Cyber Storm results released
After long analysis, the Department of Homeland Security has released the results of its Cyber Storm exercise, help in early February.
The first Government-led, full-scale, cyber security exercise of its kind, Cyber Storm was a coordinated effort among international, federal and state governments, and private sector organizations to test response, coordination, and recovery mechanisms in reaction to simulated cyber events.
More than 100 public and private agencies, associations and corporations participated in the exercise from 60-plus locations in 5 countries. The findings from the exercise showed areas where intra-sector, cross-sector and public/private partnerships worked effectively to communicate and resolve issues but also highlighted areas where communications and planning could be improved.
Eight major findings were revealed.
* Finding 1: While the Interagency Incident Management Group and National Cyber Response Coordination Group (NCRCG) activated and interacted constructively during the exercise, further refinement is needed for operations and coordination procedures.
* Finding 2: Formal contingency planning, risk assessment, and definition of roles and responsibilities across the cyber incident response community must continue to be solidified. Responses were timely and well coordinated where existing process procedures were clear and fully understood by players.
* Finding 3: Correlation of multiple incidents across multiple infrastructures and between the public and private sectors remains a major challenge. The cyber incident response community was generally effective in addressing single threats/attacks, and to some extent multiple threats/attacks. However, most incidents were treated as individual and discrete events.
* Finding 4: An established training and exercise program will strengthen awareness of organizational cyber incident response, roles, policies, and procedures.
* Finding 5: Response coordination became more challenging as the number of cyber events increased, highlighting the importance of cooperation and communication across the community.
* Finding 6: A synchronized, continuous flow of information available to cyber incident stakeholders created a common framework for response, impact development, and discussions. Early and ongoing information access strengthened the information-sharing relationship between domestic and international cyber response communities.
* Finding 7: Public messaging must be an integral part of a collaborated contingency plan and incident response to provide critical information to the response community and empower the public to take appropriate individual protective or response actions consistent with the situation.
* Finding 8: Improved processes, tools and training — focused on the analysis and prioritization of physical, economic, and national security impacts of cyber attack scenarios — would enhance the quality, speed, and coordination of response. Read the full report at www.dhs.gov/interweb/assetlibrary/prep_cyberstormreport_sep06.pdf.