Cyber Storm Exercise

Last updated

The Cyber Storm exercise is a biennial simulated exercise overseen by the United States Department of Homeland Security that took place February 6 through February 10, 2006 with the purpose of testing the nation's defenses against digital espionage. [1] [2] The simulation was targeted primarily at American security organizations but officials from the United Kingdom, Canada, Australia and New Zealand participated as well. [3]

Contents

Cyber Storm I

The first Cyber Storm exercise took place February 6 through February 10, 2006 with the purpose of testing the nation's defenses against digital espionage. [1]

Simulation

The exercise simulated a large scale attack on critical digital infrastructure such as communications, transportation, and energy production. The simulation took place a series of incidents which included:

Internal difficulties

During the exercise the computers running the simulation came under attack by the players themselves. Heavily censored files released to the Associated Press reveal that at some time during the exercise the organizers sent every one involved an e-mail marked "IMPORTANT!" telling the participants in the simulation not to attack the game's control computers. [4]

Performance of participants

The Cyber Storm exercise highlighted the gaps and shortcomings of the nation's cyber defenses. The cyber storm exercise report found that institutions under attack had a hard time getting the bigger picture and instead focused on single incidents treating them as "individual and discrete". [5] In light of the test the Department of Homeland Security raised concern that the relatively modest resources assigned to cyber-defense would be "overwhelmed in a real attack". [6]

Cyber Storm II

Cyber Storm II was an international cyber security exercise sponsored by the United States Department of Homeland Security in 2008. The week-long exercise was centered in Washington, DC and concluded on March 15. [7]

Cyber Storm III

Cyber Storm III was an international cyber security exercise sponsored by the United States Department of Homeland Security in 2010. The week-long exercise was centered in Washington, DC and concluded on October 1. [8]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Information warfare</span> Battlespace use and management of information and communication technology

Information warfare (IW) is the battlespace use and management of information and communication technology (ICT) in pursuit of a competitive advantage over an opponent. It is different from cyberwarfare that attacks computers, software, and command control systems. Information warfare is the manipulation of information trusted by a target without the target's awareness so that the target will make decisions against their interest but in the interest of the one conducting information warfare. As a result, it is not clear when information warfare begins, ends, and how strong or destructive it is.

The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).

On September 11, 2001, the North American Aerospace Defense Command (NORAD) was involved in an ongoing operation which involved deploying fighter aircraft to northeastern North America. The U.S. Military and NORAD had also planned to conduct several military exercises and a drill was being held by the National Reconnaissance Office, a Department of Defense agency. The operations, exercises and drills were all canceled following the September 11 attacks.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">Command and control</span> Military exercise of authority by a commanding officer over assigned forces

Command and control is a "set of organizational and technical attributes and processes ... [that] employs human, physical, and information resources to solve problems and accomplish missions" to achieve the goals of an organization or enterprise, according to a 2015 definition by military scientists Marius Vassiliou, David S. Alberts, and Jonathan R. Agre. The term often refers to a military system.

<span class="mw-page-title-main">Jeff Moss (hacker)</span> American computer security expert

Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.

Eligible Receiver 97 was a U.S. Department of Defense exercise conducted under what is known as the No-Notice Interoperability Exercise Program. The exercises were held June 9–13, 1997 and included participants such as the National Security Agency, Central Intelligence Agency, Defense Intelligence Agency, Federal Bureau of Investigation, National Reconnaissance Office, Defense Information Systems Agency, Department of State, Department of Justice, as well as critical civilian infrastructure providers such as power and communication companies. The simulated cyber attack led directly to the formation of the United States Cyber Command.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

<span class="mw-page-title-main">United States Cyber Command</span> Unified combatant command of the United States Armed Forces responsible for cyber operations

United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise which focus on securing cyberspace.

<span class="mw-page-title-main">Cyber ShockWave</span>

Cyber ShockWave, similar to the Cyber Storm Exercise, was a 4-hour wargame conducted in February 2010 by the Bipartisan Policy Center, an American think tank based in Washington, D.C. Former high-ranking Cabinet and National Security Officials role played a cabinet level response to a cyberwarfare scenario. Portions of the exercise were later broadcast on CNN.

<span class="mw-page-title-main">Chinese espionage in the United States</span>

The United States has often accused the government of China of attempting unlawfully to acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak and Peter Lee. The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat groups, against other countries.

Informatized warfare of China is the implementation of information warfare (IW) within the People's Liberation Army (PLA) and other organizations affiliated or controlled by the Chinese Communist Party (CCP). Laid out in the Chinese Defence White Paper of 2008, informatized warfare includes the utilization of information-based weapons and forces, including battlefield management systems, precision-strike capabilities, and technology-assisted command and control (C4ISR). However, some media and analyst report also uses the term to describe the political and espionage effort from the Chinese state.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

<span class="mw-page-title-main">PLA Unit 61398</span> Chinese advanced persistent threat unit

PLA Unit 61398 is the Military Unit Cover Designator (MUCD) of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks. The unit is stationed in Pudong, Shanghai.

A Master of Science in Cyber Security is a type of postgraduate academic master's degree awarded by universities in many countries. This degree is typically studied for in cyber security. What is offered by many institutions is actually called a Master in Strategic Cyber Operations and Information Management (SCOIM) which is commonly understood to be a Master in Cybersecurity. This degree is offered by at least some universities in their Professional Studies program so that it can be accomplished while students are employed - in other words it allows for "distance learning" or online attendance. Requirements for the Professional Studies program include: 3.0 or better undergrad GPA, professional recommendations letters and an essay.

The following outline is provided as an overview of and topical guide to computer security:

Corporate warfare is a form of information warfare in which attacks on companies by other companies take place. Such warfare may be part of economic warfare and cyberwarfare; but can involve espionage, 'dirty' PR tactics, or physical theft. The intention is largely to destabilise or sink the value of the opposing company for financial gain, or to steal trade secrets from them.

References

  1. 1 2 Fact Sheet: Cyber Storm Exercise Archived February 7, 2012, at the Wayback Machine (Department of Homeland Security). Accessed February 1, 2008.
  2. Cyber Storm Exercise Report Archived February 12, 2012, at the Wayback Machine (Department of Homeland Security)
  3. Kapica, Jack. A blogger’s paranoia Archived April 6, 2008, at the Wayback Machine , The Globe and Mail, Accessed February 1, 2008.
  4. "Cyber 'War' Games Highlight Vital Security Flaws". www.cybertalkblog.co.uk. Archived from the original on April 16, 2021. Retrieved March 13, 2017.
  5. Wait, Patience. Cyber Storm exercise challenged coordination, communications Archived February 11, 2008, at the Wayback Machine (Government computer news). Accessed February 1, 2008.
  6. DHS releases report on Cyber Storm exercise. Accessed February 18, 2008.
  7. Ian Grant. "Cyber Storm 2 exercise reveals security preparedness" Computerweekly.com . Accessed March 21, 2008.
  8. Ian Grant. "Cyber Storm III"