Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Comments: 64 +-   DHS Publishes Report on Operation Cyberstorm on Wednesday September 13 2006, @06:20PM

Posted by ScuttleMonkey on Wednesday September 13 2006, @06:20PM
from the blind-leading-the-blind dept.
security
usa
uniquebydegrees writes "InfoWorld reports that the Department of Homeland Security has released the findings of Operation Cyber Storm, a large-scale simulation of combined cyber-physical attacks on U.S. critical infrastructure. From the article: 'According to DHS, "observers noted that players had difficulty ascertaining what organizations and whom within those organizations to contact when there was no previously established relationship or pre-determined plans for response coordination and risk assessments/mitigation. There was a general recognition of the difficulties organizations faced when attempting to establish trust with unfamiliar organizations during time of crisis."'"
story

Related Stories

This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

DHS Publishes Report on Operation Cyberstorm 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Translated from bureaucrat to English (Score:5, Funny)

    by Tackhead (54550) on Wednesday September 13 2006, @06:23PM (#16100245)
    Bureaucrat:

    > "observers noted that players had difficulty ascertaining what organizations and whom within those organizations to contact when there was no previously established relationship or pre-determined plans for response coordination and risk assessments/mitigation. There was a general recognition of the difficulties organizations faced when attempting to establish trust with unfamiliar organizations during time of crisis."

    English:

    "Situation Normal, All Fucked Up."

    • "We're all hopelessly paranoid, making trust impossible, and rigidly stratified, making flexible response or communication impossible, oh and so totally self-centered that the mere notion of cooperation causes outbreaks of hives".


      Come to think of it, that's what your translation says, too.

      • you forgot 'Needs more funding for conclusive results'. Go bureaucracy!
        • And this one's a classic:

          > "Clarifying roles and responsibilities across government, and clearly articulating expectations between public and private sectors will enable the advancement of processes and communications architecture to support the development and maintenance of situational awareness across sectors.

          Here's the translation: We don't know who is going to do what, or how they are going to do it. So, we need a study (which will be done after the election and the campaign contributions are

      • We're all hopelessly paranoid, making trust impossible, and rigidly stratified, making flexible response or communication impossible, oh and so totally self-centered that the mere notion of cooperation causes outbreaks of hives

        Hello, FBI? Mid-level functionary from FEMA here. Nasty computer virus we're having, eh? Yeah, I haven't had power for a week either ... no, I can't get money out of the bank machine either. But the good news is that the price of bread is down to ten cigarettes here in Wichita ...
        • STU III [fas.org] is your friend in these situations. No authorized key, no communication. Which means that if your inter-department phones are STU III-grade, then you technically don't need to know who is on the other end, you only need to know that the keys are solely provided to authorized people. Everything else can be inferred through your normal web of trust.

          ...They do have a web of trust, right...?

          • From that page, the manufacturing contract is guaranteed through 1999. Guess the DHS is screwed.

    • "Situation Normal, All Fucked Up."

      DHS: they're not Really Ready [livejournal.com] for anything, are they?

    • I have been involved in disaster management for 15 years. As a ham radio operator (and appointed emergency coordinator) we perform emergency drills. My crew goes out of it's way to throw monkey wrenches into the drill. While FEMA (under DHS) and some of the local agencies are not up to the task, there are people who are there. Todd Bordeaux N7TWF
      • As a ham radio operator...My crew goes out of it's way to throw monkey wrenches into the drill

        So you install BPL in the area?

  • Sounds Interesting (Score:3, Interesting)

    by susano_otter (123650) on Wednesday September 13 2006, @06:27PM (#16100266) Homepage
    At least according to the blurb, it sounds like the organizations involved will probably be working on ways to communicate with each other better in times of crisis, probably by developing trust relationships ahead of time.

    Assuming that's the case, it's exactly the kind of improvements we should expect to see from government agencies: identifying weaknesses, and working to eliminate them.

    So, kudos to DHS, and may they successfully apply the lessons learned from this exercise.

    • Re:Sounds Interesting (Score:4, Funny)

      by Jeremiah Cornelius (137) on Wednesday September 13 2006, @06:29PM (#16100279) Homepage Journal
      I don't want an effective Secret Police.

      It wasn't what the U.S. signed on for in 1776 or 1789.

