Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Cyber Storm II Set To Begin

Posted by Soulskill on Sat Mar 08, 2008 08:15 AM
from the the-revenge dept.
Security Hardware Hacking Networking
mr sanjeev notes that Computerworld is running a story about Cyber Storm II, set to run from March 11th until the 14th. The exercise will test the security of the US, Australia, the UK, New Zealand, and Canada. The organizers' goals are to test preparedness and responsiveness in relation to real-time threats. The previous Cyber Storm test identified "eight specific areas in need of improvement." We recently discussed the details of the tests themselves. From Computerworld: "Security experts said the first Cyber Storm event last year improved participants' understanding of who to call in the event of an attack, but did not identify specific vulnerabilities in the nation's computer systems. 'What they're trying to do is highlight the inefficiencies in the process,' according to Marcus Sachs, deputy director with research group SRI International's Computer Science Laboratory. 'They're not really looking for technical solutions.'"
+ -
story

Related Stories

[+] Operation 'Cyber Storm' Starts Tomorrow 157 comments
cyberbian writes "Federal Computing Week reports that the Department of Homeland Security have moved up their rescheduled cyber security exercise, designed to test enterprise and private sector alike. The tests are expected to run from February 6-10, and are intended to gauge the state of readiness for a cyber attack on critical infrastructure. FCW also reports that the scope of the fake attacks will be global, and they are coordinating with partners in Australia, Canada and the UK."
[+] Details of Cyber Storm War Games Released 96 comments
I Don't Believe in Imaginary Property writes "Apparently, the participants in the U.S. 'Cyber Storm' war games are familiar with the Kobayashi Maru, because some of them tried to cheat by hacking the games themselves. They also prepare for some very interesting scenarios. Among other things, the organizers are worried about having too many people on the 'No Fly' list show up at an airport, finding 'mystery liquids' in the subway, and having bloggers reveal the classified location of railcars with hazardous materials. The Department of Homeland Security has already analyzed the results of the games, and plans to hold 'Cyber Storm 2' in March."
Submission: Australia, US engage in cyber warfare by mr sanjeev (1055384)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Cyber Storm II Set To Begin 36 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • pointless (Score:4, Interesting)

    by OffTheLip (636691) on Saturday March 08 2008, @08:35AM (#22686374)
    Why do I not feel like anything was learned from the previous go round "http://arstechnica.com/news.ars/post/20080306-pentagon-attack-last-june-stole-an-amazing-amount-of-data.html"
    • Yeah, we learned to invite China next time. Maybe that way they won't hire out their tweeners to hack our site in their downtime from gold farming in WoW

    • Re:pointless (Score:5, Insightful)

      by lunartik (94926) on Saturday March 08 2008, @02:06PM (#22687974) Homepage Journal
      Most commenters seem to miss the point of what they are doing. It doesn't sound like they are getting together and probing each others networks, or getting involved in this in very minute technical details (but they could be). That is not what these sorts of exercises are usually about. The article says that the first exercise "involved nine large IT firms, six electricity utility firms (generation transmission and grid operations) and two major airline carriers. "

      In fact, the article calls this a "hacking exercise" but says:

      A Cyber Storm report was released following the exercise in February last year which identified eight specific areas in need of improvement.

      These included better inter-agency coordination, the formation of a training and exercise program, increased coordination between those involved in cyber incidents, the development of a common framework for response and information access, as well as the development of a strategic communications and public relations plan.

      Security experts said the first Cyber Storm event last year improved participants' understanding of who to call in the event of an attack, but did not identify specific vulnerabilities in the nation's computer systems.
      What they were likely doing was role-playing major systems getting corrupted, altered or going off-line. There is a non-technical side to such an event that needs to be thought about and practiced. When a crisis happens, there will be a period of chaos, which you quickly need to get under control and then fix. Say you were an airline, and air traffic systems went out. What do you do with your planes? Your passengers? Who is your contact at the Federal government? Who do they report to? Who are they speaking for? What assistance can they provide? Who are your contacts at other airlines? Who is in charge of communicating with the airports? Does finance have money available to put passengers in hotels if necessary? Who in finance is can make those decisions? Who are your contacts at the hotels? What assistance will they provide? What are our plans for handling major schedule disruption? How long would it take to get the planes back online and normal service resumed?

      If the exercise tells you that your systems have been infiltrated, you could imagine similar questions raised.

      The idea is to get people thinking about what their specific role is and understanding it. We always told people there are no wrong answers, they are not graded. The facilitator guides the exercise and observes how well things go, and makes recommendations afterwards.
      • Well if you lose your flight, or can't get money from an ATM, or other such day to day activity stops, just think of all the good coming from these games.

        Where can I get rose colored glasses?
      • This is a fairly accurate representation of the Cyber Storm II exercise and well said. Technical folks often forget that there are other issues at a different level that have just as much validity in the preparation for and protection against such attacks. That is what this exercise is focused on.

