DHS completes large-scale cyber exercise
'Cyber Storm' involved a sophisticated simulated attack
IDG News Service - WASHINGTON -- The Department of Homeland Security has completed the first full-scale government-led cyberattack simulation, and officials there called the exercise a "significant milestone."
DHS officials declined to talk about the results of Cyber Storm, saying they were still evaluating the exercise. But the largest-ever U.S. government cybersecurity attack simulation was a "significant accomplishment" for the DHS, said George Foresman, DHS undersecretary of preparedness.
The exercise was part of the DHS goal of preparing "so that we are ready to meet any type of threat at any time," Foresman said.
A public report of the results and lessons learned will be released midyear, said Andy Purdy, acting director of the DHS National Cyber Security Division. The DHS will release the results as broadly as possible, with the exception of information deemed too sensitive, Foresman added.
"At the end of the day, we're not going to get any stronger, we're not going to get any better, unless we capture the lessons learned, share them among the broadest possible audience, and make a full commitment to pushing improvement down the road," he said.
Cyber Storm, a simulation conducted this month of what the DHS called a "sophisticated" cyberattack, involved 115 organizations in the U.S., Canada, the U.K., Australia and New Zealand. Public agencies and private companies participated, the DHS said.
U.S. government agencies participating in Cyber Storm included the Department of Defense, the Department of Justice, the State Department and the National Security Agency. Among the private companies that volunteered to participate were Microsoft Corp., VeriSign Inc. and Symantec Corp.
"The way it's best described is DHS is the conductor of an orchestra," Foresman said. "All of these partners ... are the various musicians playing beautiful music together creating a symphony of preparedness. We've made great progress."
One of the scenarios involved a simulated attack on the computer systems at an electric utility, causing widespread power outages, DHS officials said. In that type of scenario, part of the DHS's job was to notify other utilities of potential threats, Purdy said. The simulations were done on closed networks, so the public Internet and other systems weren't affected, DHS officials said.
IT industry participants in the exercise praised the DHS for putting the simulation together.
"What we're going to take away is a lot of lessons learned," said Jerry Cochran, a senior security strategist for Microsoft. "The more we can exercise, the more we can test things, the better we're all going to get."
Cybersecurity vendors, working together, have already begun their own review of the exercise and will share the results with each other,said Michael Aisenberg, director of government relations at VeriSign. "That will help us do a better job," Aisenberg said.
The DHS should get a "lot of credit" for reaching out to the private sector during the exercise, added John Sabo, director of security and privacy initiatives at CA Inc. "This is really just the first step," Sabo said. "We need ongoing exercises, ongoing communication and information."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts