March 14, 2008 10:21 AM PDT

Homeland Security 'Cyber Storm' simulates crisis

Posted by Anne Broache

At U.S. Secret Service headquarters, numerous companies, and state and international government offices this week, computer security types have been forced to fend off hundreds of potentially crippling cyberattacks.

No need to worry, though--at least this time around, no actual networks were harmed in the process.

It was all part of the Department of Homeland Security's second iteration of Cyber Storm. The weeklong, congressionally mandated exercise is designed to test the readiness of government and business officials if confronted by cyberthreats to critical networked services, from transportation systems to the electrical grid to chemical plants.

This time around, the mock attack involved officials from 18 federal government agencies, four foreign countries (Australia, Canada, New Zealand, and the United Kingdom), nine states, and more than 40 companies (among them: McAfee, Microsoft, Cisco, Dow Chemical Company, Juniper Networks, and Wachovia).

Homeland Security is hailing the exercise as the largest-ever simulation of its kind, with a significant uptick in the number of "incidents" lobbed at participants. That may be true, but since it's also only the second such activity of its kind, it seems only logical that its scale would grow over time.

Participants this year have had to contend with nearly 2,000 "injects," ranging from hacker intrusions and amped-up denial-of-service attacks, with intentionally misleading intelligence information thrown in just to make things even more difficult, according to DHS officials' interviews in other published reports.

Cyber Storm I, which played out over a week in February 2006, involved seven federal agencies, more than 30 companies, and the same five countries. At the time, it was called the "most complex multinational, cross-sector cyber exercise to date" and involved coordination among people in 60 different physical locations.

A fairly general report on Cyber Storm I (PDF) spotlighted a number of remaining challenges, such as an insufficient number of "technical experts" on board to decipher loads of information pouring in; difficulties figuring who to call within organizations to seek help during crises; and lack of a "triage" plan for cyber incidents.

But we probably won't know for quite awhile exactly what the Cyber Storm II exercise looked like or how well the responses to incidents held up.

After all, it wasn't until nearly two years after Cyber Storm I that the Associated Press was able to obtain a portion of heavily censored internal files that shed some light on the scenarios. Fake catastrophes ranged from downed New York seaport computers, to bloggers revealing locations of railcars with hazardous materials, to airport control tower disruptions in Philadelphia and Chicago.