February 10, 2006 (IDG News Service) --
WASHINGTON -- The Department of Homeland Security has completed the first full-scale government-led cyberattack simulation, and officials there called the exercise a "significant milestone." DHS officials declined to talk about the results of Cyber Storm, saying they were still evaluating the exercise. But the largest-ever U.S. government cybersecurity attack simulation was a "significant accomplishment" for the DHS, said George Foresman, DHS undersecretary of preparedness. The exercise was part of the DHS goal of preparing "so that we are ready to meet any type of threat at any time," Foresman said. A public report of the results and lessons learned will be released midyear, said Andy Purdy, acting director of the DHS National Cyber Security Division. The DHS will release the results as broadly as possible, with the exception of information deemed too sensitive, Foresman added. "At the end of the day, we're not going to get any stronger, we're not going to get any better, unless we capture the lessons learned, share them among the broadest possible audience, and make a full commitment to pushing improvement down the road," he said. Cyber Storm, a simulation conducted this month of what the DHS called a "sophisticated" cyberattack, involved 115 organizations in the U.S., Canada, the U.K., Australia and New Zealand. Public agencies and private companies participated, the DHS said. U.S. government agencies participating in Cyber Storm included the Department of Defense, the Department of Justice, the State Department and the National Security Agency. Among the private companies that volunteered to participate were Microsoft Corp., VeriSign Inc. and Symantec Corp. "The way it's best described is DHS is the conductor of an orchestra," Foresman said. "All of these partners ... are the various musicians playing beautiful music together creating a symphony of preparedness. We've made great progress." One of the scenarios involved a simulated attack on the computer systems at an electric utility, causing widespread power outages, DHS officials said. In that type of scenario, part of the DHS's job was to notify other utilities of potential threats, Purdy said. The simulations were done on closed networks, so the public Internet and other systems weren't affected, DHS officials said. IT industry participants in the exercise praised the DHS for putting the simulation together. "What we're going to take away is a lot of lessons learned," said Jerry Cochran, a senior security strategist for Microsoft. "The more we can exercise, the more we can test things, the better we're all going to get." Cybersecurity vendors, working together, have already begun their own review of the exercise and will share the results with each other, said Michael Aisenberg, director of government relations at VeriSign."That will help us do a better job," Aisenberg said. The DHS should get a "lot of credit" for reaching out to the private sector during the exercise, added John Sabo, director of security and privacy initiatives at CA Inc. "This is really just the first step," Sabo said. "We need ongoing exercises, ongoing communication and information."
Reprinted with permission from IDG.net Story copyright 2008 International Data Group. All rights reserved.
If you're like our 7,000 survey respondents, your paycheck this year has been flattened and your bonus obliterated. We offer 12 ways to plump up your paycheck.
By helping Intel with loosened 'Vista Capable' requirements, Microsoft 'severely damaged' its credibility, said an HP exec in a newly unsealed Feb. 2006 e-mail.
Moving to Windows Vista: The Promise, The Reality View this exclusive webcast today! Go to the webcast
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing
Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage
Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical...
Fired up about IT?Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT the good, the bad, and the rest of the weird stuff you deal with every day.
Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.
Steven J. Vaughan-Nichols:
The World without Linux
DATELINE: WindowsWorld 2008: Microsoft CEO and President, Steve Ballmer was happy as a clam today when he announced, for the 4th time this century, that Longhorn would be released soon. ...[more]
Webcast: The Automation of IT Compliance Programs: Reducing Risk, Cost and Complexity of Corporate Compliance
To meet the growing number of industry and federal regulations, businesses spend significant time, effort, and budget determining how to best meet continuously evolving IT compliance requirements this new Forrester Research and Juniper Networks Webcast led by industry experts who examine global IT security and compliance trends, common IT compliance issues and challenges, and best practices for successful IT compliance programs.
Whitepaper: Tackling the Top Five Network Access Control Challenges
The major challenge enterprises face today is how to create innovative business models and to increase productivity by opening the network to a dynamic workforce, while at the same time protecting critical assets from the vulnerabilities that openness and user mobility bring. In addition, to comply with industry and governmental regulations, enterprises must prove that they have stringent controls in place to restrict access to sensitive data. This paper describes the top five networking access control challenges that companies like yours are facing and solutions that they are deploying today.
Whitepaper: Addressing PCI Compliance with a Comprehensive Network Access Control Solution
The Payment Card Industry (PCI) is one of the most comprehensive data security standards in a cluster of regulations that have emerged over the past decade. Meeting its requirements is both complicated and expensive for many companies. Learn how a comprehensive access control solution allows retailers and consumer organizations adhere to the core tenets of PCI, and delivering the necessary information and reports needed for compliance audits. Download this white paper
Whitepaper: Control System Cyber Vulnerabilities and Mitigation of Risk for Utilities
Today's global industrial infrastructure includes thousands of electric utilities, water/wastewater management companies, oil and gas suppliers, chemical manufacturers and other facilities critical to daily functioning. Learn why relying on off-the-shelf operating systems and Internet-based remote access control to carry out production tasks, traditional control networks can leave today's global industrial infrastructures vulnerable to hackers, extortionists, worms, viruses and application-level attacks. Deploying network-based security can protect these at-risk systemswithout requiring infrastructure replacement. Download this white paper