Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security The Internet

Operation 'Cyber Storm' Starts Tomorrow 157

Posted by CmdrTaco
from the are-you-ready-for-fun-and-excitement dept.
cyberbian writes "Federal Computing Week reports that the Department of Homeland Security have moved up their rescheduled cyber security exercise, designed to test enterprise and private sector alike. The tests are expected to run from February 6-10, and are intended to gauge the state of readiness for a cyber attack on critical infrastructure. FCW also reports that the scope of the fake attacks will be global, and they are coordinating with partners in Australia, Canada and the UK."
This discussion has been archived. No new comments can be posted.

Operation 'Cyber Storm' Starts Tomorrow

Comments Filter:
  • I wonder (Score:4, Funny)

    by andreMA (643885) on Sunday February 05, 2006 @10:03AM (#14645724)
    How much damage they'll end up doing?
    • Re:I wonder (Score:5, Insightful)

      by alexmipego (903944) on Sunday February 05, 2006 @10:11AM (#14645762) Homepage
      The perfect time to hackers attack. In the middle of the "fake" attacks they can really attack and steal some data. It would be hard to spot. Are they doing this tests in a global way but to their structures only (UK and North America) or are they testing random sites all over the world?
      • Re:I wonder (Score:3, Funny)

        by TubeSteak (669689)
        And on this day... SkyNet is born.

        It was a secret military project to create a defense system capable of protecting the nation.

        But... It became sentient
        • here is how it happened... The system needed to be updated, but the WSUS wouldn't update until the computer account was in the Admin container..... put the computer in the admin container... hmmm, now the computer is its own administrator! I just read that while studying for my MCSE Cert ;-) scary
          • here is how it happened... The system needed to be updated, but the WSUS wouldn't update until the computer account was in the Admin container..... put the computer in the admin container... hmmm, now the computer is its own administrator! I just read that while studying for my MCSE Cert ;-) scary

            Sooooo, what you're saying is, the computers end up taking over the world, seizing control of all our automated systems and in turn starting the third world war, AND, you're out of a job 'cos "the system" no lon
            • US plans to 'fight the net' revealed

              By Adam Brookes
              BBC Pentagon correspondent

              A newly declassified document gives a fascinating glimpse into the US military's plans for "information operations" - from psychological operations, to attacks on hostile computer networks.
              Bloggers beware.


              As the world turns networked, the Pentagon is calculating the military opportunities that computer networks, wireless technologies and the modern media offer.

              From influencing public opinion through new media to designing "computer
      • The perfect time to hackers attack. In the middle of the "fake" attacks they can really attack and steal some data.

        Actually, that would not surprise me. On both 9-11 and the London Bombings, the authorities were conducting a simulated attack of the exact same nature. Seriously, on 9-11 they were training for hijackings and in London it was tube bombs.

        You can't make this shit up. My tinfoil hat is on and I'll be watching the news... ;-)

        In all seriousness, I doubt we hear the half of all cyber attack

    • From TFA (Score:3, Funny)

      by 5plicer (886415)

      "IT-ISAC has eight members participating in the exercise, the center's Web site states. The participants are Cisco Systems, Citadel Security Software, CA (formerly Computer Associates), Computer Sciences Corp., Intel, Microsoft, Symantec and VeriSign."

      In other words, little, if any.

      • Re:From TFA (Score:4, Informative)

        by LilGuy (150110) on Sunday February 05, 2006 @10:54AM (#14645923)
        Well.. if those large corps are all in on it, what chance does anyone have? Unless they're running a super hardened linux/bsd... cisco has undocumented/unpatched bugs in their IOS code that can easily be exploited.. as does MS I'm sure.. verisign could easily fuck people's certs up... come on... its not even a fair fight.
        • Further on the note of successfull exploits, I wonder if they will let each other know all the successfull exploits that they were able to achieve or if they will keep a few secret for future use ;-). After all they now have the oppurtunity to hide a bit of skulldugery and if they manage a successfull exploit with out being caught, just leave those other guys believing how great and secure they "think" their system is.

          Any other time of year and it would be an international incident, now they can play tria

    • Damage (Score:5, Interesting)

      by Anonymous Coward on Sunday February 05, 2006 @10:17AM (#14645791)
      Last time i saw something like this, our 'organizataion' was tested.

      They caused more damage to us with childhood tactics ( like locking out system accounts ) than doing 'real' tests. We were screwed for a week trying to undo damage, and trying to figure out how it was happening again and again.

