'Cyber Storm III' tests US on cyber attack

Sep 28, 2010 by Chris Lefkow
US keyboard warriors have been battling with a simulated cyberattack on government and private computer networks that undermines basic trust in the Internet as part of the "Cyber Storm III" mock computer attack.

Keyboard warriors from the United States and a dozen other nations were battling a simulated cyber attack Tuesday on government and private networks that undermines basic trust in the Internet.

"Cyber Storm III," which simulates a "large-scale cyberattack on critical infrastructure," involves thousands of participants at computer work stations across the globe and is one of the largest such exercises ever conducted.

In the United States, seven US government departments are taking part: Commerce, Defense, Energy, Homeland Security, Justice, Transportation and Treasury, in addition to the White House and intelligence and law enforcement.

Eleven US states are also represented as are 60 private companies and the 12 "international partners": Australia, Britain, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden and Switzerland.

The biennial exercise is being staged by the Department of Homeland Security and is the first test of the new National Cybersecurity and Communications Integration Center based in an office building in this Washington suburb.

The NCCIC booted up in October 2009 to serve as the coordinating center for US cybersecurity operations and houses US government computer experts and their private sector counterparts under one roof.

Brett Lambo, director of DHS's Cyber Exercise Program, stressed that "Cyber Storm III," which is expected to last three days, is "completely simulated."

"We're not attacking any real networks," Lambo told reporters. "We're not injecting any real malware."

The participants in the exercise will receive more than 1,500 "injects" of simulated events that they will have to react to as unknown adversaries seek to exploit known vulnerabilities in cyber infrastructure.

Potential consequences of the simulated attacks could include "loss of life and the crippling of critical government and private sector functions" such as communications networks and power grids, according to the DHS.

Lambo outlined the general scenario of the exercise for reporters at the high-security NCCIC facility in Arlington but was careful not to give away too much to avoid tipping off the participants.

"In Cyber Storm III, we're kind of using the Internet to attack itself," Lambo said, by compromising the system of encrypted digital certificates that verify identities on the Internet.

"At a certain point the operation of the Internet is reliant on trust -- knowing where you're going is where you're supposed to be," Lambo said.

"We're going to try to compromise that chain of trust by attacking something that's fundamental to the operation of the Internet," he said.

Lambo said the Pentagon and National Security Agency, the super secret US surveillance agency, were involved in the planning process for the exercise, which will be controlled from US Secret Service headquarters in Washington.

"They'll be arm and arm in the fight with us," he said.

Lambo said there were multiple goals for "Cyber Storm III," including evaluating information-sharing among the participants, assessing their preparedness and evaluating their response to the various threats.

Homeland Security Secretary Janet Napolitano said in a statement that "exercises like Cyber Storm III allow us build upon the significant progress we've made in responding to evolving cyber threats."

Randy Vickers, director of the US Computer Emergency Readiness Team, said "Cyber Storm III" will be the first meaningful test of the NCCIC center intended to bring together the various components of US cyber defenses.

"In the past we had bubbles of influence," Vickers told reporters in the NCCIC "watch room," which features five huge wall screens displaying threat data and other information in real-time and dozens of computer work stations.

"All of that has been integrated now into one room," he said.

Explore further: Twitpic to stay alive with new owner

add to favorites email to friend print save as pdf

Related Stories

Baker College wins cyber defense contest

Apr 24, 2008

Baker College of Flint, Mich., Texas A&M University and the University of Louisville have won top honors in the National Collegiate Cyber Defense Competition.

Top US cybersecurity official quits

Mar 07, 2009

A top US cybersecurity official has quit, complaining in a resignation letter obtained by Wired magazine that US cyber protection efforts are being dominated by the super-secret National Security Agency (NSA).

US senators call for cybersecurity czar

Apr 01, 2009

Two US senators introduced legislation on Wednesday aimed at creating a powerful national cybersecurity advisor who would report directly to the president.

Recommended for you

Facebook dressed down over 'real names' policy

Sep 17, 2014

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

Yelp to pay US fine for child privacy violation

Sep 17, 2014

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

LivaN
5 / 5 (1) Sep 28, 2010
What would happen if there were a real cyber attack during this Cyber Storm III test?
BillFox
not rated yet Sep 28, 2010
Does virtual reality confuse you? Of course not, you can see it's simulated.