DHS release report on Operation Cyber Storm

Published 14 September 2006

DHS’s report on a large-scale simulated attack on U.S. government and critical infrastructure assets offers mixed results; no grades were assigned to specific performances, but the over-all impression is that the government’s — and industry’s — response to such an attcak could be much improved

In February 2006 DHS conducted a large-scale tabletop simulation, code-named Operation Cyber Storm, of a coordinated cyber attack on the U.S. government and critical infrastructure. The list of participants in the exercise was long and impressive: US-CERT, DHS Operation center, the National Cyber Response Coordination Group (NCRCG), the Intragency Incident Mnagement Group (IIMG), various ISACs from the transportation, energy, IT, and telecommunications sectors, and some 100 private sector companies, among them Microsoft and VeriSign.

Yesterday, DHS’s National Cyber Security Division (NCSD) released its report on the drill. As InforWorld’s Paul Roberts pointedly notes, “while no performance ‘grade’ was assigned, read between the lines of the public report and the term ‘Needs Improvement’ comes to mind.” Two examples:

* According to DHS, “observers noted that players had difficulty ascertaining what organizations and whom within those organizations to contact when there was no previously established relationship or pre-determined plans for response coordination and risk assessments/mitigation. There was a general recognition of the difficulties organizations faced when attempting to establish trust with unfamiliar organizations during time of crisis.”

* This, too: “The majority of players reported difficulty in identifying accurate and up-to-date sources of information. Multiple alerts on a single issue created confusion among players, making it difficult to

establish a single coordinated response. Players noted that the concept of a single point for information would enable a common framework for all to work from and likely increase effective response.”

Note that DHS also points out that just carrying out such a large scale private-public and multinational exercise allows the government to test policies, procedures, and communications should an actual attack occur. The drill also created vital contacts within the federal government and between private and public sector participants.

-read the Cyber Storm report at DHS Web site; see Paul Roberts’s InfoWorld report; and see OMB Watch comments

MORE: The delay in appointing an assistant secretary for cybersecurity at DHS may hinder the agency’s ability to fend off cyberattacks against the nation’s critical infrastructure, lawmakers suggested. In response, DHS undersecretary for preparedness, George Foresman, said his agency is in the final stages of reviewing the credentials of a “very qualified” individual and that the position is likely to be filled “very soon.” Report.