Detail map of Washington, District of Columbia, United States Overview map of Washington, District of Columbia, United States

A: Washington, District of Columbia, United States

The "Cyber Storm" War Game

2/6/2006 to 2/10/2006
<p>The Department of Homeland Security seal</p>

The Department of Homeland Security seal

From February 6-10, 2006 vital US infrastructure, including power grids and banking systems, were put under simulated attack in a week-long security exercise called Cyber Storm.

FROM THE U.S. GOVERNMENT'S PUBLISHED INTERPRETATION OF THE RESULTS

"The U.S. Department of Homeland Security’s (DHS) National Cyber Security Division (NCSD) successfully executed Cyber Storm, the first national cyber exercise Feb. 6 thru Feb. 10, 2006. The exercise was the first government-led, full-scale cyber security exercise of its kind. NCSD, a division within the department’s Preparedness Directorate, provides the federal government with a centralized cyber security coordination and preparedness function called for in the National Strategy for Homeland Security, the National Strategy to Secure Cyberspace and Homeland Security Presidential Directive 7. NCSD is the focal point for the federal government’s interaction with state and local government, the private sector and the international community concerning cyberspace vulnerability reduction efforts."

"The Scenario

"The exercise simulated a sophisticated cyber attack campaign through a series of scenarios directed at several critical infrastructure sectors. The intent of these scenarios was to highlight the interconnectedness of cyber systems with physical infrastructure and to exercise coordination and communication between the public and private sectors. Each scenario was developed with the assistance of industry experts and was executed in a closed and secure environment.

"Cyber Storm scenarios had three major adversarial objectives:

"* To disrupt specifically targeted critical infrastructure through cyber attacks

"* To hinder the governments' ability to respond to the cyber attacks

"* To undermine public confidence in the governments' ability to provide and protect service" (http://www.dhs.gov/xnews/releases/pr_1158340980371.shtm, accessed 08-09-2009).

The Department of Homeland Security has information of Cyber Storm I here.

♦ A LESS OPTIMISTIC INTERPRETATION FROM THE WIKIPEDIA

"The Cyber Storm exercise was a simulated exercise overseen by the Department of Homeland Security that took place February 6 through February 10, 2006 with the purpose of testing the nations defenses against digital espionage. The simulation was targeted primarily at American security organizations but officials from Britain, Canada, Australia and New Zealand participated as well.

"Simulation

"The exercise simulated a large scale attack on critical digital infrastructure such as communications, transportation, and energy production. The simulation took place a series of incidents which included.

" * Washington's metro trains mysteriously shutting down.

" * Bloggers revealing locations of railcars containing hazardous materials. * The airport control towers of Philadelphia and Chicago mysteriously shutting down.

" * A mysterious liquid appearing on a London subway.

" * Significant numbers of people on "no fly" lists suddenly appearing at airports all over the nation.

" * Planes flying too close to the White House. * Water utilities in Los Angeles getting compromised.

"Internal difficulties

"During the exercise the computers running the simulation came under attack by the players themselves. Heavily censored files released to the Associated Press reveal that at some time during the exercise the organizers sent every one involved an e-mail marked "IMPORTANT!" telling the participants in the simulation not to attack the game's control computers.

"Performance of participants

"The Cyber Storm exercise highlighted the gaps and shortcomings of the nation's cyber defenses. The cyber storm exercise report found that institutions under attack had a hard time getting the bigger picture and instead focused on single incidents treating them as 'individual and discrete.'

"In light of the test the Department of Homeland Security raised concern that the relatively modest resources assigned to cyber-defense would be 'overwhelmed in a real attack' (Wikipedia article on Cyber Storm Exercise, accessed 08-09-2009).

 

Timeline Themes