Monday, September 18, 2006

Results of the Cyber Storm Exercise

The Cyber Storm exercise conducted in January "simulated a sophisticated cyber attack campaign through a series of scenarios directed at several critical infrastructure sectors. The intent of these scenarios was to highlight the interconnectedness of cyber systems with physical infrastructure and to exercise coordination and communication between the public and private sectors. Each scenario was developed with the assistance of industry experts and was executed in a closed and secure environment. Cyber Storm scenarios had three major adversarial objectives:

- To disrupt specifically targeted critical infrastructure through cyber attacks
- To hinder the governments' ability to respond to the cyber attacks
- To undermine public confidence in the governments' ability to provide and protect services
"

Seems like the results from the exercise are already available and among the major findings are related to :

- Interagency Coordination
- Contingency Planning, Risk Assessment, and Roles and Responsibilities
- Correlation of Multiple Incidents between Public and Private Sectors
- Training and Exercise Program
- Coordination Between Entities of Cyber Incidents
- Common Framework for Response and Information Access
- Strategic Communications and Public Relations Plan
- Improvement of Processes, Tools and Technology

Frontal attacks could rarely occur, as cyberterrorism by itself wouldn't need to interact with the critical infrastructure, it would abuse it, use it as platform. However, building confidence within the departments involved is as important as making them actually communicate with each other.

Go through a previous post on the Biggest Military Hacks of All Time in case you're interested in knowing more on specific cases related to both, direct and indirect attacks.

No comments:

Post a Comment