Cyber Storm Warning

After a simulated cyberattack exercise last winter, officials in charge of cybersecurity at the Department

of Homeland Security said they had identified eight areas they need to work on with the private sector

to secure and respond to cyberattacks on the nation’s critical infrastructures.

But as many security experts expected, the Cyber Storm exercise (staged in early February to attack

computers supporting the U.S. and international energy and transportation systems) pointed out that

much basic planning is left to be done to prepare for a large-scale cyberattack.

DHS officials and the “Cyber Storm Exercise Report” were short on details of the exercise and what was

discovered. DHS identified “eight core findings,” including the need for more interagency coordination

(such as what events would trigger involving what government agency) and the need for clearer roles

and responsibilities among government agencies and the private sector.

George Foresman, undersecretary for preparedness at DHS, said at a September press conference that

other key findings cited the value of DHS’s ability to stage such a large-scale exercise and showed that

the government could work with the private sector on cyberattacks.

Security experts who have monitored the government’s cybersecurity efforts say the United States

should be further along in its preparations and note that Cyber Storm did not test how the country

would respond to specific threats, such as a denial-of-service attack.

Foresman defends DHS’s performance by saying that the government has been aware of cybersecurity

issues for only 10 years. DHS plans another exercise in 2008. “We ought to have processes and

procedures in place that clarify” the coordination issues highlighted in Cyber Storm, Foresman says. “If

they still exist, then we know we didn’t do a good job of implementing it.”