DHS evaluates global cybersecurity exercise

U.S. Computer Emergency Readiness Team

Homeland Security Department officials offered no results or findings from a recently concluded, globally coordinated cybersecurity exercise, but they will begin examining data with the intent of issuing a report this summer.

The full-scale exercise, Cyber Storm, was conducted from Feb. 6-10 and involved 115 public, private and international agencies. It examined the response, coordination, and recovery processes and procedures to a simulated cyberattack against critical infrastructures. The federal government has been involved in previous simulated cybersecurity exercises but not on this scale.

The purpose of the exercise was not to see how a simulated attack would affect systems. Industry and government officials said it was necessary to see how well organizations worked together in terms of communicating information and responding appropriately to an attack.

George Foresman, undersecretary at DHS’ Preparedness Directorate, said Cyber Storm was a way to “create a symphony of preparedness,” with the department acting as a musical conductor leading participating agencies that acted as musicians.

At a press conference today, Foresman said DHS’ role is to coordinate the public and private sectors’ responses to an actual attack through a common approach. Several state and industry officials who attended the press conference said they were pleased with the exercise and that it was a major step toward addressing cybersecurity on a national scale.

However, officials did not provide any details regarding strengths or weaknesses found. They said they will study the analysis before providing any results.

DHS officials said the scripted scenario was conducted in a closed environment through Secret Service headquarters in Washington, D.C., and did not include any attacks against real-world systems.

Andy Purdy, acting director of DHS’ National Cyber Security Division, said the department has two overarching priorities. One is to build an effective cybersecurity response system. The other is to build a program for infrastructure protection. Results of the exercise could affect the National Response Plan and other plans designed to improve national coordination to a cyberattack and disruption.

Cybersecurity experts have said the federal government has been slow to address the issue comprehensively. But government officials and company representatives who participated in Cyber Storm said federal officials are working more closely with private- and public-sector officials on a grass-roots level than ever before.

William Pelgrin, director of New York state’s Cybersecurity and Critical Infrastructure Coordination Office and head of the Multi-State Information Sharing and Analysis Center (ISAC), said his agency and ISAC have been working with DHS officials on the issue for three years. The two groups have has been pleased with the guidance they’ve received, he added.

However, two weeks ago, the National Association of State Chief Information Officers released a survey indicating that the federal government needs to provide more education, training and money to help state and local officials promptly deal with cybersecurity issues.

DHS is willing to be “coach and mentor” to state and local officials, but ultimately it’s the responsibility of states and localities to “push the ball down the road,” Foresman said.

Pelgrin said ISAC and DHS are working on guidelines, including suggestions for education and awareness, that local governments can use to help with their day-to-day cybersecurity activities.

Several representatives of companies that participated in Cyber Storm said they will also evaluate how their companies fared in coordination and response to the exercise.

In addition to DHS, participating federal agencies included the Justice, Commerce, Energy, Defense, Treasury and State departments; the CIA; the National Security Agency; the National Security Council; and the Homeland Security Council. All 50 states also participated in the exercise. Officials from Canada, Australia, the United Kingdom and New Zealand participated. Several companies, including Computer Associates, Intel, Microsoft, VeriSign, Symantec, McAfee and Citadel, participated as well.