Cyber Storm blasts interagency cybersecurity
The exercise found a lack of coordination, risk assessment and communications.
The Homeland Security Department's Cyber Storm cybersecurity exercise found that the department is poorly prepared to take on a serious cyberattack.
Released Sept. 13, the report found eight major problem areas in interagency cybersecurity. Those included:
- A lack of coordination among agencies and entities that were victims of cyber incidents.
- Risk assessment.
- A common framework for information sharing.
- Strategic communications and public relations.
The report also found that many agencies were unable to link multiple attacks across disparate systems and lacked processes, tools and technologies to handle incidents.
Cyber Storm was conducted Feb. 6 to 10 by DHS' National Cyber Security Division. The exercise tested how critical infrastructures would withstand major cyberattacks.
"The findings...frankly affirm what many of us [in industry] already knew was a problem," said Paul Kurtz, executive director of the Cyber Security Industry Alliance.
“The most simple solution right now is leadership, having a senior person that spends more than a quarter of their time on this problem,” he said.
Kurtz added that establishing programs that mitigate attacks and forming a clearer plan for an early warning program are essential for better security across agencies. Such mitigating programs include research and development and insurance programs.
DHS said little about the results in a press release, although representatives reaffirmed their commitment to working to resolve the problems.
“Exercises like Cyber Storm are essential to our continued efforts to secure cyberspace and America’s cyber assets,” said George Foresman, DHS’ undersecretary for preparedness. “We are committed to working with our public, private and international partners to turn the lessons learned from Cyber Storm into solutions for enhancing our nation’s cyber preparedness and response capabilities.”
NEXT STORY: Senators: Expedite info-sharing plan