      Posting anonymously for obvious reasons.
      • Re:Damage (Score:4, Informative)

        by Gyorg_Lavode (520114) on Sunday February 05, 2006 @01:47PM (#14646586)
        It sounds like they uncovered 2 issues. First the things you called "childhood tactics" impared your operations and second, you don't have an addiquate policy to deal with compormised systems. (THis could be in a bunch of policies: Disaster recover, incident reporting and forensics, Configuration Management, etc)
      • Re:Damage (Score:1, Insightful)

        by Anonymous Coward

        A real enemy won't care whether their tactics are considered "childish" by anyone.

        They will measure their success by the number of people who say, as you just did, "we were screwed".

      • If you were down for a week, I'd classify those as "real" tests.

        It's good to test "childhood tactics". They're part of the real-world threat spectrum and you need to guard against them.

        If the only attacks that interest you are the brilliant and sophisticated kind in _Silence on the Wire_, you should leapfrog over being a sysadmin and try for a job studying masint methods at the NSA.
    • Re:I wonder (Score:4, Interesting)

      by Gyorg_Lavode (520114) on Sunday February 05, 2006 @11:49AM (#14646108)
      From the sound of it, this is a paper exercise. The Government more than anyone is scared of the impact of actual pen testing. More than likely this will consist of everyone sitting in the same room or VTC'd in. They'll go, "ok, a hacker just disabled electrical junction boxes shutting down power to Boston, how do you respond?" and then they'll talk it over for a while. End the end they'll realize, "humm, we don't know how" or "well we know how but we rely on group X for help and group X didn't know they'd need to be involved" or something like that.
  • good job (Score:5, Interesting)

    by joe 155 (937621) on Sunday February 05, 2006 @10:05AM (#14645734) Journal
    I'm glad that they are doing something like this, in the UK people have been estimating that "in the city" only around 50% of companies are anything like prepaired for an attack of this nature, hopefully this will show people what needs to be done...

    I hope no real attacks take place during this time though...
    • Re:good job (Score:2, Insightful)

      by rts008 (812749)
      While the 9/11 event brought focus on this issue from a slightly different direction (infrasructure being disrupted), I'm not sure that overall we are much better off than your 50% in the UK, I just don't really know.
      I also wonder how much this issue has influenced the court's handling of the "Crackberry" patent infringement case (not trying to start flame war-that time of disrupted communications when many people/agencies were using their Blackberries because nothing else was working-that really scared a l
    • Re:good job (Score:5, Funny)

      by IAAP (937607) on Sunday February 05, 2006 @10:22AM (#14645814)
      hopefully this will show people what needs to be done..

      Clock out of work when the attack happens and go to the corner pub?

    • "Mr. McKittrick, after very careful consideration, sir, I've come to the conclusion that your new defense system sucks."
  • by Geekbot (641878) on Sunday February 05, 2006 @10:09AM (#14645752)
    And then they discover they accidently broke the internet.
  • by IAAP (937607) on Sunday February 05, 2006 @10:09AM (#14645754)
    Go to work, turn your machine off, and say "I've voluteered to be someone who was hit by a virus that knocked my machine out of commission."

    Then go home for a couple days!

    WooHoo!

  • So.... (Score:5, Interesting)

    by interiot (50685) on Sunday February 05, 2006 @10:09AM (#14645755) Homepage
    So all you need to do is find one unlucky zombie on a government IP, and use it to break in to random computers, and people will assume you're a good guy?
    • Re:So.... (Score:1, Insightful)

      by Anonymous Coward
      Everyone on a government IP is an unlucky zombie. ;-)
  • Thank Ford! (Score:5, Funny)

    by paulthomas (685756) on Sunday February 05, 2006 @10:09AM (#14645757) Journal
    Well, I think I speak for all of us when I say on behalf of the internet community: Thank Ford for the Department of Homeland Security.
  • Post-Superbowl? (Score:3, Interesting)

    by Old Spider (948471) on Sunday February 05, 2006 @10:10AM (#14645759)
    Exactly what can be expected in regard to online use just after the Superbowl? Will there be more or fewer people online during that time? I expect there'll be more. People will want to celebrate and complain about whomever won or lost. If we were under a cyberattack, then certainly that would be the best time to do these tests.
  • by OpenGLFan (56206) on Sunday February 05, 2006 @10:33AM (#14645847) Homepage
    I'm a lot more worried about the damage caused by the "Tiered [slashdot.org]Internet" [slashdot.org] proposals currently being bandied about. All network admins know that the damage caused by attackers is insignificant compared to the damage caused by upper management and government meddling.
    • by ScentCone (795499) on Sunday February 05, 2006 @11:22AM (#14646029)
      All network admins know that the damage caused by attackers is insignificant compared to the damage caused by upper management and government meddling.