      • Re:Sounds Interesting (Score:4, Interesting)

        by susano_otter (123650) on Wednesday September 13 2006, @06:40PM (#16100321) Homepage
        Actually, I think there's a lot of merit to the philosophy of "ineffective government". And it's definitely the case that the system of government we signed up for was designed to be as ineffective as possible without being completely useless.

        However, in so far as we have government at all, I would prefer that it was able to act effectively in times of crisis.

        I mean, think how much better off we'd be if FEMA, the State of Louisiana, and the City of New Orleans had thought to work out trust relationships and clear contingency plans and handoff of responsibilities, prior to the arrival of a giant fucking hurricane, yeah?

        Besides, America has probably the most un-secret "secret police" of any nation in the world (unprovable conspiracy theories aside).

        Also, the article isn't about the "secret police", but about the woefully feeble capabilities of government infrastructure agencies in general, to survive and recover from "cyber" attacks. You might want to save your "secret police" objections for an article about actual "secret police".

        • Re: (Score:2, Insightful)

          by jamstar7 (694492)

          Actually, I think there's a lot of merit to the philosophy of "ineffective government". And it's definitely the case that the system of government we signed up for was designed to be as ineffective as possible without being completely useless.

          I wholeheartedly agree. The Founders knew what they were talking about when they insisted on keeping the Federal government relatively weak and ineffective. They had a severe distrust of centralised power, and with good reason. They'd just won a revolution from a

          • "What's wrong with the local authorities, the people closest to the 'action' calling the shots? "

            there are probably untrained to assertain a priority to recovery.
            You need experts. You also need the local politicians to scream, yell, point, and gather attention of the media and point out every single problem you run into to focus responisbility on FEMA.

            In New Orleans there wan't anyone on the ground capable to call the shots.

            • Re: (Score:2, Insightful)

              by jamstar7 (694492)

              "What's wrong with the local authorities, the people closest to the 'action' calling the shots? "

              there are probably untrained to assertain a priority to recovery.

              This training only exists at a Federal level?

              You need experts. You also need the local politicians to scream, yell, point, and gather attention of the media and point out every single problem you run into to focus responisbility on FEMA.

              These experts only exist on a Federal level? And aren't a lot of our problems due to the tendency of every

          • Decentralization only works if there is good communication between the various parts that make up the whole.

            According to this article, the chief lesson of the exercise was that the different parts did not communicate effectively in times of crisis, and that this put the whole at risk.

            The recommendation, then, is to improve communication between the separate parts, not to centralize their functions.
      • It wasn't what the U.S. signed on for in 1776 or 1789.

        Yeah, but look at what you've got: a government that is basing its whole policy on "security" and asking "are we more secure?" "Do you feel more secure?" "Would the other party be able to make you feel as secure as we do?"

        It's like they've forgotten what that statue in New York Harbour is named.

        And like they've forgotten what some radical left-wing terrorist-sympathizer said: "Is life so dear, or peace so sweet, as to be bought at the price of warren
    • That's something an agency PR person would say!
      • That's something an agency PR person would say!
        Then, on the principle that anyone who denies being a Templar must surely be a Templar, I will say nothing more of the matter, but leave it up to you to judge the issue on its merits rather than your prejudices.
    • Don't worry. If there's one thing our government is really good at, it's taking the best, most carefully thought out plans and turning them into a complete disaster when it comes to implementation.

      If there's a second thing our government is really good at, it's debating the best, most carefully thought out plans until the next election, then completely forgetting about the whole thing.
      • Being of an optomistic and cheerful turn of mind, and at the same time having a realistic opinion of man's flawed nature, I happen to think these characteristics of our government as features rather than bugs.

  • Parsing error. Does not compute. (Score:3, Interesting)

    by Kesch (943326) on Wednesday September 13 2006, @06:50PM (#16100370)
    FTFA:
    As DHS points out, just by carrying off such a large scale private-public and multinational exercise creates allows the government to test policies, procedures and communications should an actual attack occur.


    This, combined with the submitter's bad line:
    a large-scale simulation of combined cyber-physical attacks on U.S. critical infrastructure


    Honestly, what's with all hyphenated oxymorons? Normally I'm not a Grammar Nazi, but it feels like the left-right side of my grammar center just got a swift kick in the nuts.

    Finally, I found it funny that at the bottom of TFA they had links such as "Digg this!"
    However, they also had a "Slashdot this!"

    To which I reply. "You keep using that word, I do not think it means what you think it means."
    • Honestly, what's with all hyphenated oxymorons? Normally I'm not a Grammar Nazi, but it feels like the left-right side of my grammar center just got a swift kick in the nuts.

      They're called compound adjectives and if you actually were a Grammar Nazi, you'd know that.

      • The terms "private-public" and "cyber-physical" are not compound adjectives... or at least not proper ones. A proper compound adjective is one in which one adjective gives additional meaning or clarification to the other one; the hyphen is added to show the reader that the words do not independently modify the noun. In this case, one adjective directly contradicts the other one, thus, they can neither independently modify the noun nor modify each other. This construction makes no sense. If I wrote somet

  • I presume I wasn't the only one who misread... (Score:4, Funny)

    by the_tsi (19767) on Wednesday September 13 2006, @06:54PM (#16100392)
    "DHS Publishes Report on Operation Cybertron"

    The terrorists are after our energon cubes.

  • How am I supposed to be surprised? (Score:5, Insightful)

    by cultrhetor (961872) on Wednesday September 13 2006, @06:54PM (#16100395) Journal
    The FBI can't even get a modern computer to the majority of it's employees. FEMA "misallocated" (read: got suckered out of mucho money) more money than Bill Gates can come up with. DOT engineers have to fill out fifteen forms to receive a box of pencils. The IRS has to rely on outside collection agencies to retrieve back taxes. Veterans' benefits have been slashed - by a government - which claims to support our troops - creating more disabled veterans because of a war we had no business fighting (Iraq). The federal deficit is in the trillions, yet we cut taxes. How the hell am I supposed to be surprised that they can't maintain computer system security?
  • Sometimes it helps to simplify.
  • It may be too late at this point but can we please ban the word "[cC]yber" from use in the U.S. government? This can go for any other stupid, vague, technology fantasy land word as well. This kind of nomenclature just helps make us look like ignorant idiots the world over. Not that we needed it in that department.

  • DHS Press Release (Score:3, Informative)

    by Anonymous Coward on Wednesday September 13 2006, @06:57PM (#16100405)
    Link to the actual DHS press release: http://www.dhs.gov/dhspublic/display?content=5431/ [dhs.gov]
  • Rather surprising to me that TFA does not cite or link to the source of the quotes at all.

    Could somebody please post this, if it exists?

  • program seriously when it has the word "Cyber" in it. Sure, I realize that the original Terminator was a Cyberdyne Systems Series 800 Model 101, and that sounded really cool at the time. It doesn't anymore. They need to find another prefix for their project names.
  • ... run in circles, scream and shout.

    So everything's normal then?

  • All one needs is 10-30k machines ddosing the root name servers for 2-5 days. Positive conclusions my ASS.
    • Actually the DNS root servers are a fairly resiliant target.

      The reason is that their data is so small - only about 250 names, the whole thing compresses down to less than 20K bytes - that it is well cached (and privately replicated.)

      I've traced root server queries and most sites that don't reboot their resolvers will generate usually no more than a few hundred queries to the roots per month. If root servers stopped responding, most people would live out of their ISP's resolver caches for a long time, many
  • Government spends money inefficiently.

    Let's analyze the sentence. First, Government...not the people, not corporations, not monkeys, just government. Second, spends money. Not saves money, not earns money, spends it. That's what they do. Third, inefficiently. Poorly, wastefully, full of fraud waste and abuse. Is anyone surprised that the government spent billions setting up DHS, updating NSAT&T's computers, creating huge bureaucracies, hundreds of new policies, etc., and none of it works?
  • Here's a link to the Operationg Cyberstorm Report [dhs.gov] on the DHS web site.
    • The sample scenario gave me a chuckle.

      Hackers are supposed to hammer a HIPAA data to hold medical authorities to ransom - which of course in the scenario they 'beat off'. Yay for the good guys.

      In reality of course they'd slip in, copy the details of anyone with a particularly embarassing illness, then blackmail THEM to stop release of the data. In reality the government probably wouldn't have a clue.

      If this is indicative of the general standard of 'Cyber Storm' they need more help in understanding the

  • anyone can lookup a netblock with arin.net

    then simply call the phone number of the network owner.

    that is easy.

    the government is so caught up in buying expensive shit to solve non-existant problems, they have forgotten basic net troubleshooting.

  • It is the nature of both military and government in general (esp. military) to operate under a chain of command. When this link is broken, no one is used to thinking for him/herself. When we teach "yes sir, no sir", we do a disservice to the critical thinking and independent decision making that would have helped out here.
Search
1 bulls, 3 cows.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.