Feds' third cybersecurity exercise to attack content and identities

The Homeland Security Department kicked off its third large-scale cybersecurity drill on Tuesday to test government's and industry's ability to respond to hackers hijacking Web content and stealing personal identities with the goal of grabbing sensitive information and crippling federal and commercial operations.

The primary goal of Cyber Storm III, which will run through Oct. 1, is to test procedures the Obama administration outlined for how agencies and companies should work together during cyberattacks. The White House established the roles and responsibilities for public and private sector managers in its classified National Cyber Incident Response Plan.

The exercise includes participants from seven Cabinet-level agencies, including the Commerce, Defense, Energy, Homeland Security, Justice, Transportation and Treasury departments, as well as other members of the intelligence and law enforcement community. Eleven state governments and 60 companies also will be participating, along with representatives from the information technology, communications, chemical, electrical and transportation sectors.

Homeland Security Deputy Secretary Jane Holl Lute will act as DHS secretary for the exercise, which will test how news of incidents feed up and down the chain of command. Howard Schmidt, the White House cyber coordinator, will represent himself.

"So much of the cybersecurity space is about collaboration across the entire community" of public and private sector organizations, said Bobbie Stempfley, director of the national cybersecurity division at DHS, during a media briefing on Sept. 24. "Every once in a while you have to kick the tires."

In the first Cyber Storm, DHS simulated cyberattacks to bring down parts of the Internet and to test the abilities of different sectors to recover their networks. In Cyber Storm II exercises, hackers used the Internet to spread malicious software and other threats to computer systems. Cyber Storm III will test participants' ability to respond when the Internet essentially attacks itself, said Brett Lambo, director of the cyber exercises program at DHS.

The simulated attacks will incorporate known technical capabilities the hacker community employs, including the hijacking digital certificates, which verify that content is legitimate and e-mails are actually from the sender listed on the message.

"We hope to understand if we could still do business" when faced with an attack that compromises the integrity of content on the Internet, Lambo said. "It's a matter of prioritizing objectives."

Secret Service headquarters will serve as the "central beehive" for the exercise, where organizers will send narratives that describe scenarios. For example, participants might receive an e-mail stating a piece of malicious code has been detected on a network, or a particular website is down, and they will be expected to respond perhaps by requesting to see an audit log of network activities, redirecting Web traffic from one network port to another, or contacting the Internet service provider and other stakeholders to notify them of the issue.

How a participant responds will influence subsequent narratives sent out from headquarters, Lambo said.

Some participants will be located in the National Cybersecurity and Communications Integration Center in Arlington, Va., which identifies and responds to incidents affecting the nation's network infrastructure, while others participate from their places of employment.

"Cyber Storm offers a window into where we are at that moment in time, in terms of capabilities," Lambo said. "The success of the [simulated attack] is incidental. The point is to break certain things, so we can find out, are we on the right track?"