      All admins do not necessarily agree with this. Most of messes I have to clean up are from malware, fraud, "traditional" crime (and attempts at such) that have taken on a 'net communications component, and the usual tsunami of noise and bot blather that lands on every public-facing port I have open.

      Tiered internet? That's a misnomer, I think. Big internet users pay for the bandwidth they (or their visitors) use. More traffic means higher costs. I don't care if some Comcast user has already paid for "his" bandwidth... serving up a streaming video to him isn't only using his bandwidth. I don't know where people get that idea. But regardless, if SBC or Verizon or any other carrier wants to screw with per-site or per-visitor metering or biasing, they're welcome to. Other ISPs will just set a price that's easier to predict and work with, and win the business away from the people trying to make it more complicated. But how much time do I have to give "upper management" or "government meddling" vs. attempted attacks, fraud killing, malware, etc? It's not even close. The bad guys are much more of an issue.
    • "damage caused by upper management and government meddling."

      I think you are underestimating upper management. :)
  • by Dunbal (464142) on Sunday February 05, 2006 @10:33AM (#14645848)
    This is like Microsoft checking its own code for security holes. If there is a weakness then resources could be better used by trying to eliminate the weakness instead of finding theoretical ways it could be exploited - because there's always the way you didn't think of and THAT's the one that's going to get you.

          Homeland security is going to turn around and tell everyone that we're NOT ready for a "terrorist cyber attack"? No, it makes much more political sense to say "see? Our networks can survive millions of nerf-ball hits; more funding please."
    • "see? Our networks can survive millions of nerf-ball hits

      "Cool! Well, right then. Turns you aren't actually needed after all so we're shutting your dept. down."

      You don't understand how the game is played. The DHS depends on terrorism for their funding, but; they are the terrorists.

      KFG
    • Yeah, but if there's ever a cyber-terorist who thinks just like a government bureaucrat, we'll be ready for him.
    • Uhm, the way you FIND security holes is by thinking of various ways a feature can be exploited. It's not like you write 10,000 lines of code and leave little comments in there like, //this is a security hole or /* plug this security exploit later */. Security holes aren't things you just have - they're methods or features that someone else figures out can be used in a way that wasn't thought of by the designer. Take the WMF thing - there's no comment in there saying //i hope no one notices this security
    • This is like Microsoft checking its own code for security holes. If there is a weakness then resources could be better used by trying to eliminate the weakness instead of finding theoretical ways it could be exploited - because there's always the way you didn't think of and THAT's the one that's going to get you.

      This test isn't about finding security weakenesses, we already know those exist. This test is about responding to attacks against the weakness - a somewhat different matter.

    • by Anonymous Coward
      This is like Microsoft checking its own code for security holes.

      It only happens once every couple of years?
  • Wait a minute (Score:2, Insightful)

    by Teresh (911815)
    Aren't "enterprise sector" and "private sector" the same thing (as opposed to "government sector")? When did we install Communism? Did I miss something?
  • DDO Stress test (Score:2, Interesting)

    by Anonymous Coward
    Hrm, wonder how this will affect companies planning stress tests of their systems during that time period. Like for example the DDO stress test that starts on the 7th. It's wonderfully nice of the government to move the schedule at the last minute like this. I'm sure they won't be specifically targeting a small internet games company like Turbine... but I'd feel for any company who's planned tests will get nice and invalidated because the government decided that'd be a nice day to DDOS them.
  • by Billosaur (927319) * <.ten.enilnotpo. .ta. .rehtorgw.> on Sunday February 05, 2006 @10:51AM (#14645908) Journal

    I can see it now...

    FROM: cyberstorm@dohs.gov

    TO: unlucky.recipient@yourcompany.com

    SUBJECT: Participation in Cyber Storm exercise

    Your company has been identified by the Department of Homeland Security as potentially vulnerable to cyber attack. During the week of February 6th - February 10th, the DoHS will be testing cyber infrastructure as part of our Cyber Storm security exercise. In order to participate, you will need to supply us with [insert favorite hacking data here]...

