DHS Conducts “Cyber Storm”

The National Cyber Security Division (NCSD) just completed its simulations today, running attack scenarios against common internet services and specifically, how it deals with the National Critical Infrastructure, like banking, power, chemical and other industries.

Such exercises are designed to determine the survivability of the critical infrastructure, but to me, the most important aspect of this type of simulation is the practice in communicating with the various players in the Cyber Field, such as Information Sharing and Analysis centers (ISACS) and key commercial players such as Managed Security Services Providers. We will need to wait for the full report to see how well everyone fared with their communication. From the AP here:

WASHINGTON – The government concluded its “Cyber Storm” wargame Friday, its biggest-ever exercise to test how it would respond to devastating attacks over the Internet from anti-globalization activists, underground hackers and bloggers.

Bloggers?

Participants confirmed parts of the worldwide simulation challenged government officials and industry executives to respond to deliberate misinformation campaigns and activist calls by Internet bloggers, online diarists whose “Web logs” include political rantings and musings about current events.

The Internet survived, even against fictional abuses against the world’s computers on a scale typical for Fox’s popular “24” television series. Experts depicted hackers who shut down electricity in 10 states, failures in vital systems for online banking and retail sales, infected discs mistakenly distributed by commercial software companies and critical flaws discovered in core Internet technology.

Some mock attacks were aimed at causing a “significant cyber disruption” that could seriously damage energy, transportation and health care industries and undermine public confidence, said George Foresman, an undersecretary at the Homeland Security Department.

It may be interesting to note that Blogging played such a significant role in the exercise. In a time of warfare, sources of information (and disinformation) are fair game as targets of war. I remember how the American Version Website of Al-Jazeera disappeared off of the internet due to DDoS shortly after 9-11. The site was hosted at an American ISP, and there was evidence of attack packets on the internet that targeted the site and crushed its availability online. Now was this attack from pissed off American civilian hackers that did not like Arab-Owned disinformation websites? Or was this evidence of a cyber attack by the military? If it is the latter, it means that the military or an intelligence service will easily take down sites as part of a coordinated information warfare tactic.

It was also noted that the “Internet Survived.” This basically means that the GTLD root DNS servers managed to survive the attacks. There may be massive power outages and no one can use the internet from home, but the services will be there when the chaos of the national or regional incident is resolved and power is restored.

More from Homeland Security here.