This week the United States government conducted a cybersecurity exercise known as Cyber Storm III. This is the third time they have done this, and the goal was to test the ability of US government agencies and businesses to handle a massive Internet attack. With the increases in data breaches and the sophistication of attacks, this process is important to help protect critical information and fight cybercrime. Part of the exercise was testing the National Cyber Incident Response Plan, originally released by the US Department of Homeland Security (DHS) in 2009. The exercise was not an actual attack, but a series of simulations intended to gauge responses to critical situations.
Cyber Storm is not just an exercise in US preparedness and response, but ties in numerous international parties. Seven cabinet-level departments of the US government, the White House, 11 US states, 12 countries and 60 private sector companies participated. Cyber Storm III will be the first opportunity to test the new National Cybersecurity and Communications Integration Center (NCCIC), which is the hub of US national cybersecurity coordination.
Most people realize that the Internet today has no national boundaries and that fighting cybercrime and other attacks needs to be done jointly. Phil Reitinger, deputy undersecretary of the DHS National Protection and Programs Directorate, said, “One of the things that I think it’s critical to recognize about cyberspace is it’s beyond the capability of any one government agency to respond, or even one government or one private-sector entity,” he said. “This really requires a joint response.”
As we all saw during the attacks on 9/11, coordination and information sharing among organizations was not very good. Public and private organizations need to work together to confront these serious threats to our infrastructure and critical information. Internet attacks have moved beyond simple Denial of Service (DOS) and server vulnerabilities. Today people and organizations are targeting social avenues, such as exploiting trusted relationships between people and systems. You see this with more insider threats as criminal groups try to get a trusted person inside an organization, who can then grab any document or important piece of information.
From the limited information the government released, the Cyber Storm exercise went well. All businesses can take something away from this. The first is to assume that your information will be attacked, as the Cyber Storm exercise does. The next is to understand your level of readiness to survive such an attack. The third is to develop plans to fill the gaps between your current state and your desired state. The last is to execute your plans and test them.
As you create those plans, you need to think about the internal and external parties involved. If your information is attacked, who become your early responders? Who do you notify inside your organization? What outside organizations do you call? How do you coordinate information and actions between all the parties involved? How do you restore normal business operations? How do you prevent similar attacks in the future?
All of this is like fighting a fire. You need to address the people, process and technology of preventing it and responding to it, if it occurs. DHS has the NCCIC to coordinate their activities. Who is coordinating yours?
Photo credit jpbader