Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Hardware Hacking Networking Security Build

Cyber Storm II Set To Begin 36

mr sanjeev notes that Computerworld is running a story about Cyber Storm II, set to run from March 11th until the 14th. The exercise will test the security of the US, Australia, the UK, New Zealand, and Canada. The organizers' goals are to test preparedness and responsiveness in relation to real-time threats. The previous Cyber Storm test identified "eight specific areas in need of improvement." We recently discussed the details of the tests themselves. From Computerworld: "Security experts said the first Cyber Storm event last year improved participants' understanding of who to call in the event of an attack, but did not identify specific vulnerabilities in the nation's computer systems. 'What they're trying to do is highlight the inefficiencies in the process,' according to Marcus Sachs, deputy director with research group SRI International's Computer Science Laboratory. 'They're not really looking for technical solutions.'"
This discussion has been archived. No new comments can be posted.

Cyber Storm II Set To Begin

Comments Filter:
  • pointless (Score:4, Interesting)

    by OffTheLip ( 636691 ) on Saturday March 08, 2008 @09:35AM (#22686374)
    Why do I not feel like anything was learned from the previous go round ""
    • Yeah, we learned to invite China next time. Maybe that way they won't hire out their tweeners to hack our site in their downtime from gold farming in WoW
    • Re:pointless (Score:5, Insightful)

      by lunartik ( 94926 ) on Saturday March 08, 2008 @03:06PM (#22687974) Homepage Journal
      Most commenters seem to miss the point of what they are doing. It doesn't sound like they are getting together and probing each others networks, or getting involved in this in very minute technical details (but they could be). That is not what these sorts of exercises are usually about. The article says that the first exercise "involved nine large IT firms, six electricity utility firms (generation transmission and grid operations) and two major airline carriers. "

      In fact, the article calls this a "hacking exercise" but says:

      A Cyber Storm report was released following the exercise in February last year which identified eight specific areas in need of improvement.

      These included better inter-agency coordination, the formation of a training and exercise program, increased coordination between those involved in cyber incidents, the development of a common framework for response and information access, as well as the development of a strategic communications and public relations plan.

      Security experts said the first Cyber Storm event last year improved participants' understanding of who to call in the event of an attack, but did not identify specific vulnerabilities in the nation's computer systems.
      What they were likely doing was role-playing major systems getting corrupted, altered or going off-line. There is a non-technical side to such an event that needs to be thought about and practiced. When a crisis happens, there will be a period of chaos, which you quickly need to get under control and then fix. Say you were an airline, and air traffic systems went out. What do you do with your planes? Your passengers? Who is your contact at the Federal government? Who do they report to? Who are they speaking for? What assistance can they provide? Who are your contacts at other airlines? Who is in charge of communicating with the airports? Does finance have money available to put passengers in hotels if necessary? Who in finance is can make those decisions? Who are your contacts at the hotels? What assistance will they provide? What are our plans for handling major schedule disruption? How long would it take to get the planes back online and normal service resumed?

      If the exercise tells you that your systems have been infiltrated, you could imagine similar questions raised.

      The idea is to get people thinking about what their specific role is and understanding it. We always told people there are no wrong answers, they are not graded. The facilitator guides the exercise and observes how well things go, and makes recommendations afterwards.
      • by Jeruvy ( 1045694 ) *
        Well if you lose your flight, or can't get money from an ATM, or other such day to day activity stops, just think of all the good coming from these games.

        Where can I get rose colored glasses?
      • This is a fairly accurate representation of the Cyber Storm II exercise and well said. Technical folks often forget that there are other issues at a different level that have just as much validity in the preparation for and protection against such attacks. That is what this exercise is focused on.
  • In my Amiga 3000. [] Was pretty cool, at the time.
  • by StarfishOne ( 756076 ) on Saturday March 08, 2008 @10:29AM (#22686584)
    Your mission, if you choose to accept it, is to prevent certain military groups from sending sensitive information about Air Force One [].

  • by sciop101 ( 583286 ) on Saturday March 08, 2008 @11:04AM (#22686766)
    The call-lists are up-to-date. The start/stop dates are set. Did we forget anything?

    Our recent unknown intruder penetrated using the superuser account, giving him access to our whole system.


    I still feel I forgot something.

  • Will they... (Score:3, Informative)

    by another joe ( 1132353 ) on Saturday March 08, 2008 @11:31AM (#22686908)
    ...invite these folks? [] Never mind, they don't need an invite.
  • Everyone knows sequels suck, I'm waiting for the third edition.
  • The perfect date (Score:3, Interesting)

    by nurb432 ( 527695 ) on Saturday March 08, 2008 @11:52AM (#22687020) Homepage Journal
    To do *real* break-ins. Yours might get lost in the noise of the 'test'.
  • OK, co-incidence but still annoying.
  • Could it make sense to hide some arbitrary data (string of random letters lets say), on a secured network, and give authorisation for anyone anywhere to attack this network, attempt to obtain the letters?

    First one to get the letters gets USD500 000; with an extra USD500 000 if they can describe how it was done sufficiently for other people to be able to reproduce these steps. (So, half a million for succeeding, half a million for communicating how they succeeded).
  • Every time I see articles about Cyberstorm it brings me back to the old Cyberstorm strategy games. I wish they still made those (or something similar).

    On a side note, if these games teach us anything it's that Cyberstorm 1 will have been a heckofalot better than 2 :)
  • If they break into a chorus of Moon River, something definitely got past the ring of protection.
  • At half past nine this morning we were actually running an exercise for a company of over a thousand people in London based on simultaneous bombs going off precisely at the railway stations where it happened this morning, so I still have the hairs on the back of my neck standing up right now.

Experience varies directly with equipment ruined.