Cyber Storm Exercise Explained

The Cyber Storm exercise is a biennial simulated exercise overseen by the United States Department of Homeland Security that took place February 6 through February 10, 2006 with the purpose of testing the nation's defenses against digital espionage.[1] [2] The simulation was targeted primarily at American security organizations but officials from the United Kingdom, Canada, Australia and New Zealand participated as well.[3]

Cyber Storm I

The first Cyber Storm exercise took place February 6 through February 10, 2006 with the purpose of testing the nation's defenses against digital espionage.

Simulation

The exercise simulated a large scale attack on critical digital infrastructure such as communications, transportation, and energy production. The simulation took place a series of incidents which included:

Internal difficulties

During the exercise the computers running the simulation came under attack by the players themselves. Heavily censored files released to the Associated Press reveal that at some time during the exercise the organizers sent every one involved an e-mail marked "IMPORTANT!" telling the participants in the simulation not to attack the game's control computers.[4]

Performance of participants

The Cyber Storm exercise highlighted the gaps and shortcomings of the nation's cyber defenses. The cyber storm exercise report found that institutions under attack had a hard time getting the bigger picture and instead focused on single incidents treating them as "individual and discrete".[5] In light of the test the Department of Homeland Security raised concern that the relatively modest resources assigned to cyber-defense would be "overwhelmed in a real attack".[6]

Cyber Storm II

Cyber Storm II was an international cyber security exercise sponsored by the United States Department of Homeland Security in 2008. The week-long exercise was centered in Washington, DC and concluded on March 15.[7]

Cyber Storm III

Cyber Storm III was an international cyber security exercise sponsored by the United States Department of Homeland Security in 2010. The week-long exercise was centered in Washington, DC and concluded on October 1.[8]

See also

Notes and References

  1. https://www.dhs.gov/xnews/releases/pr_1158340980371.shtm Fact Sheet: Cyber Storm Exercise
  2. https://www.dhs.gov/xlibrary/assets/prep_cyberstormreport_sep06.pdf Cyber Storm Exercise Report
  3. Kapica, Jack. A blogger’s paranoia, The Globe and Mail, Accessed February 1, 2008.
  4. Web site: Cyber 'War' Games Highlight Vital Security Flaws. www.cybertalkblog.co.uk. en-US. 2017-03-13. April 16, 2021. https://web.archive.org/web/20210416110118/https://www.cybertalkblog.co.uk/cyber-news-blog/cyber-war-games-highlight-vital-security-flaws/. dead.
  5. Wait, Patience. Cyber Storm exercise challenged coordination, communications (Government computer news). Accessed February 1, 2008.
  6. http://www.securityfocus.com/brief/303 DHS releases report on Cyber Storm exercise
  7. Ian Grant. "Cyber Storm 2 exercise reveals security preparedness" Computerweekly.com. Accessed March 21, 2008.
  8. Ian Grant. "Cyber Storm III"