Cyber Storm II gets started
The private sector owns more than three-quarters of the country’s critical infrastructure. A large-scale, successful, coordinated attack could cripple the country's economy. A cyberattack can originate in one country and pass through several others before reaching its target.
That dark side of cyberspace is the backdrop for this week’s Cyber Storm II exercise, the Homeland Security Department’s second massive cyber war game, which kicked off today will be played this week in Washington and virtually worldwide.
Players in the multimillion-dollar exercise include nine states, four foreign governments, 18 federal agencies and 40 private companies that work in information technology, telecommunications, chemicals, and pipe and rail transportation infrastructure. Officials say the main success of the $6.4 million exercise thus far has been building relationships during the 18-month planning process.
“One of the biggest lessons learned, or success stories from the exercise planning process itself, is the relationships and the trust that’s built among these different companies and these different agencies and the international community,” said Cheri McGuire, acting director of DHS’ National Cyber Security Division, who led planning for the exercise. “If you haven’t tested those things ahead of time, when you have some kind of event, when you need to have those relationships and those communication paths in place, oftentimes they are not there.”
And with cyberattacks on the rise, the question is less about what to do if an attack happens and more about what to do when one occurs.
Throughout this week, participants will be purposely overloaded with problems.
McGuire said that although the event focuses on response she believes that the relationships formed will also benefit prevention and preparedness efforts.
“This exercise is…a response exercise, but as part of that, continuous improvement for responding you also gain efficiencies for prevention and protection and preparedness, so it’s really that full spectrum,” she said.
George Foresman, who presided over Cyber Storm I when he was DHS’ undersecretary for preparedness, said Cyber Storm I exposed key issues, including information sharing and action coordination, communication, and problems using manual mode once IT systems are attacked.
“I think cybersecurity events are going to be global events,” he added. “In many ways, all of us have to understand that there is a unification that has to occur between government and [the] private sector not just in the U.S. but across the world.”
But although bolstering communication is important, congressional staff members observing the exercise will also be looking for focused analysis of the exercise’s successes and failures, said a congressional staffer familiar with the exercise. The staffer also said that the Cyber Storm I’s public post-exercise briefing did not go into many specifics and that lawmakers have asked the Government Accountability Office to report on progress made since the exercise.
“We are spending a lot of money on this — it’s not a cheap deal,” the staffer said.
DHS plans to produce a general lessons-learned document after the exercise is over and encourages participants to do the same.
Foresman, who now works as a consultant since retiring from government last year and is not involved in Cyber Storm II, said getting disparate groups to coalesce to tackle the same problem is challenging. He added that one of the most important accomplishments of Cyber Storm I was learning how to communicate the complex IT issues of a cyberattack.
“One of the biggest things that can be accomplished is clarifying roles and responsibilities,” the staffer added. “As time passes, we’re getting better about developing these relationships, one of the things that we want to do is stop these things from happening in the first place.”
Ben Bain is a reporter for Federal Computer Week.