    • Re:How did the first one help? (Score:5, Insightful)

      by PopeRatzo (965947) * on Saturday March 08 2008, @09:23AM (#22686550) Homepage Journal
      Friend, it's all a PR exercise. In the next seven months, we're going to be hearing about every possible type of attack. If you were to judge the state of the world by the media coverage in the coming months (thanks to a lazy, complicit press), you would think that every other human living on earth is a satanic terrorist, looking to kill your babies.

      History books will look back on our current confluence of Terrorism and War as a type of madness. It will judge harshly the weak-hearted "leaders" who used fear to govern.

      One thing, though: The past seven years has certainly changed my opinion of the Second Amendment. And I choose to extend the "right to bear arms" to the "cyber" type, including the best crypto I can find. Maybe not to use every day, but to keep for the inevitable.
      • Brief, to the point, and insightful. I wish I had mod points. Thanks!

      • Re: (Score:3, Insightful)

        by lunartik (94926)
        It is not a PR exercise (well, maybe it is, I haven't read TFA), these types of scenarios are used all the time for crisis testing. I used to help run part of a major multi-national's crisis team, and the main goal in table-topping various disaster scenarios is not to drum up some mass paranoia, or even to exercise more likely minor events. The goal is to come up with something large enough to involve all, or most, members of the team. Too often people are tasked with a crisis function on top of their "r

        • It is not a PR exercise (well, maybe it is, I haven't read TFA), these types of scenarios are used all the time for crisis testing.

          If it had nothing to do with PR, it wouldn't have even been mentioned to the press. When's the last time they reported on a fire drill or internal audit?

          • If it had nothing to do with PR, it wouldn't have even been mentioned to the press. When's the last time they reported on a fire drill or internal audit?
            I didn't say it has "nothing to do with PR," I said it wasn't a PR exercise. The article quotes politicians, who are of course looking for PR. The article has everything to do with PR. The actual exercise probably has very little to do with it.
      • Sir, there are plenty of hackers who are entirely motivated by greed. Most of those, probably have nightmares about being shot if they talk about what they do every day, that earns them good money without working hard. If they're the type who don't have nightmares then sir you should be worried. Those Are the type of people who Enjoy their work, breaking the law, and have no qualms about staying hush hush. It didn't take long for organized crime to realize the potential of the internet, and depending on

      • "One thing, though: The past seven years has certainly changed my opinion of the Second Amendment. And I choose to extend the "right to bear arms" to the "cyber" type, including the best crypto I can find. Maybe not to use every day, but to keep for the inevitable."

        Welcome to the "Right to Keep and Bear Arms" club. The way things are looking, we may need to use all the weapons in our arsenals to restore Constitutional government and defeat the ruling fascists.
        ~ RKBA

        • Welcome to the "Right to Keep and Bear Arms" club.


          Thank you, RKBA.

          I think the thing that made me take so long to realize the importance of the Right to Bear Arms was my lack of imagination when it comes to what "Arms" can mean.

          Living in a big city, it was easy for me to see why wider availability of cheap handguns might be a problem. Now that I look at "arms" more broadly, I can see the importance of that right.
  • In my Amiga 3000. [amiga.org] Was pretty cool, at the time.

  • Your mission (Score:3, Funny)

    by StarfishOne (756076) on Saturday March 08 2008, @09:29AM (#22686584)
    Your mission, if you choose to accept it, is to prevent certain military groups from sending sensitive information about Air Force One [slashdot.org].

  • Ready Set Go (Score:3, Funny)

    by sciop101 (583286) on Saturday March 08 2008, @10:04AM (#22686766)
    The call-lists are up-to-date. The start/stop dates are set. Did we forget anything?

    Our recent unknown intruder penetrated using the superuser account, giving him access to our whole system.

    LET THE GAMES BEGIN.

    I still feel I forgot something.

  • Will they... (Score:3, Informative)

    by another joe (1132353) on Saturday March 08 2008, @10:31AM (#22686908)
    ...invite these folks? http://www.cnn.com/2008/TECH/03/07/china.hackers/index.html [cnn.com] Never mind, they don't need an invite.
  • Everyone knows sequels suck, I'm waiting for the third edition.

  • The perfect date (Score:3, Interesting)

    by nurb432 (527695) on Saturday March 08 2008, @10:52AM (#22687020) Homepage Journal
    To do *real* break-ins. Yours might get lost in the noise of the 'test'.
  • OK, co-incidence but still annoying.
  • Could it make sense to hide some arbitrary data (string of random letters lets say), on a secured network, and give authorisation for anyone anywhere to attack this network, attempt to obtain the letters?

    First one to get the letters gets USD500 000; with an extra USD500 000 if they can describe how it was done sufficiently for other people to be able to reproduce these steps. (So, half a million for succeeding, half a million for communicating how they succeeded).
  • Every time I see articles about Cyberstorm it brings me back to the old Cyberstorm strategy games. I wish they still made those (or something similar).

    On a side note, if these games teach us anything it's that Cyberstorm 1 will have been a heckofalot better than 2 :)
  • If they break into a chorus of Moon River, something definitely got past the ring of protection.
  • At half past nine this morning we were actually running an exercise for a company of over a thousand people in London based on simultaneous bombs going off precisely at the railway stations where it happened this morning, so I still have the hairs on the back of my neck standing up right now.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.