Lessons Learned on Critical Infrastructure Networks

scan pc for spyware or adware free

Lessons Learned on Critical Infrastructure Networks

March 2008

Workers operating networks supporting the nation's critical 
infrastructure such as telecommunications and transportation need better 
training on how to manage backup systems in case cyberattacks take down 
main systems, said a top Homeland Security Department official Thursday.

That's one of the lessons learned during a DHS simulation of a 
large-scale coordinated cyberattack on the nation's infrastructure 
networks. The exercise, called Cyber Storm II, ends Friday, and DHS 
plans to release an after-action report this summer.

Cyber Storm II builds on the lessons learned in the first Cyber Storm in 
February 2006. Most information security experts considered that 
exercise a wakeup call to government to improve the security of critical 
networks. Recommendations issued after the first Cyber Storm included 
improving contingency plans, better and more frequent training programs 
and a more detailed view of the nation's IT architecture, the 
improvements of which were theoretically tested in Cyber Storm II.

Cyber Storm II, the largest such exercise ever organized, kicked off 
Monday with five countries, 18 federal agencies, nine states and more 
than 40 private-sector companies participating. The exercise's players 
received "injects" that simulated potential threats launched through 
e-mails, phone, faxes, Web sites and in-person contacts. Participants 
were expected to implement crisis response systems and follow policies 
and procedures to deal with the attacks and determine which were false 
alarms and which were legitimate.

"This is not scripted," said Greg Garcia, assistant secretary for 
cybersecurity and communications at DHS, during a press briefing. 
"Players are not aware of what's coming at them next... . The volume and 
sophistication of attacks has strained some of the best and brightest, 
which is just what this exercise is meant to do."

DHS officials declined to comment on the specifics of the results. But 
they said that the kinds of scenarios participants faced included 
damaged phone lines, Internet failures, which tested the backup 
capabilities that enabled continued communication, and access to 
critical information during a crisis.

"We've learned some lessons," said Robert Jamison, undersecretary of the 
National Protection and Programs Directorate at DHS. "We spend a lot of 
time working on redundancy capabilities" that help eliminate single 
points of system failure. "While it all worked, there continues to be a 
need to train people in those capabilities."

Participating in the original Cyber Storm were 12 federal agencies, 
three states and 24 private sector companies. Cyber Storm II tested the 
degree of coordination among a larger group of participants, and it 
incorporated simulations of current, more sophisticated threats - 
including various types of 'botnets,' which use malicious code to run 
coordinated system attacks, phishing attempts that trick users into 
providing system access and denial of service attacks that can shut down 
a system.

Most Cyber Storm II participants responded to scenarios from their 
regular working locations using standard channels of communications, 
though the primary control center, or "brain" of the exercise, was 
located in a conference room at the U.S. Secret Service headquarters in 
Washington. Areas of the room are divided into sections, with each 
representing a different industry sector: chemical, telecommunications, 
state and local government, among others. The groups collaborate to 
combat cyberattacks that cut across sectors.

"The challenge is mirroring the real problem," said James Lewis, 
director of the technology and public policy program at the Center for 
Strategic and International Studies. "If this happened in real life, 
there would be 100 people you'd have to talk to right away, and you 
might not have the 100 people that represent the correct groups present 
and active during Cyber Storm II. It's a matter of making sure the game 
reflects the real problem, which is an issue of coordination, not 
technology. If solving the problem largely involves walking from [one 
side] of a room [to] another, that's not the real world ... . That said, 
it's still good. Before, DHS didn't know how to do tests, and now 
they're learning."

DHS will immediately begin the analysis that will appear in the 
after-action report this summer, with lessons learned incorporated into 
procedures and the long-term Cyber Initiative under development, Jamison 
said.

..Jill R. Aitoro

Computer and Internet Security news provided here represents global independent resources. The information represented here is © by the stated author.

Internet Security News Home

WorldsLargestNetwork.com




Scan Your PC for Spyware Free

PC Speed Boost

Create Website Easily

Computer Monitoring Software

Internet Education

Anti Spy Software

Stop Pop Ups

Pop-up Eliminator

Adware Removal

Computer Virus Software

Free Scan Spyware Remover

IT Training

Security Software

Security Solutions

Software Protection

Speed Up PC

Virus Protection

Web Safety

Adware Remover and Spyware Protection

Animated Desktop Characters

Anti Virus Software

Audioexam Study Guides in Mp3 Format

Internet Privacy

Detection Connection

Investigate Anyone or Anything

Password Protection Software

Securing Privacy

Spyware Remover





Best of the Web 1 | Best of the Web 2 | Best of the Web 3 | Best of the Web 4


Worlds Largest Network

Active © WorldsLargestNetwork.com ; All Rights Reserved