This is pretty interesting – US, UK, Canada, Australia and New Zealand are taking part in a fictitious cyberwar as an exercise to prepare and plan for sustained cyber attacks including some of which have actually caused power outages.
I personally think it’s a great idea, I must have missed Cyber Storm I as this is the first time I’ve heard about this program.
Participants of Cyber Storm II, which also include about 40 private-sector companies, will enact a scenario in which “persistent, fictitious adversaries” launch an extended attack using websites, email, phones, faxes and other communications systems. Other countries involved are Australia, New Zealand and Canada.
Cyber Storm II comes two weeks after the Pentagon released an assessment of China’s military might, warning the People’s Liberation Army was intent on expanding its capabilities for cyber warfare. It also comes amid intelligence reports that utilities in several countries have sustained cyber attacks that caused power outages.
It seems to be something like Business Continuity Planning for malicious attacks, it’s definitely a healthy exercise and it will teach a lot of people what it’s really like to be under pressure from a serious and persistent attack. That’s making a hefty assumption that those attacking really know what they are doing…I somehow doubt they can emulate a large scale DDoS attack from a huge Botnet.
Companies including Cisco, Juniper Networks, Dow Chemical, Air Products & Chemical and Wachovia are participating. Nine US states and at least 18 federal agencies are also involved. They represent the chemical, information technology, communications and transportation industries, which are considered critical parts of the infrastructure. The US Department of Homeland Security is hosting the event – no doubt with danishes and plenty of Starbucks coffee.
The exercises are designed to sharpen and assess participants’ ability to respond to a multi-day, coordinated attack and better understand the “cascading effects” such attacks can have.
There is some pretty heavy players involved like cisco and Juniper, so they should know what they are doing.
I do hope it leads to some knowledge, procedures and experience essential to defending against cyber terrorism.
Source: The Register