Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Simulated IT Attacks Reveal Response Flaws



 By: Matt Hines
2006-09-13
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Simulated IT Attacks Reveal Response Flaws
  2. ' Internal Communication Needs to '

Rate This Article:
Poor Best
Simulated IT Attacks Reveal Response Flaws
( Page 1 of 2 )

The Department of Homeland Security's Cyber Storm IT security exercise found problems and some strengths in the United States' ability to respond to simulated attacks on electronic infrastructure.

The U.S. Department of Homeland Security issued the results of its Cyber Storm exercise on Sept. 13, highlighting areas where the government and private organizations must improve their responsiveness to emerging IT-related threats.

The agency release a 23-page report on the findings of the simulated IT attack, labeled by Homeland Security leaders as "the largest and most complex multinational, government-led cyber exercise to examine response, coordination and recovery mechanisms to a simulated cyber event."

The test found that major issues remain with the communication between public and private sector organizations in the face of attacks on IT infrastructure, and in those groups ability to piece together information to understand the scope of distributed threats. But the exercise does also contend that progress in improving those details is already being made.

The Cyber Storm test was launched to help gauge the information-sharing capabilities and IT attack readiness of government branches on the federal, state and local level. Also part of the study was those groups abilities to cooperate with foreign nations and private sector organizations in the event of a major attack or natural disaster.

Resource Library:

Carried out over Feb. 6-10, 2006, by the National Cyber Security Division of the DoHS, the agency said Cyber Storm was meant to provide participants with a controlled environment in which they could simulate the coordination that would be necessary during a cyber-related incident of national significance, such as an attack on the infrastructure supporting the nations Internet operations or a natural disaster like Hurricane Katrina.

Funded by the federal government and mandated by Congress, the test included over 100 public and private organizations at over 60 locations in five countries that collaborated as they would in the case of such a crisis.

The exercise was meant to recreate the conditions an attack or disaster could have on operations related to the nations energy, IT, transportation and telecommunications sectors.

In a conference call with the media, Homeland Security leaders said the event was a success in arming the nation with real-world information regarding organizations ability to work together.

"In many ways, this exercise was designed to push the system to the maximum edge. That allows you to identify our greatest points of vulnerability, and were fundamentally working to update and take lessons from Cyber Storm and Katrina and look at how we can improve coordination," said Andy Purdy, acting director of the National Cyber Security Division at the U.S. Department of Homeland Security.

Hackers cash in on hijacked PCs. Click here to read more.

"We learned tangible lessons that were turning into progress every day; if results had been perfect wed know that the test wasnt designed properly. This is a maturing process."

Parties involved in the test staged primary cyber-attacks targeting the energy, transportation and IT/telecommunications sectors that were intended to disrupt certain elements of critical infrastructure.

The attacks were meant to touch off potentially "cascading effects" within other elements of the United States and participating countries economic, social and governmental structures.

Some of the attacks in the exercise were aimed specifically at disrupting government operations that would be used to respond to a cyber-threat in the name of undermining public confidence in those entities.

Next Page: Internal communication needs to get better.





