From: Randall <rvh40@xxxxxxxxxxxxx>
Date: February 7, 2006 5:04:10 PM PST
To: Dave <dave@xxxxxxxxxx>, Dewayne Hendricks <dewayne@xxxxxxxxxxxxx>
Cc: JMG <johnmacsgroup@xxxxxxxxxxxxxxx>
Subject: Preparing for 'Cyber-Katrina'
<http://htdaw.blogsource.com/post.mhtml?post_id=223197>
Preparing for 'Cyber-Katrina'
Tuesday, February 07, 2006 at 7:58 PM EST
U.S. Government to Put 'Cyber Katrina' to the Test
February 6, 2006
By Paul F. Roberts
U.S. Government agencies are conducting electronic war games this week
to test the government's ability to respond to the digital
equivalent of
Hurricane Katrina.
The exercise, dubbed "Operation Cyber Storm," was postponed for two
months because of Katrina, but will take place between Feb. 6 and Feb.
10.
The exercise will mimic the effects of a large-scale cyber-attack that
affects the IT, transportation, energy and telecommunications sectors,
according to published information.
The exercise is sponsored by the Department of Homeland Security's
NCSD
(National Cyber Security Division). Representatives from a number of
U.S. government agencies will participate, including the
Departments of
Commerce, Defense, Energy, Justice and Transportation.
In addition, private companies participate through ISACs (Information
Sharing and Analysis Centers), including the IT-ISAC and
Telecommunications ISAC.
DHS did not respond to requests for comment.
Representatives from Cisco Systems, Citadel Security Software,
Computer
Associates International, Computer Sciences Corporation, Intel,
Microsoft, Symantec and VeriSign are taking part, according to
information published by the IT-ISAC.
Details about the specific scenario that is being used in Cyber Storm
are not public. However, the government has said the test scenario
will
involve cyber-attacks and physical attacks that disrupt transportation
and energy infrastructure, coupled with attacks on the state and
federal
IT infrastructure that undermine the public's confidence by crippling
its ability to deliver public services and respond to the attacks.
The exercise is designed to assess the government's ability to
communicate internally with the private sector about situational
awareness, decision making and proper response to attacks.
DHS has said little publicly about the war game, despite recent news
articles. The agency's silence prompted inquires to The SANS ISC
(Internet Storm Center) from IT administrators around the globe who
were
concerned that their networks might be affected, said Marc Sachs,
an ISC
volunteer.
"People are worried that DHS is about to hack the planet," he said.
Despite its name, Cyber Storm is more akin to a "tabletop" exercise
than
a real-life simulation of a cyber-attack. It is designed,
primarily, to
test the mettle of high-level government decision-makers, Sachs said.
"The general idea is to do simulated tests. They're not firing live
bullets," he said. "The senior people don't need the technical side to
make decisions. They know what a [denial-of-service] attack is like."
Cyber Storm was originally scheduled for Nov. 2005, but was postponed
because of the government's need to respond to Hurricane Katrina in
Mississippi and Louisiana. Ironically, that natural disaster created
real-life versions of many of the conditions that government planners
will test this week.
But Cyber Storm is designed to prevent the kinds of mishaps and
miscommunications between agencies that respond to cyber threats as
those that marred the response to Katrina, Sachs said.
"With Katrina, the problem was with the very senior decision-makers.
Once the senior people got their act together, you saw the lower level
decision-makers start to coordinate," he said.
<http://www.eweek.com/print_article2/0,1217,a=170866,00.asp>