Opinion: Government and industry unite in cybercrime battle

War games with entities that can actually engage in war

This week, private industry, Federal, state and local, and even some international government organizations are joining forces in an exercise to fight cyber attackers -- not fending off actual attackers, but dealing with a cyberwar "worst-case scenario" designed to find our weaknesses before less friendly entities do. The exercise, Cyber Storm II, is sponsored by the Department of Homeland Security.

Cyberattacks of varying degree and damage happen daily. The US government takes these cyber attacks seriously, and has stepped up its training and threat preparedness strategy to try to keep one step ahead. Simulations such as Cyber Storm II are part of that effort, and the exercise plays a vital role in enhancing the nation's cybersecurity -- well beyond the exercise itself.

This year's exercise promises to be the nation's most comprehensive cybersecurity exercise -- vital for assessing response capabilities and setting cybersecurity priorities. Participants will include representatives from over 18 Federal agencies, 9 states, 40 private-sector companies, and four international partners.

Cyberwar: What is it good for?

Our government is increasingly a target of choice. According to the United States Computer Emergency Readiness Team (US-CERT), between the '06 and '07 government fiscal years the total number of reported government cybersecurity incidents showed an increase from 23,632 to 37,213, with Federal incidents growing from 5,143 to 12,986. Such attacks will continue to proliferate unless we respond with the appropriate actions. Cyber Storm is a clear step in the right direction.

As our society flourishes under high-speed venues of communication and interaction, the national impact of a coordinated cyberattack on those venues continues to grow. Today, Web 2.0 sets the stage for billions of dollars in commerce transitions, voting, nationwide communication, and virtually all areas of government regulation. Undoubtedly, there is much at stake.

Meanwhile, highly trained cyberterrorist groups have already demonstrated the destructive outcome of planned attacks on this public infrastructure, most notably in Estonia. As the consequences of a cyberattack in that nation demonstrated, such assaults are genuine threats to government operations. And coordinated attacks take place every day, calling for an equally persistent, resourceful response that will demand both government and private industry participation.

Simulated cyberattacks have long been a part of our federal government's threat preparedness strategy, and for good reason. Exercises such as TOPOFF4, Cyber Storm I, and Cyber Storm II provide a safe way for the Department of Homeland Security to evaluate national cybersecurity preparedness with help from private industry experts.

Cyber Storm I and what we learned

In 2006, the DHS/ National Cyber Security Division (NCSD) successfully executed the first government-led, full-scale cybersecurity exercise, Cyber Storm (or, now, Cyber Storm I). Cyber Storm I was a dynamic, large-scale simulation conducted by domestic and international governments in partnership with the private sector.

The exercise was designed to improve national cybersecurity by examining and validating response measures and policies during a coordinated, large-scale cyberattack. Over 100 public and private agencies, associations, and corporations participated in the exercise from over 60 locations and five countries. Together they collaborated in response to a simulated cyber campaign that disrupted multiple elements of our national infrastructure: energy, information technology, transportation, and telecommunications.

The scale of collaboration witnessed at the first Cyber Storm exercise was unprecedented. For the first time ever, Federal agencies, industry participants, and other support organizations -- of varying security classifications -- joined together to thwart a spearhead of cyber attacks aimed at our nation's critical infrastructure.

This spring's Cyber Storm II will take that effort to the next level, giving the DHS-led community a valuable chance to apply newly formed processes and threat responses to a new set of simulated cyberattacks. More importantly, Cyber Storm II will continue to strengthen connections between government and industry to help all parties cooperate effectively in the event of a real attack.

One of the most valuable elements of Cyber Storm is defining how government and industry can work together while upholding government policies and protecting national security interests. In fact, the DHS Exercise Report from Cyber Storm I (PDF format) specifically listed this as a key area of achievement, stating that it established numerous public and private sector relationships that will be invaluable in future preparation for and response to cross-sector cyber incidents. This major area of focus will continue to be refined during Cyber Storm II.

What's in it for business?

Exercises such as the Cyber Storms keep government and private sector experts focused on the issue of national-scale cyberattacks, and engaged in developing new solutions and security initiatives that will elevate our preparedness when faced with the real thing.

The theme of Cyber Storm II will generally continue that of the 2006 exercise -- challenging the public and private sector to respond to a large-scale, coordinated cyber attack. The major difference in this year's exercise is a significant increase in attack complexity -- expect to see more incidents, occurring with greater frequency and dispersed among a wider player set. This new intensity will play a strategic role in deepening interactions between agencies and industry, and will help to build these relationships for future collaboration.

With an uptick in cyberincidents, one of the biggest challenges for the Cyber Storm II community will be to distinguish real threats from "noise" on the network. Accurate threat analysis is critical to any first-response mission, especially in multiple-incident scenarios. Thanks to the simulated environment provided by Cyber Storm, participants will get a unique opportunity to focus on this issue.

Other Cyber Storm II objectives follow a similar logic. The overarching goal is to continue to improve upon tactics, procedures, and cooperation that showed promise at the 2006 exercise.

As an integral participant in Cyber Storm, McAfee is proud that our Cyber Storm I mission objectives were achieved, and that we were able to provide a broad body of security knowledge and support that helped DHS identify threats faster and implement precise countermeasures. We're looking forward to participating in Cyber Storm II this spring, where previous insights will be applied and assessed in an even more rigorous exercise environment. We applaud DHS's commitment to secure America by bringing public, private, and international partners together to keep our world safer from cybercrime.

Carl Banzhof is VP and Chief Technology Evangelist at McAfee, where he is responsible for the architecture, communication and technical promotion of McAfee products. A security industry veteran with 20 years of experience, Banzhof is a frequent guest speaker at various security conferences including RSA, InfoSec, and SANS.

Copyright © 2008 IDG Communications, Inc.

Shop Tech Products at Amazon