Operation 'Cyber Storm' Starts Tomorrow

cyberbian writes "Federal Computing Week reports that the Department of Homeland Security have moved up their rescheduled cyber security exercise, designed to test enterprise and private sector alike. The tests are expected to run from February 6-10, and are intended to gauge the state of readiness for a cyber attack on critical infrastructure. FCW also reports that the scope of the fake attacks will be global, and they are coordinating with partners in Australia, Canada and the UK."

Re:I wonder

[alexmipego]

The perfect time to hackers attack. In the middle of the "fake" attacks they can really attack and steal some data. It would be hard to spot. Are they doing this tests in a global way but to their structures only (UK and North America) or are they testing random sites all over the world?

Re:good job

[rts008]

While the 9/11 event brought focus on this issue from a slightly different direction (infrasructure being disrupted), I'm not sure that overall we are much better off than your 50% in the UK, I just don't really know.
I also wonder how much this issue has influenced the court's handling of the "Crackberry" patent infringement case (not trying to start flame war-that time of disrupted communications when many people/agencies were using their Blackberries because nothing else was working-that really scared a lot of people, and made rescue work less efficient due to hobbled comm's)

Hopefully Feb. 11th headlines won't be:
Psuedo-CyberTerrorists pwn DHS

More worrisome threats

[OpenGLFan]

I'm a lot more worried about the damage caused by the "Tiered [slashdot.org]Internet" [slashdot.org] proposals currently being bandied about. All network admins know that the damage caused by attackers is insignificant compared to the damage caused by upper management and government meddling.

Wait a minute

[Teresh]

Aren't "enterprise sector" and "private sector" the same thing (as opposed to "government sector")? When did we install Communism? Did I miss something?

Re:Wait a minute

[Daniel Dvorkin]

Not communism, but capitalist oligarchism. "Enterprise sector" is the Fortune 500 that can buy politicians to manipulate the market to their ends. "Private sector" is everyone else, competing on an increasingly tilted playing field. Hope this clears things up.

Re:I wonder

[ultranova]

This sounds much more like learning how to attact than learning how to defend.

In Neoconservative America, attack is defense !

Goverments can't hack it

[hutchike]

What makes the government(s) think their fake attack will be anything like a genuine attach? For example, the UK government has a long and famous history of botching every computer initiative (e.g. UK tax credit theft via gov web site [com.com]).

I doubt the Department of Homeland Security has anything like a globally distributed botnet, or permission to run DDoS like a real attacker might. The virus attack [com.com] on the Russian stock market is not something goverments can replicate.

The only winners will be the companies who sell the extra bandwidth!

What about the information gathered???

[DivideX0]

Suppose their attacks allow them to get into various machines and networks, what will they do with the data that is accesible in those machines?

Is this just another end run around warrantless search and seizures of data?

What kind of oversite is there on this process and how can we be sure the information is not used, stored, or otherwise desiminated among the various US spook agencies and their foreign lackeys.

And how much do you want to bet Google will be a very well excercised target since they have been fighting the governments abuse of power already.

Hurricane CyberPam

[dpbsmith]

They'll conduct the exercise, discover that there are serious problems--just as every other evaluation of our cybersecurity has discovered. They'll make a report, the report will note that to fix things it would be necessary to spend money. And involve uncomfortable decisions like reducing our dependence on a monoculture of Microsoft Windows.

The decision-makers will decide (as they have so far about everything involving actual defensive measures involving the homeland that they would prefer to spend the money in some other way. They'll appoint yet another cyber defense "czar" as evidence of action, he will start with the clear understanding that the one thing he can't do is get the funding to implement the measures recommended in the report.

And when the actual attack happens and is devastating, they'll say nobody could have anticipated it.

See also Hurricane Pam [fema.gov]

Insanity Re:Call For A Red

[n54]

And people wonder about the existence of crazed fundamentalists in the middle east? We have the exact same kind of mentally unbalanced (or damaged) people in the west as presented on behalf of Webster Griffin Tarpley by the Anonymous Coward parent poster.

"The Mohammed cartoons are a transparent provocation by NATO intelligence through a Danish right wing newspaper of limited circulation."
I'm sure that makes much more sense to the conspiracists than the issue as put forward by both the original publisher (making a point against self-censorship by the media on muslim issues) as well as the outbursts of support by other newspapers and magazines all over europe (and even in Jordan and Egypt!) and international press organisations correctly coming to the defence of freedom of speech.

