Cyber Storm II Set To Begin 36
mr sanjeev notes that Computerworld is running a story about Cyber Storm II, set to run from March 11th until the 14th.
The exercise will test the security of the US, Australia, the UK, New Zealand, and Canada. The organizers' goals are to test preparedness and responsiveness in relation to real-time threats. The previous Cyber Storm test identified "eight specific areas in need of improvement." We recently discussed the details of the tests themselves. From Computerworld:
"Security experts said the first Cyber Storm event last year improved participants' understanding of who to call in the event of an attack, but did not identify specific vulnerabilities in the nation's computer systems. 'What they're trying to do is highlight the inefficiencies in the process,' according to Marcus Sachs, deputy director with research group SRI International's Computer Science Laboratory. 'They're not really looking for technical solutions.'"
Re:How did the first one help? (Score:5, Insightful)
History books will look back on our current confluence of Terrorism and War as a type of madness. It will judge harshly the weak-hearted "leaders" who used fear to govern.
One thing, though: The past seven years has certainly changed my opinion of the Second Amendment. And I choose to extend the "right to bear arms" to the "cyber" type, including the best crypto I can find. Maybe not to use every day, but to keep for the inevitable.
Re:How did the first one help? (Score:3, Insightful)
Re:pointless (Score:5, Insightful)
In fact, the article calls this a "hacking exercise" but says:
These included better inter-agency coordination, the formation of a training and exercise program, increased coordination between those involved in cyber incidents, the development of a common framework for response and information access, as well as the development of a strategic communications and public relations plan.
Security experts said the first Cyber Storm event last year improved participants' understanding of who to call in the event of an attack, but did not identify specific vulnerabilities in the nation's computer systems.
If the exercise tells you that your systems have been infiltrated, you could imagine similar questions raised.
The idea is to get people thinking about what their specific role is and understanding it. We always told people there are no wrong answers, they are not graded. The facilitator guides the exercise and observes how well things go, and makes recommendations afterwards.