http://canadafreepress.com/index.php/article/1649 By Joshua Hill Canada Free Press January 31, 2008 The AP described it as a really bad day, but that somewhat understates the magnitude of it all. It, of course, refers to the Cyber Storm war game that the US Government held early in 2006, in an attempt to gauge the necessary reaction and requisite skills of the games participants. If anyone has seen the 1983 movie War Games starring a very young Matthew Broderick, then multiply that by 10 and youll begin to get close to just what it was the US Government sicked on to the willing participants. The Homeland Security Department ran the exercise to test the nations hacker defenses, with help from the State Department, Pentagon, Justice Department, CIA, National Security Agency and others. Those others, included government officials from the United States, England, Canada, Australia and New Zealand and executives from leading technology and transportation companies. The simulated attacks consisted of everything imaginable: Washingtons metro trains being shut down. New Yorks seaport computers going dark. Bloggers revealing the locations of secret railcars containing hazardous materials (its always the bloggers!). Airport control towers disrupted at Philadelphia and Chicago. A mysterious liquid found on Londons subway. Planes flying too close to the White House, and more. In short, the test was to throw everything at the players to see what they could handle, in an attempt to simulate as much public panic as possible. They point out where your expectations of your capabilities may be overstated, Homeland Security Secretary Michael Chertoff told the AP. They may reveal to you things you havent thought about. Its a good way of testing that youre going to do the job the way you think you were. Its the difference between doing drills and doing a scrimmage. ?We want to stress these players, said Jeffrey Wright, the former Cyber Storm director for the Homeland Security Department. None of the players took 100 percent of the correct, right actions. If they had, we wouldnt have done our job as planners. And the results arent overly encouraging to be honest. No one took home the 100% as mentioned, and companies and governments were said to have worked successfully only in some cases. But key players didnt understand the role of the premier U.S. organization responsible for fending off major cyber attacks, called the National Cyber Response Coordination Group, and it didnt have enough technical experts. Also, the sheer number of mock attacks complicated defensive efforts. One last thing though, in proof that a geeks ego is much bigger than anyone else youve ever met; the geeks struck back! Or tried too at least. Apparently, according to the 328 heavily censored pages that were turned over to the AP, somebody or someones attacked the computers that was being used to conduct the exercise. Any time you get a group of (information technology) experts together, theres always a desire, Lets show them what we can do,? said George Foresman, a former senior Homeland Security official who oversaw Cyber Storm. Whether its intent was embarrassment or a prank, we had to temper the enthusiasm of the players. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Jan 31 2008 - 23:34:18 PST