  Reader Comments: Simulated IT Attacks Reveal Response Flaws
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}ks㶲*Q3CO#d[eXVi)SIV˭_zPq2DFh4{$KW7-gDڮ9)ٟfߧG-I}ݻ@@eZNULrJԶnT7n[#3P/W!׫L|Nშ bH %cjAM&#{Fm_&2F\3Ѣfb ^Pk$ȁ_Mܦ%yH#LERNȏmH|׶cַ0>t@ߨVANÉ,}!*{:|DJ%hʏᐨ1"|x\'gOг{/PQ~X?خq4]"X'[vBBP#"F\ςmݻ`$fRvGn(Gd`jĤNR-XD2M*-fӁk)ux55\`p)jPX6{n_w$z(֝z$]+~daSCqHl6XpaR5=~b[>4p\.ܪn?AW}=-:Ѝ<8(jIHU 61c p==\'{tX!.Gyӝfؖqwh ݱJZUQ bP);?Wcm9G 2w7wFyRV5MQݫu? ?uh;XCRCvUS_sܶ:]r޹!gOfY; i OfɗV:['^=:$~~z>5401\]Z-Jjgd:M2'Sdp*g3^tǷP[,7r$BFrF~DX*,>JAͼ94o o$NE ;@:9]sڊfCt-n #dLh&ϬZh-@ho*KLr5&@Sk~$M \sΚb.L2o4x)mR—U/(AK/- 5f>]R${3BDȽ`g/3A.r)#t`o8{ØWX\E< [&zlNTVʒ0Wb{(QO .uFfyFםn?n}8^%gk,]ev"JB0.qjۛZ|_)Ab/*rkhc2ud8԰< &} aO> 5٤6'4}t>჎$ticšh/@7h`CZ=҉& Ѐ`Ah>[W <{  0&ԟr!FAтMz>kI-ߟL=s#08wɽ5 <Qҁ4}aqjS? !Tgx3=w= | o ߣ5#z[-[X6x G͙A }R|'sZ( 7^`3z""D% T h4A'EENNA7w$]I+TbD8JnOu$]#J"ڹLX*QY,p[/ ͙JRd0U Q򍜈="`&Qea*0pRx5Vn/Zb٦By^I${!\YU!=j36NfCZӡ3#O߄#fkp6X"@@7wL)mT.mT^Χީ;i6E;܎gt .fMH NǮXct+@Zl&VUmTHbzq 0b=ћO9pJ.,]{>Z].-*5eGjHKk8&MI8` ʵLuzh< VвO[|{tqj )݅Yk;kH %1Iڏ9&_G5 k^ˣ6Wеm!2躢΍9 X):i[,~ ɯ¹5j1|*j0&B$V0l^p~kьN4:E809N܁el*I-b]Pr)RLZ06Aae呯^txOFM@X 2$6/Pk 0!/P\Q-W0.#_L_LU1(TOnQE^~vVKŴ谢Ԙy}Rː 0gted-흧 IR-frheU-UjR9_VrTG"MO!prɵ>gw%eXY81f-10kE /ÊTU5ݧ+i fB1&} ldAX~\U4Uud¹`Qеa=ECV0& H*7hІ{egjڳP twPJ vG>k-4f{F;dE.:WԲ'**5P6>*09Nf~kkJ$X  c4}5:*jAe߯Y+^t m(5#c #2pgrh)hgj*8UoF* ϛ=G$1*@7Z 3e4 "lGIpR|=N^7gz_EnMsU-yFxw"Y@*V_guO vr?n216<^uUJ`|,4̩,FlؤκVsl,On?RL5sݿyj=z{'q7g@dC-sC dK30ާ' Yn:AjAy̧`꙯\fC5}tNNyT!"kq(n| #حwDN${}'̍oe?f#ÄonթrVgHWtČerN-×?iq* ҧ2Q&OB8Jh-[r_A~V0u^Ac#ȫͦ'0(j'#O7)~ }$DC9m4^RTP]\H#UX)TԒP/YTYAɂ]AӀM\r8khs%p}/O&PFzMʇq4I#⩬yF0.ƗskgG̦:zfS6{%]M茻l\!L#̞úe$i`\&LXu Z:LT)wOLJZZ$|p`Ftwe2qyh7(۞jMi@h#&w|}}Fr@*5]*{ seG\0R,W1<ʢ'r]N6._-Jvq *s>P YɷonjCSXp| ^?KXXD`R=.aǰ^P(k㘘o_?81@ EE@j}ߵ?