Thursday, September 14, 2006

DHS Releases Cyber Storm Report

Via Infoworld Tech Watch -

The U.S. Department of Homeland Security (DHS) released its public findings from Operation Cyber Storm, a large-scale tabletop simulation of a coordinated cyber attack on the government and critical infrastructure that was held in February, 2006.

The exercise involved US-CERT, the Homeland Security Operation center as well as the National Cyber Response Coordination Group (NCRCG) and the Intragency Incident Mnagement Group (IIMG), various ISACs from the transportation, energy, IT and telecommunications sectors, and 100 private sector companies including Microsoft and VeriSign.

The report was released by DHS's National Cyber Security Division (NCSD) Wednesday and while no performance "grade" was assigned, read between the lines of the public report and the term "Needs Improvement" comes to mind.


The exercise simulated a large-scale cyber campaign that disrupts multiple critical infrastructure, as well as simulated "physical demonstrations and distrubances" to test the ability of government to respond to multiple incidents simultaneously, even when its not clear that the events are related (read: 9/11).

So how'd our government do? Not so well.



In a way, I am glad the government didn't "pass with flying colors". This leads me to believe that the test was created to truly challenge the departments and response teams. Like any DR test, the first one is almost always a total write-off. Lets just make sure we do what we need to do...and we do better next time.

No comments:

Post a Comment