recommended reading

DHS' Cyber Storm III to test Obama's national cyber response plan

ATLANTA -- The Homeland Security Department's third large-scale cybersecurity drill in September 2010 will test the national cyber response plan currently being developed by the Obama administration, said industry and government participants in the simulation exercise during a conference on Tuesday.

Cyber Storm III will build upon the lessons learned in the two previous exercises that took place in February 2006 and March 2008, and provide the first opportunity to assess the White House strategy for responding to a cyberattack with nationwide impact.

"The national cyber response plan will be an offshoot of a lot of the findings that came out of Cyber Storm I and II that will formalize the roles and responsibilities," said Brett Lambo, director of the cyber exercises program in DHS' national cybersecurity division. He participated on an afternoon panel at the GFirst conference in Atlanta hosted by the department's U.S. Computer Emergency Readiness Team. "It's not a direct cause-and-effect relationship, but a lot of questions bubbled up [from the exercises]," followed by the announcement along with President Obama's 60-day cyber review that a response plan should be developed.

Details of the national cyber response plan are still being finalized through weekly meetings with stakeholders from federal government and industry. An initial report is scheduled to be released in November, less than a year before Cyber Storm III kicks off, said Robert Dix, vice president of government affairs and critical infrastructure protection at Juniper Networks, who is among the industry representatives involved in both the plan's development and the Cyber Storm exercises.

"Right now, there's arm-wresting happening -- identifying roles and responsibilities; determining what information needs to be shared, to whom and when," Dix said. "This is a fairly large group with varying levels of experience in different topical areas all making important contributions."

In the first Cyber Storm, DHS used simulated attacks to bring down parts of the Internet and test the abilities of different sectors to recover their networks. In the simulated Cyber Storm II, the Internet was used as an attack vector for spreading malicious software and other cyber threats through computer systems. DHS is now discussing with state and local government and industry what form Cyber Storm III will take.

DHS hopes Cyber Storm III will provide an opportunity to enhance methods for information sharing; better define roles and responsibilities, and bring all sectors with a stake in information security to the table to inform the effort.

"These are not technology issues; they're policy issues," Lambo said. "And these are the things we're going to try to enforce through Cyber Storm III."

Tests likely will target control systems that support the country's critical infrastructure, such as the electric grid and transportation systems, Dix said. Homeland Security also will call upon subject matter specialists to develop the manufactured cyberattacks. "With all due respect, these are some of the creepy minds that are able to conjure up these scenarios that are real world likelihoods," Dix said.

While tests in the previous Cyber Storm exercises were customized to the participating markets, with various sectors defending their computer systems against different types of attacks, DHS plans to have participants in Cyber Storm III "fighting the same fight" against a common threat that might manifest itself differently across different organizations, Lambo said. He compared the strategy to the Conficker worm, which rapidly installed malicious software on computers running the Microsoft operating system and posed a contrasting threat for critical infrastructure organizations envisioning the shut-down of services versus federal agencies fearing the loss of sensitive information.

One objective of Cyber Storm III is to harmonize the various alert level systems used in government and the private sector so that all stakeholders at least speak the same language.

"Everyone has their own alert level system in states, private sectors and federal government, but we don't have each other's criteria," Lambo said. "If someone calls and says 'We just went to alert level red,' if I don't know what red is, that doesn't mean a damn thing to me... We're trying to tackle that monster."

Homeland Security has just begun planning Cyber Storm III and is focused on encouraging early participation from the state and local communities, and private sector, including the variety of infrastructure markets.

In the long term, Dix said, the true impact of the simulation on the administration's national response plan depends on follow-through.

"A lot of recommendations that came out of Cyber Storm I and II have not been touched or acted upon," he said. "If we're serious about improving our resiliency, we need to take this seriously. My hope is that with this administration's attention, we can raise the bar through action and not just reports that we place on a shelf."

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.