[ISN] Cyberexercise shows need for better training to avoid major network failures

From: InfoSec News (alerts@private)
Date: Fri Mar 14 2008 - 00:51:32 PST


Forwarded from: William Knowles <wk (at) c4i.org>

http://www.govexec.com/story_page.cfm?articleid=39524

By Jill R. Aitoro
Govexec.com
March 13, 2008

Workers operating networks supporting the nation's critical 
infrastructure such as telecommunications and transportation need better 
training on how to manage backup systems in case cyberattacks take down 
main systems, said a top Homeland Security Department official Thursday.

That's one of the lessons learned during a DHS simulation of a 
large-scale coordinated cyberattack on the nation's infrastructure 
networks. The exercise, called Cyber Storm II, ends Friday, and DHS 
plans to release an after-action report this summer.

Cyber Storm II builds on the lessons learned in the first Cyber Storm in 
February 2006. Most information security experts considered that 
exercise a wakeup call to government to improve the security of critical 
networks. Recommendations issued after the first Cyber Storm included 
improving contingency plans, better and more frequent training programs 
and a more detailed view of the nation's IT architecture, the 
improvements of which were theoretically tested in Cyber Storm II.

Cyber Storm II, the largest such exercise ever organized, kicked off 
Monday with five countries, 18 federal agencies, nine states and more 
than 40 private-sector companies participating. The exercise's players 
received "injects" that simulated potential threats launched through 
e-mails, phone, faxes, Web sites and in-person contacts. Participants 
were expected to implement crisis response systems and follow policies 
and procedures to deal with the attacks and determine which were false 
alarms and which were legitimate.

"This is not scripted," said Greg Garcia, assistant secretary for 
cybersecurity and communications at DHS, during a press briefing. 
"Players are not aware of what's coming at them next... . The volume and 
sophistication of attacks has strained some of the best and brightest, 
which is just what this exercise is meant to do."

DHS officials declined to comment on the specifics of the results. But 
they said that the kinds of scenarios participants faced included 
damaged phone lines, Internet failures, which tested the backup 
capabilities that enabled continued communication, and access to 
critical information during a crisis.

"We've learned some lessons," said Robert Jamison, undersecretary of the 
National Protection and Programs Directorate at DHS. "We spend a lot of 
time working on redundancy capabilities" that help eliminate single 
points of system failure. "While it all worked, there continues to be a 
need to train people in those capabilities."

Participating in the original Cyber Storm were 12 federal agencies, 
three states and 24 private sector companies. Cyber Storm II tested the 
degree of coordination among a larger group of participants, and it 
incorporated simulations of current, more sophisticated threats - 
including various types of 'botnets,' which use malicious code to run 
coordinated system attacks, phishing attempts that trick users into 
providing system access and denial of service attacks that can shut down 
a system.

Most Cyber Storm II participants responded to scenarios from their 
regular working locations using standard channels of communications, 
though the primary control center, or "brain" of the exercise, was 
located in a conference room at the U.S. Secret Service headquarters in 
Washington. Areas of the room are divided into sections, with each 
representing a different industry sector: chemical, telecommunications, 
state and local government, among others. The groups collaborate to 
combat cyberattacks that cut across sectors.

"The challenge is mirroring the real problem," said James Lewis, 
director of the technology and public policy program at the Center for 
Strategic and International Studies. "If this happened in real life, 
there would be 100 people you'd have to talk to right away, and you 
might not have the 100 people that represent the correct groups present 
and active during Cyber Storm II. It's a matter of making sure the game 
reflects the real problem, which is an issue of coordination, not 
technology. If solving the problem largely involves walking from [one 
side] of a room [to] another, that's not the real world ... . That said, 
it's still good. Before, DHS didn't know how to do tests, and now 
they're learning."

DHS will immediately begin the analysis that will appear in the 
after-action report this summer, with lessons learned incorporated into 
procedures and the long-term Cyber Initiative under development, Jamison 
said.



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Fri Mar 14 2008 - 01:12:18 PST