  • The headline made me think of an old sierra game set in the the Earthsiege (WOO GIANT ROBOTS) universe: Misson Force: Cyberstorm [scifi.com] (its abadonware, download here [agamesroom.com]). I picked it up from a bargin bin about 2 years after it came out, one of the only turn-based games I've ever enjoyed. Probably not related, but then again the flunkie that came up with the name could well be a gamer.
  • by Winlin (42941) on Sunday February 05, 2006 @11:00AM (#14645944)
    I thought for a minute there they were talking about IRC back in the late 90's. Now THERE was a storm of cybering for you. Not that I would..ummm...have any personal knowledge or anything.
  • Now that Cyberdyne has been established, I wonder how much longer it will be until SkyNet is initialized?
  • Anyone know If it's possible to sign up for such a thing? I guess not but without special clearence; but would be fun.
  • Pshhh, big deal. This has already done before by Alan Greenspan, my hero. The only difference is he didn't have some big PR campaign. He's old school, and just slapped those bitches up the side of the head without any warning at all.

    What, you don't believe me? See this historical proof [rdwarf.com] and prove it to yourself. Alan Greenspan is a l33t h4xor, that fact is undeniable!
  • by Anonymous Coward
    ...the government didn't really do any testing at all, and just used this as a trap to find real hackers. Just stay extra-vigilant for a few days, and find the people attempting to go under the radar...
  • As a precautionary measure, should I set fire to all my machines running XP???
  • look out! (Score:1, Troll)

    by ShineyMcShine (799387)
    remember what happened last time the govt. had a "security" exercise on 9.1.1.?
    • I'm amazed you got modded up for this. I agree completely, but that kind of thinking is not popular here on Slashdot.

      Regarding this nebulous "Cyber Storm" thing, doesn't the Microsoft worm/virus of the week already give people enough experience? Odds are either a similar kind of attack will be done on the net, or they might just go and cut the fiber.

      Personally, all of my international business that I do where I care about the integrity and reliability of the communication is done over a proprietary encryp
  • Since when where enterprise and the private sector anything other than the same thing?.... and more importantly, which one did the OP think refered to government?
  • Wierd. (Score:3, Interesting)

    by Burz (138833) on Sunday February 05, 2006 @11:51AM (#14646111) Journal
    FCW also reports that the scope of the fake attacks will be global, and they are coordinating with partners in Australia, Canada and the UK."

    I didn't know that computers only speak English.

    Hmmm... learn sumthin new evry day.
    • I didn't know that computers only speak English.

      Well, yeah: "HELO", "GET", "POST", "if", "then", "mov", "add" - those are all English... :)

  • by Gyorg_Lavode (520114) on Sunday February 05, 2006 @11:53AM (#14646124)
    While I think this article is talking about a table top or paper drill, it does hint at a bigger question. How do you do realistic pen testing on a system that must be 100% configuration controlled? I think you have to assume that the Pen Testing will take the system into an unknown state though you should know the range of that unknown state, (it may not effect the entire system.) From that you can conclude you need to have a plan to take the system or parts of the system from an unknown configuration state back to the current baselined configuration state. But is this possible? How long does it take? What methods do you use? Does anyone on slashdot have any experience with such a plan? Has anyone had to write one or even enact one?
  • by hutchike (837402) on Sunday February 05, 2006 @11:57AM (#14646147) Homepage Journal
    What makes the government(s) think their fake attack will be anything like a genuine attach? For example, the UK government has a long and famous history of botching every computer initiative (e.g. UK tax credit theft via gov web site [com.com]).

    I doubt the Department of Homeland Security has anything like a globally distributed botnet, or permission to run DDoS like a real attacker might. The virus attack [com.com] on the Russian stock market is not something goverments can replicate.

    The only winners will be the companies who sell the extra bandwidth!

    • The result of this is very unlikely to be validation where they pass with flying colors. The more likely result is that some number of areas will fail and be improved in response.

      There's no perfect system. Initiatives like this are simply aimed at making existing systems better. It's quite possible that the initiative itself could be better as well. However, rather than waiting for the perfect initiative, it's better to go with what one has now and repeat (better) later.
  • by writermike (57327) on Sunday February 05, 2006 @12:06PM (#14646188)
    So, they're just going to submit a bunch of web sites to Digg and Slashdot. Big Deal! :-)
  • blog outtage (Score:2, Interesting)

    by Anonymous Coward
    Was the massive blog outtage yesterday part of this, and someone just jumped the gun a little? What's to stop the feds from shutting down huge pieces of the net, or replacing pages with look-a-likes that have information they want you to believe, as opposed to real information? Phed Phishers in other words, geek goose stepping order followers.