% ?/l8)F:~J]w)hlsՓ#|:Z&?eF&fB, F8oI1擸3Q("׍{醿z>l F[$;r:mݸyߺ_xv.;71l]5$1^Z`&1MqzuU4)$eq~|hq\3nmǛ&L=\=0KwD!mM@ }ܜ5o8`LBX5c-ɅHgZM⪱=C٠lk8 V!ڗ.4|YQ$ a"afAZ|jeԉ8%4 \(1O[bt#1݇%N1{LEl'iiQ-uфyjtJ1SB_GoIM21Bwyn xqf='st97X16q=wv"ϓ{~\[ ("[ uoV8i?{i9niamUZx J}~Nl/t2D(jySa{wȪ̅SۋNgS^q,<&ilځ{-3(#{F޸_2{K7K{ U4 2UCnuk-Ǭ§u,'i/!IVܱS,*_1;lV6֊ v™)[ꈧ Wך|eb֚KKLBI|pIM{fr+ (? ܻ'Vxe[b[0| ttb9J{~>ːu9#^‚r {m\W&Br<v\wgud#sN H(˳! > 0q~d ChE^+%W+GE@hYmޤx?Sڌ,JHlF ".;Jᰪ$wm[9)n o)rGl**5PG)ѐs֏a#q tE|kMf\z/{GtnPUVO-dtD"P,,E8(" BDHS2 C}WE߀%PR o'2H{:ś)+=FtR @H's3?旀8[EC# aɜФK[LWb$HHv3MRY{ҩ;M7f7`sJE Iav00$/`B_VuqK)RϡJ9oĚTIn˚WG.҉SIHZzI8o«ҸJofÌח4JOt(` ,I @Q1.0' i#7mTMǢ8tBX?!JOr۬^3 wb$Uٖ/>%]kruK׽sg4t=$kReLDgt{A; $TCD,"Q6uEOOHI3:)nˏؗ/ynb&]Xws ]@f51y)FBhRvྖic߉J*8SQ^*°zq7777#Hc}Ҵ)ÒRz2 +,_V0@yG..D> _?0QXs A[u-9%vq "茛Ka= %rf5=kDD %ᗗ$TBߒ^ٌP Ȇl:>:뺍FMfӗavA-`iyC$D @$ "!(0ܫkD3^ޒ犯%0BOoHkWd=:Q!0\]ĽX4WZϦʲۉ%^yC_޲ @ Cb;Ufg@8 3rMRNvxj ; 1&] +d#]HV@məӁWMu; nTy sM#€.jkp[RaImnyPKPy7777WC)͇bO-#Տ,/>BAK-ta^ڰhGN} 9a}-ݻ|ַi1Ԓ0̞˛kNm*YkEx<+pHx]<#?^!v{}73" mC=ƥvMC#fIA_n=ܱ*G\AFhR|4CƣE vX¾>au]gQ"]x;32FNUHeo|eCEέQ}]ɟU8{긑yђ8h6ޱ~ `wC780"3BO!@ /u79<£Yg{[_J¾͇XazsңVKr]ܳyş-tz;6ڔql;mOk")DŽF_|w]+5N73a`2z+sMuP!iM/&k1Z[cȚLHj~ж}A˽=V4y mY[`}XCEj>*췱gyN{MmV)KjhkKqfljDG`lïnJif-eĚRa+I錃qlroT g&ef)3hνko(C85?}32^ڋm8j|`2ZNړm!N`{AX ђ,#;Ћ痨2dODxo~˶㸛|67fc`GȺvxh/TfZPhs| =ՇfTnnX};i>8;Hm^ϱ_tEw=&Lam ߣ^Y?`PǸn3ۅɻy+/:1q0Ga1/X%]sB~&S t'8~/%&>y|`'㷈!DCঀ_~X*H jBvxwz%PxXV]{F9-( ݩr~[P8M-%8겆&:Ba{D0‡“.WG*׶'^tkg]D `=%0mgΈ+A#샒=%hJ!,q(Ds)G?:-{VAXz-WD9DNE07vy񡏷B`8(ĒI o /(_Z6D' \sj41![rc%5ET(jE<=G/ {uZxeL<^^AFc+S}*5fL/7P;qU6'a<::BMDcENTBhfxkp76767/3#66j=!v \7j=!v'֦v̈́x|W@O[jkwfhDPU쵹֝UȓPc-* ;,G@Z:;lA{R?d_j~R.gI*A4`C"iR%26ZX+(%\OC;MOZՔV-`{dEZ0/#h(k[#ۏ`zҧEkɽn=/=w6TҊj9s0)΃Rta ehd9_K>HP*$;&>ߒ|t|[͖C0UzpW}־; IKk)qN $ؕ"+^Rc"Wc -yz29QFrF'+vl"]%MwKTwof|LI-g::qˋ{^n9z.z{̎-Yql[.04%nc\Xp,E"Na8TJo[ J=9|lZϝb }Tbt8DvʹUh9!mF(phti 4&G[vD!1 \TbЭB1˪M;InP}sY?e=` ' 2u/x߾[!VU'ruY&>_E_-ϳi:&_+ ާ wA>po4xSPʕU+%=sӨ~sـj#E~:tdH5~^P߲ԓG)׀"xBW7 elNh$~b ~"uFf."T( u'`fCuIf׼颇U 5k u)Cߑ7ŕM媄VQhvAG 'lI<R+/- [zqe]|VZ؟ ްno9fkH s 3j7W]P)`#u~̀ ZV)F2*mGM=/7.nrl%[ք aNJ,1IA!5R"&:5,ǰglFLNөZՂASu%ߺHA W|8s =J<rN9 D:èb) PeEt037 j![C P71js# h_vG&4`M]Xg- .E.Ӈ;q8=qWiN +fɻS:rtT(ʁ2|{` f> c7[7ΥiEZ<& .ycI 8^yN4xXXE oX61B`3W VjE)OBӾRs] U8|iG^|#:,4ꟉeM &JZ! `xZNrdhz?{ISko;w9Ph\__~& 7&~<޴{9i^vnp4>Nt>v?7^~ny0cQlR_d,g:KFYn2;eFq('MB*rԗ,xe^%Lqx&0̟D^wRv QW~4ab_E)o4]-Zq-ƫx]bMɩkfhw>1M/G}*4]V0.8SDny#fn2(( FFy;g@fF)/?g=>V~Z_:[g_+?ϴ2VnFg(_fٮ66og33ӆ3lgg(W2/"P63a|2 *C~`2Ưw2dN~kx: BB2/(_3*}'ߧ BmV9mBf_ryrָƅ)IFy)W?RErXB]gBy>++P/Үw2 : ?3_u3 NV&/Yr]!,.5PUZk /Yݲq M {}h}0^ZE/JlR0AQq. 3l?V\[[,Oнۺ{' Jݓs+z`~Hc1پWߕ\~UnE+t"LXE)9 8i@AD4kp'oeybnARXf1>?&vt{r@Kn]99#rӚܴO]&ŭhg?>/ydֺWWVWlNA6KրE>YپGhO D,y e%Hi_1[2y>`Y)W8#~y̞^ Uxd٤V`l}Tq8 j5&pN!3J81|fZ gqJq`FCn-3@j:} m̹~o#uoHn:H墦 V˕R;~O;aq@Dd$5ɪ"+Uw9 ط]V++b`" *s>P`26UJ` z!J1 4c֭dK_c(wL"׏ ёx;fMdWe",d 'æȗp^Wv,P@0~Y8P*`!K؞.F^$zsq-ߟ:iǤK4l&Klɜ]k'bB']3WLi;Ìs,aރzxmV=ȾwF=CY%x-ȷ:ѧ^]F4\șP=wPp.^Ǻ(|3˸ [2FlX jXJr l;9!Vɱz?]`soR:=d.^Z" (luy9M"hzwxk,0' ,[i0% x&50)]bi׌/[ҦLZI֠}փD#iZ#Xnƀ_h_n=,N7"foݝSw5(x[~]@8>qoq o6Nώ{;Y9kVwhy-g"d`{`,]˄]%' ಓH_c'cE.'<"4N_K˙=JxEg =O4a0'VbgHIأ_BDOvvF;0|F+`!zw$>}T.q 5sEEבE,&JhӄZ{JfBZ}M(~w霰)#,|H𵝦N뚱Lt:v>kuoA[ f&}c⢖«U/="2cX (5H(KESXNA}F垓$gg_5b Fy&b3@tgQl)VxRD=)KPRJVr.Q ?`n47Tx/ē_| 3.u,sDϒezLU"zʴ៶:Dl3%Yz'Oޒ{־( ;C/'R`uOW]Q'aJ׼t{%!Ү\)Vb%pCV{f:ePfEXtl'aW5`/=H^s(n)ZF1tVB\ (at!L/Qa˟]챺Wqٮ7G,cݰ+`jk7D]EtA;=kv{ksc&igNbk:*φŀpVs6W=?5zlvjsx}vu2^GB Ln3m^^kti( aaXbyx ŧ$NS?|:T+ `Ðy6#xL ꟭eTUA$摝7y@ƦI:1q09TVs0v*b(1lS24K_hj*JlxTȉY0oǝF6̈́ В^&Ůvbe}7)