In Brief
Cyber Storm Warning
The Department of Homeland Security's Cyber Storm exercise reveals that basic planning is left to be done to prepare for a large-scale cyberattack
By Allan Holmes
November 01, 2006 — CSO — After a simulated cyberattack exercise last winter, officials in charge of cybersecurity at the Department
of Homeland Security said they had identified eight areas they need to work on with the private sector
to secure and respond to cyberattacks on the nation's critical infrastructures.
But as many security experts expected, the Cyber Storm exercise (staged in early February to attack
computers supporting the U.S. and international energy and transportation systems) pointed out that
much basic planning is left to be done to prepare for a large-scale cyberattack.
DHS officials and the "Cyber Storm Exercise Report" were short on details of the exercise and what was
discovered. DHS identified "eight core findings," including the need for more interagency coordination
(such as what events would trigger involving what government agency) and the need for clearer roles
and responsibilities among government agencies and the private sector.
George Foresman, undersecretary for preparedness at DHS, said at a September press conference that
other key findings cited the value of DHS's ability to stage such a large-scale exercise and showed that
the government could work with the private sector on cyberattacks.
Security experts who have monitored the government's cybersecurity efforts say the United States
should be further along in its preparations and note that Cyber Storm did not test how the country
would respond to specific threats, such as a denial-of-service attack.
Foresman defends DHS's performance by saying that the government has been aware of cybersecurity
issues for only 10 years. DHS plans another exercise in 2008. "We ought to have processes and
procedures in place that clarify" the coordination issues highlighted in Cyber Storm, Foresman says. "If
they still exist, then we know we didn't do a good job of implementing it."
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