If people like Webster Griffin Tarpley had a few more firing synapses they would instead speculate about the following peculiarities:
- the original publishing happened last year in september, there was zero international outcry at that point in time (only local danish discussion on the topic between civilized muslims and the rest)
- yesterdays burning of embassies in Syria is extremely unlikely to have happened without the approval of the brutal Syrian Baath-party dictatorship. Violent destruction of embassies would normally be regarded as a declaration of war as it's the sovereign domain of whatever country the embassy belongs to
- todays attacks on embassies in Beirut, Lebanon was in all likelihood initiated by people who ideologically are extremely closely related to Syria, if not also directly related to them (Hamas-supporters)
- the Beirut attacks very quickly shifted focus onto attacks on Lebanese christians and christian churches, so quickly as to make it likely that the inital attacks were a cover for trying to reinflame the unrest in Lebanon
- Norwegian imams as well as other western islamic representatives are urging for calm, non-violence, as well as against the hijacking of the issue by islamic extremists (most muslims are intelligent rational people and have nothing in common with the extremist rabble)
- there has been next to none, or at least extremely small levels, of muslim outcry on the issue in Norway (I'm a norwegian btw). In general I would say norwegian muslims are better integrated into society (through no small effort of the muslims themselves as should be expected) than danish ones although we of course have issues in Norway too. I live next door to the oldest mosque in Norway (and a very pretty one imo) and have had enough muslim friends and aquaintances both in Norway and South East Asia to feel confident in saying this
- respect for the prophet Mohammed is one thing, the prohibition against depiction in Islam actually isn't specifically about the prophet Mohammed but about all living things and intended to discourage idolatory! (might want to read http://news.bbc.co.uk/1/hi/world/middle_east/46782 20.stm [bbc.co.uk]). By the logic of the extremist pseudo-muslims any picture or photograph should be equally protested but instead they actually break the intentions of Islam in their idolatry of the prophet Mohammed and sadly as such (in my personal opinon) showing how Islam is falling into the same trap as those "christians" who idolate Jesus Christ as a replacement of God.

But no, instead of all the above Webster Griffin Tarpley concocts paranoid delusions based on ignorance of how NATO even works and is structured (all NATO decisions are made by unanimous approval of all members). The level of idiocy required to hold the opinions of the AC is the same as that which is required to claim Denmark and other scandinavian countries are ruled by "Zionists" as some middle east government representators have said... lol

--
this additional sig includes a portrait of Mohammed in support of freedom of expression, feel free to reproduce it

Your tinfoil hat is on a bit too tight

[Infonaut]

Suppose their attacks allow them to get into various machines and networks, what will they do with the data that is accesible in those machines?

Well, according to TFA, "IT-ISAC has eight members participating in the exercise, the center's Web site states. The participants are Cisco Systems, Citadel Security Software, CA (formerly Computer Associates), Computer Sciences Corp., Intel, Microsoft, Symantec and VeriSign." So those companies seem to have signed up and are ready to have their networks accessed as part of the excercise. In the absence of evidence to the contrary, your supposition is groundless.

Is this just another end run around warrantless search and seizures of data?

If you were going to attempt to grab all sorts of data, would you publicize it and bring in several nongovernment participants? It seems that bringing in so many actors and making it all public would violate several of the tenets of Black Helicopter Ops 101.

What kind of oversite is there on this process and how can we be sure the information is not used, stored, or otherwise desiminated among the various US spook agencies and their foreign lackeys.

In the House of Representantives, the House Committee on Homeland Security [wikipedia.org] provides oversight. In the Senate, the Senate Committee on Homeland Security and Governmental Affairs [wikipedia.org] provides oversight.

And how much do you want to bet Google will be a very well excercised target since they have been fighting the governments abuse of power already.

Google is fighting a subpoena from the Department of Justice. If you think that the Department of Homeland Security automagically does the bidding of the DOJ, you've obviously never worked in government. The people at DHS aren't morons, and though the structure of the organization almost guarantees incompetence, I doubt they would be so stupid as to "target" Google in this exercise.

Re:So....

[Anonymous Coward]

Everyone on a government IP is an unlucky zombie. ;-)

"Cyber Storm"

[ScrewMaster]

"Cyber" this and "Cyber" that. I'm just about as sick and tired of that term as I am "rampant piracy". Somehow, I think certain portions of the United States Federal Government, specifically those involving national security, have been taken over by either small, odious children or full-grown chimpanzees. At this point I can't really tell which.

Re:Damage

[Anonymous Coward]

A real enemy won't care whether their tactics are considered "childish" by anyone.

They will measure their success by the number of people who say, as you just did, "we were screwed".