September 28, 2010

Simulated Cyberattack On Government, Private Networks Underway

American keyboard warriors took place in a cyberattack on government and private computer networks on Tuesday.

The "Cyber Storm III" exercise involves participants from seven U.S. government departments, such as the Pentagon, 11 U.S. states, 60 private companies and 12 international partners.

The Department of Homeland Security is staging the biennial exercise.  It is the first test of the new National Cybersecurity and Communications Integration Center based in an office building in this Washington suburb.

The NCCIC booted up in October 2009 to serve as the coordinating center for U.S. cybersecurity operations and houses U.S. government computer experts and their private sector counterparts under one roof.

Brett Lambo, the director of DHS's Cyber Exercise Program, stressed that the exercise is "completely simulated."

"We're not attacking any real networks," Lambo AFP news. "We're not taking down a network. We're not injecting any real malware."

The thousands of participants that took place in the exercise will receive over 1,500 "injects" of simulated events that they will have to react to as unknown adversaries seek to exploit vulnerabilities in cyber infrastructure.

According to the DHS, potential consequences of the simulated cyberattacks include the "loss of life and the crippling of critical government and private sector functions" like communications networks and power grids.

Lambo outlined the general scenario of the exercise for reporters at the high-security NCCIC facility in Arlington, but were very careful not to give away too much in order to tip off the participants.

"In Cyber Storm III, we're kind of using the Internet to attack itself," Lambo told AFP, by compromising the system of encrypted digital certificates, which helps to verify identities on the Internet.

"At a certain point the operation of the Internet is reliant on trust -- knowing where you're going is where you're supposed to be," Lambo said.

"We're going to try to compromise that chain of trust by attacking something that's fundamental to the operation of the Internet," he told AFP.

"We'll also be introducing issues in the DNS world," he said of the Domain Name System that assigns easily understandable website names to the string of numbers known as IP addresses.

Lambo said the Pentagon and National Security Agency were involved in the planning process for the exercise, which will be controlled from U.S. Secret Service headquarters in Washington.

"They'll be arm and arm in the fight with us," he told AFP.

He added that there were multiple goals for "Cyber Storm III," including evaluating information sharing among the participants, assessing their preparedness and evaluating their response to the different kinds of threats.

"What we're looking to do is really stress ourselves," he said.

Director of the U.S. Computer Emergency Readiness Team, Randy Vickers, told reporters that the project will be the first meaningful test of the NCCIC center intended to bring together the different components of U.S. Cyber defenses.

"In the past we had bubbles of influence," Vickers told reporters in the NCCIC "watch room."

"All of that has been integrated now into one room," he said.

The international partners taking place in "Cyber Storm III" are from Australia, Britain, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden and Switzerland.


On the Net: