Cyber Storm II stirring
The Homeland Security Department is getting ready to lead foreign governments, corporations, states and federal agencies on a second round of cyber war games.
During the second week of March, nine states, four foreign governments, 18 federal agencies and 40 private companies will participate in Cyber Storm II — a weeklong simulation designed to better prepare the players for cyberattacks. DHS, FBI and the Defense Department are among the federal agencies that will participate.
The exercise will be the culmination of more than 18 months of planning, led by DHS’ National Cyber Security Division, to design a series of simulations that will test the players’ abilities to respond to cyberattacks on information technology, communications, chemical and transportation infrastructure. The first Cyber Storm exercise, in 2006, focused on air transportation.
Cyber Storm II participants have been broken into two teams: planners and players. The players have not seen any of the scenarios they will have to mitigate.
A source familiar with the planning of the exercise said that this year’s simulation exercises could include elements of organized crime, terrorism or a hacking attempt driven by political goals.
“We are looking at a more sophisticated scenario this time around,” he said. “It’s going to be quite an event.”
The exercise will take place in Washington, but will also be played out virtually by thousands of people worldwide. Australia, along with the United Kingdom, New Zealand, Canada and the United States, is planning a simultaneous cyber simulation exercise that will include its military.
Each of Cyber Storm II’s participants will have their own goals and challenges designed to bolster their own abilities. The private-sector participant list includes giants such as Dow Chemical, Microsoft, McAfee, Cisco and Nova Chemicals, among others, the source said.
“The exercise is very much deliberately intended to overload people,” the source said. “We don’t do these things to pat ourselves on the back.”
The exercise stresses confidentiality and afterward DHS will hold an after-session and produce a general lessons-learned document. Participants are encouraged but not required to do the same.
President Bush requested an additional $83.1 million for the U.S. Computer Emergency Readiness Team for fiscal 2009 and has recently made headlines with the issuance of the classified cyber initiative.
Lawmakers have grown increasingly concerned with the job DHS is doing in thwarting cyberattacks, which have increased exponentially in recent years. Congressional staff will be observing the event.
Ben Bain is a reporter for Federal Computer Week.