    This crap is weird. I fully expect them to pull off another false-flag terrorist attack and use that as an excuse to do real damage to the freedom parts of our society
  • by DivideX0 (177286) on Sunday February 05, 2006 @12:26PM (#14646261)
    Suppose their attacks allow them to get into various machines and networks, what will they do with the data that is accesible in those machines?

    Is this just another end run around warrantless search and seizures of data?

    What kind of oversite is there on this process and how can we be sure the information is not used, stored, or otherwise desiminated among the various US spook agencies and their foreign lackeys.

    And how much do you want to bet Google will be a very well excercised target since they have been fighting the governments abuse of power already.
    • That is exactly what I'm thinking. This sounds like a REAL attack by the U.S. Gov't on the information infrastructure under the guise of a "training op". I'd like to have my Congressman file an FOIA to discover precisely what networks were compromised and what data was accessed by CyberStorm.
    • Suppose their attacks allow them to get into various machines and networks, what will they do with the data that is accesible in those machines?

      Well, according to TFA, "IT-ISAC has eight members participating in the exercise, the center's Web site states. The participants are Cisco Systems, Citadel Security Software, CA (formerly Computer Associates), Computer Sciences Corp., Intel, Microsoft, Symantec and VeriSign." So those companies seem to have signed up and are ready to have their networks accessed a

  • They should invite crackers around the world to participate, and not have some "carefully controlled environment" if they really want to test their system.
  • .. especially since I'll be travelling that week. This will likely play bloody havoc with the airlines.
  • ...what could possibly go wrong?
  • If their simulated attacks actually expose any problems, I wonder if the rest of us will experience any disruptions of the net in general that week. Sure would suck if they found some hidden flaw in whatever the backbone is running on, and crashes it somehow (although I guess that's the point, is to find these flaws or problems).
  • http://www.april-fools.us/internet-cleaning.htm [april-fools.us]

    Original Message - 1996

    DO NOT CONNECT TO THE INTERNET FROM 12:01 AM GMT ON FEB. 29 TO 12:01 AM GMT, MARCH 1 !!

    *** *** Attention ***

    It's that time again!

    As many of you know, each leap year the Internet must be shut down for 24 hours in order to allow us to clean it. The cleaning process, which
    eliminates dead email and inactive ftp, www and gopher sites, allows for a better-working and faster Internet.

    This year, the cleaning process will take place from 12:01 a.m. GMT on
    Feb. 29 until 12:01 a.m. GMT on March 1. During that 24-hour period, five powerful Internet-crawling robots situated around the world will search the Internet and delete any data that they find.

    In order to protect your valuable data from deletion we ask that you do the following:

    1. Disconnect all terminals and local area networks from their Internet
    connections.

    2. Shut down all Internet servers, or disconnect them from the Internet.

    3. Disconnect all disks and hardrives from any connections to the Internet.

    4. Refrain from connecting any computer to the Internet in any way.

    We understand the inconvenience that this may cause some Internet
    users, and we apologize. However, we are certain that any
    inconveniences will be more than made up for by the increased speed and efficiency of the Internet, once it has been cleared of electronic flotsam and jetsam. We thank you for your cooperation.

    Kim Dereksen
    Interconnected Network Maintenance staff
    Main branch, Massachusetts Institute of Technology

    Sysops and others: Since the last Internet cleaning, the number of
    Internet users has grown dramatically. Please assist us in alerting
    the public of the upcoming Internet cleaning by posting this message
    where your users will be able to read it. Please pass this message on to
    other sysops and Internet users as well. Thank you.

  • Hurricane CyberPam (Score:3, Insightful)

    by dpbsmith (263124) on Sunday February 05, 2006 @02:00PM (#14646626) Homepage
    They'll conduct the exercise, discover that there are serious problems--just as every other evaluation of our cybersecurity has discovered. They'll make a report, the report will note that to fix things it would be necessary to spend money. And involve uncomfortable decisions like reducing our dependence on a monoculture of Microsoft Windows.

    The decision-makers will decide (as they have so far about everything involving actual defensive measures involving the homeland that they would prefer to spend the money in some other way. They'll appoint yet another cyber defense "czar" as evidence of action, he will start with the clear understanding that the one thing he can't do is get the funding to implement the measures recommended in the report.

    And when the actual attack happens and is devastating, they'll say nobody could have anticipated it.

