The Department of Homeland Security (DHS) today is wrapping up a three-day long cyber security exercise that is testing a wide range of incident responders at various levels of government, the private sector and internationally, and also represents the first major exercise of a new cyber security and coordination center established last year.
Cyber Storm III simulates a large-scale cyber attack on the nation’s critical infrastructure and tests the ability of the collective preparedness and response capabilities of thousands of participants. The current test is exercising elements of the newly-developed National Cyber Incident Response Plan, which is a blueprint for the nation’s cyber security incident response.
According to a DHS fact sheet about the exercise, the scenario reflects the increased sophistication of adversaries, “who have moved beyond the more familiar Web page defacements and denial of service attacks in favor of advanced, targeted attacks that use the Internet’s fundamental elements against itself, with the goal of compromising trusted transactions and relationships.”
During the exercise the goal of players is to identify attacks in real-time and to mitigate the compromises and vulnerabilities that allowed the attacks to occur.
Participants include seven federal cabinet departments plus the White House and representatives from the intelligence and law enforcement communities, 11 states, 12 international partners, and 60 private sector companies, which include representation from various sectors such as banking and finance, chemical, communications, defense and nuclear.
Cyber Storm III is the first major exercise for the National Cybersecurity and Communications Integration Center, which was established in October 2009. Cyber Storm II was held in March 2008.