February 10, 2006 1:38 PM PST

Homeland Security wraps up first mock cyberattack

The government has ended its first large-scale mock cyberattack, aimed at gauging the nation's readiness to handle such threats.

The weeklong exercise, dubbed "Cyber Storm," was organized by the Department of Homeland Security's National Cyber Security Division and 115 public- and private-sector partners. It was designed to model the coordination among government and industry necessary for responding to and recovering from "large-scale" intrusions affecting the energy, information technology, telecommunications and transportation sectors.

"Preparedness against a cyberattack requires partnership and coordination between all levels of government and the private sector," Homeland Security Under Secretary for Preparedness George Foresman said in a statement Friday. "Cyber Storm provides an excellent opportunity to enhance our nation's cyberpreparedness and better manage risk."

What remained unclear was the extent to which the exercise proved successful. The agency said it plans to compile responses from all of the participants and to issue a final report this summer assessing Cyber Storm's performance.

Bob Dix, an executive vice president for Dallas-based Citadel Security Systems, which participated in the simulation, said, "We won't have the results for a little while yet." But the very organization of the program, he said, symbolizes "how seriously people are taking (cybersecurity), to try and simulate a situation so that we can evaluate our preparedness and take the necessary steps ahead of time to improve on that."

Homeland Security officials revealed few details about the project, except to say that all attacks were "prescripted and executed in a closed and secure environment, eliminating any external distress to participants' day-to-day systems during the exercise." One of the incidents, for example, simulated the breach of a utility company's computer system and subsequent power grid disruptions.

The main "control center" for the game was located at U.S. Secret Service headquarters in Washington, D.C. Within the U.S. government, seven cabinet-level departments, including Justice, Commerce, Defense and Treasury, along with the U.S. military, the CIA, the National Security Agency, the FBI and the American Red Cross, participated. Among the other private businesses onboard were Intel, Microsoft, Symantec, McAfee and VeriSign. Representatives from the governments of the United Kingdom, Australia, New Zealand and Canada also were involved.

"The exercise is critical because it brings it out of the abstract," said Paul Kurtz, director of the Cyber Security Industry Alliance, which counted some of its member companies among the exercise's participants. "Most importantly, it's not just proving plausibility, it's, 'What do we do? Who does what?'"

The nationwide exercise marked one of several steps that Homeland Security has been taking in recent months as it attempts to raise its cybersecurity profile. Government auditors and cybersecurity analysts have charged that the department is not living up to its responsibilities in that realm.

The test was originally supposed to occur during the fall but was postponed because many of those assigned to coordinating the task were bogged down by the aftermath of Hurricanes Katrina and Rita.

The department has also lagged in installing an assistant secretary for cybersecurity, a post suggested by Homeland Security Secretary Michael Chertoff in a six-point reorganization plan and supported strongly by the security industry. The department, however, may not be entirely to blame. The authority to create that position lies in a congressional proposal that remains bottled up in the Senate. It was unclear when action would be taken.

See more CNET content tagged:
cybersecurity, cyberattack, homeland security, exercise, department

5 comments

Join the conversation!
Add your comment
The less competent they are, the more free we are.
It's a drag when the government has been stolen by election
thieves. I was worried for a while that Homeland Security would
actually succeed in getting those agencies to work together.
Mostly they waste vast sums trying to make us more afraid. That's
what happens when you declare war on an emotion, on terror. It
never has to end. It never will, until we take our country back. I
don't think Americans are brave enough for that. We let them steal
two presidential elections and did nothing. Now we just complain
online.
Posted by JackfromBerkeley (136 comments )
Reply Link Flag
Wasnt 911 on same day as ...
...a military exercise? Hmmm...
And, no America is pacified as long as people on opposing sides of goverment action issues talk, blog or chat about them...we will "discuss the issues" until we wake up and realize one day we have a national curfew and electricity is rationed out on a scheduled basis-imho.
Posted by BSRadar (6 comments )
Reply Link Flag
Real Cyberterror Are Electronic Voting Machines
The real cyberterror, the threat to our democracy, is hacked voting machines with no audit trail. California is in a fix now because the Feds mandated a deadline for installing new machines but CA has a bunch of Diebold machines that cannot pass vertification. Oh, and what's happening lately with Diebold. Didn't their president resign over all sorts of improprieties?
How convenient that secure, auditable machines
won't be in place for the 2006 elections. "Make every vote count, again and again."


<a class="jive-link-external" href="http://www.washingtonpost.com/wp-dyn/content/article/2005/12/06/AR2005120601518.html" target="_newWindow">http://www.washingtonpost.com/wp-dyn/content/article/2005/12/06/AR2005120601518.html</a>
"An October report from the Government Accountability Office predicted that steps to improve the reliability of electronic voting "are unlikely to have a significant effect" in the 2006 off-year elections, partly because certification procedures remain a work in progress."
Posted by Stating (869 comments )
Reply Link Flag
Emperor Nero made a mistake and we are doing the same thing.
I understand practice makes perfect however logic should say do not practice in the middle of a fire. Put the fire out first...

While the rest of the world implements solutions doing 4 part authentication using multiple interactive solutions leading to a single use credit or debit use number, we play games knowing the US patented the solution years ago.

Nero had nothing on us. At least he got the joy of inspiration but remember he was hunted down like a rabid dog by his own gaurds and died begging for his life.

Let's hope we don't go as far to get change. My Mummy and Grams in UK will get protection before me only because I live in the US where we play cops and robbers on the very machines that are robbing us blind. No wonder they cannot get qualified talent since Nero is insane.

That's what I think. Ciao now.
Posted by Iohagh (54 comments )
Reply Link Flag
Emperor Nero made a mistake and we are doing the same thing.
I understand practice makes perfect however logic should say do not practice in the middle of a fire. Put the fire out first...

While the rest of the world implements solutions doing 4 part authentication using multiple interactive solutions leading to a single use credit or debit use number, we play games knowing the US patented the solution years ago.

Nero had nothing on us. At least he got the joy of inspiration but remember he was hunted down like a rabid dog by his own gaurds and died begging for his life.

Let's hope we don't go as far to get change. My Mummy and Grams in UK will get protection before me only because I live in the US where we play cops and robbers on the very machines that are robbing us blind. No wonder they cannot get qualified talent since Nero is insane.

That's what I think. Ciao now.
Posted by Iohagh (54 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.