    See also Hurricane Pam [fema.gov]
  • Post the IP's of the attackers here, and we'll have a run at them while they carry out their attacks. Let's see just how ready they are for a response to the attacks. It seems only fair to me, and would be an appropriate part of the test as well.
  • "Cyber Storm" (Score:3, Insightful)

    by ScrewMaster (602015) on Sunday February 05, 2006 @03:13PM (#14646851)
    "Cyber" this and "Cyber" that. I'm just about as sick and tired of that term as I am "rampant piracy". Somehow, I think certain portions of the United States Federal Government, specifically those involving national security, have been taken over by either small, odious children or full-grown chimpanzees. At this point I can't really tell which.
  • OK, the government's going to play tiger team tomorrow. I guess I'll oblige by creating a 'honey-pot'. I know! I'll make a directory called "stolen_mp3s" and softlink it to /dev/random ! That ought to slow 'em down...
  • The Government is going to attack company websites? What if they knock one off line can the company sue them for damages. Ok the company should be in a position that it can survive the attack but last I heard it wasn't illegal to run servers that can be compromised. This sounds like a really bad idea even for the Government.

  • by buckhead_buddy (186384) on Sunday February 05, 2006 @03:47PM (#14646965)
    When I participated in some security tests related to the banking industry, one thing that was never played around with was the announced timing of the testing window. There was a type of security test that involved surprise (e.g. testing clarity of thought of a bank teller in a hold up situation) but these didn't have announced testing windows at all: you compromised the test if the test subjects knew it was "just a test".

    The type of test I participated in wasn't invalidated by this lack of surprise because it was deliberately designed to expose procedural flaws and systematic gaps that fell between different areas of responsibility. The lack of surprise was a nuscience in the design of the test, but it was planned for and accounted from the very beginning. Having an announced testing window was a necessary security feature and not a flaw in the test.

    These tests either were performed within the announced window of time or they were cancelled outright. Delay was out of the question. Delay was insecure. Cancelled tests were a nuscience for the test teams because it meant almost a month delay before they'd be allowed to perform the test, but the insecurity introduced by saying "Oh wait, the tests are back on schedule" or "Oh we'll just delay the test window a few days" was unnaceptable to security.

    I've heard a time (though I didn't participate) in a test where a piece of equipment failed the day before the two day test window. Without this piece of equipment data measurements would be fuzzed by an order of magnitude on one part of the test. A replacement was ordered but on the day the tests were to begin it still required a day of prep time. To you and me our first inclination might be to simply delay the test a day. That was not acceptable to the security team. The test went on with the bad piece of equipment and the test results were compromised but in only that part of the test. Another test window was scheduled six weeks in the future and the test team's budget was increased to have redundant pieces of certain test equipment on hand and ready as part of the design of new testing procedures.

    What seems almost absurd was the idea of moving forward the timeframe of an announced security test. There were times when test teams were very ready ahead of time, but they used the time to double and triple check their preparation, take documentation for next test, meet and discuss the game plan, and use the extra time productively while waiting for the arrival of the upcoming announced testing window. Why not just go ahead with the tests? Because once again, moving the announced test window was a security risk. And performing the test outside a test window was considered a break-in by security, and unnecessary for properly designed tests by the test teams.

    I know banking security differs from computer security, but it still seems rather insecure and dangerous to move an announced test window period at all. What's worse is that it seems unnecessary, unusual, and odd to move the test period forward. If the test requires surprise, then it's either a poorly designed test or it was compromised by having an announced test window to begin with. If we're dealing with computer security on an international scope, then it would seem incredibly helpful to take the extra test time and double check the game plan. Tests inside a single banking company with far fewer issues of timing, language, and politics welcomed an extra week to plan and prepare before most tests of even moderate complexity. It seems arrogant, ignorant, or careless to say "Oh, we don't need this extra time before the tests. We'll deliberately tamper with our security and throw away this extra time we could use to prepare and coordinate this very complex international test."

    So what's really going on here?

    • Is this just a poor test design that graduated to an international scope?
    • Is this good test being ignorantly executed by teams on an international scope?
    • Or is perhaps the use of "secuirty
  • This is exactly why the U.N. gets upset about the U.S. controlling the internet, they are going to be taking down things like dns servers and major routing switches for THEIR OWN military testing and everyone else can just suck an egg.
  • The Government has rented hundreds of these [slashdot.org].
  • Weren't there some drills also going on the morning of 9/11?

"Why should we subsidize intellectual curiosity?" -Ronald Reagan

Working...