progress, he said. None of the draft cybersecurity bills in the Senate would do this, he said.
The exercise ran smoothly and did a good job with injects -- scenarios to test an organization’s response to a cyber situation, said Erik Winebrenner, a CSC official participating in the exercise. “When you have these real world events, there will always be surprises,” he said. “So it is good you have these to throw people off, and they learn how to deal.”
Cyber Storm’s goal is strengthening public and private cybersecurity preparedness and response capabilities by exercising policies, processes and procedures for identifying and responding to a cyber attack on U.S. critical infrastructure. The federal government will issue a final report on the exercise at a time to be determined, he said. Cyber Storm III featured more participation by members of the public and private sectors, said Purdy. The exercise involved seven Cabinet-level departments, 11 states, 12 international partners including representatives from Great Britain, Japan and Germany, and 60 private participants, up from 40 in the last Cyber Storm exercise. Cyber Storm III was the first test of the National Cybersecurity and Communications Integration Center, which coordinates national cybersecurity responsiveness, and the National Cyber Security Incident Response Plan.
After the exercise, Purdy said he felt neither more nor less secure about the country’s cybersecurity defenses, but the test “reinforces the sense that we need to continue to make substantial progress in light of emerging threats.”