Cyber Storm II Set To Begin

mr sanjeev notes that Computerworld is running a story about Cyber Storm II, set to run from March 11th until the 14th. The exercise will test the security of the US, Australia, the UK, New Zealand, and Canada. The organizers' goals are to test preparedness and responsiveness in relation to real-time threats. The previous Cyber Storm test identified "eight specific areas in need of improvement." We recently discussed the details of the tests themselves. From Computerworld: "Security experts said the first Cyber Storm event last year improved participants' understanding of who to call in the event of an attack, but did not identify specific vulnerabilities in the nation's computer systems. 'What they're trying to do is highlight the inefficiencies in the process,' according to Marcus Sachs, deputy director with research group SRI International's Computer Science Laboratory. 'They're not really looking for technical solutions.'"

Re:

[brezel]

How do I get Quake 3 to run on Linux?

./quake3 ?

Re:

[Almahtar]

I would mod you funny, but I used all the points yesterday. Dangit.

Re:

[brezel]

hehe :)

pointless

[OffTheLip]

Why do I not feel like anything was learned from the previous go round "http://arstechnica.com/news.ars/post/20080306-pentagon-attack-last-june-stole-an-amazing-amount-of-data.html"

Re:

[OMNIpotusCOM]

Yeah, we learned to invite China next time. Maybe that way they won't hire out their tweeners to hack our site in their downtime from gold farming in WoW

Re:pointless

[lunartik]

Most commenters seem to miss the point of what they are doing. It doesn't sound like they are getting together and probing each others networks, or getting involved in this in very minute technical details (but they could be). That is not what these sorts of exercises are usually about. The article says that the first exercise "involved nine large IT firms, six electricity utility firms (generation transmission and grid operations) and two major airline carriers. "

In fact, the article calls this a "hacking exercise" but says:

A Cyber Storm report was released following the exercise in February last year which identified eight specific areas in need of improvement.

These included better inter-agency coordination, the formation of a training and exercise program, increased coordination between those involved in cyber incidents, the development of a common framework for response and information access, as well as the development of a strategic communications and public relations plan.

Security experts said the first Cyber Storm event last year improved participants' understanding of who to call in the event of an attack, but did not identify specific vulnerabilities in the nation's computer systems.

What they were likely doing was role-playing major systems getting corrupted, altered or going off-line. There is a non-technical side to such an event that needs to be thought about and practiced. When a crisis happens, there will be a period of chaos, which you quickly need to get under control and then fix. Say you were an airline, and air traffic systems went out. What do you do with your planes? Your passengers? Who is your contact at the Federal government? Who do they report to? Who are they speaking for? What assistance can they provide? Who are your contacts at other airlines? Who is in charge of communicating with the airports? Does finance have money available to put passengers in hotels if necessary? Who in finance is can make those decisions? Who are your contacts at the hotels? What assistance will they provide? What are our plans for handling major schedule disruption? How long would it take to get the planes back online and normal service resumed?

If the exercise tells you that your systems have been infiltrated, you could imagine similar questions raised.

The idea is to get people thinking about what their specific role is and understanding it. We always told people there are no wrong answers, they are not graded. The facilitator guides the exercise and observes how well things go, and makes recommendations afterwards.

Re:

[Jeruvy]

Well if you lose your flight, or can't get money from an ATM, or other such day to day activity stops, just think of all the good coming from these games.

Where can I get rose colored glasses?

Re:

[Dennerman]

This is a fairly accurate representation of the Cyber Storm II exercise and well said. Technical folks often forget that there are other issues at a different level that have just as much validity in the preparation for and protection against such attacks. That is what this exercise is focused on.

Re:How did the first one help?

[PopeRatzo]

Friend, it's all a PR exercise. In the next seven months, we're going to be hearing about every possible type of attack. If you were to judge the state of the world by the media coverage in the coming months (thanks to a lazy, complicit press), you would think that every other human living on earth is a satanic terrorist, looking to kill your babies.

History books will look back on our current confluence of Terrorism and War as a type of madness. It will judge harshly the weak-hearted "leaders" who used fear to govern.

One thing, though: The past seven years has certainly changed my opinion of the Second Amendment. And I choose to extend the "right to bear arms" to the "cyber" type, including the best crypto I can find. Maybe not to use every day, but to keep for the inevitable.

Re:

[Bob9113]

Brief, to the point, and insightful. I wish I had mod points. Thanks!

Re:

[lunartik]

It is not a PR exercise (well, maybe it is, I haven't read TFA), these types of scenarios are used all the time for crisis testing. I used to help run part of a major multi-national's crisis team, and the main goal in table-topping various disaster scenarios is not to drum up some mass paranoia, or even to exercise more likely minor events. The goal is to come up with something large enough to involve all, or most, members of the team. Too often people are tasked with a crisis function on top of their "r

Re:

[noidentity]

It is not a PR exercise (well, maybe it is, I haven't read TFA), these types of scenarios are used all the time for crisis testing.

If it had nothing to do with PR, it wouldn't have even been mentioned to the press. When's the last time they reported on a fire drill or internal audit?

Re:

[lunartik]

If it had nothing to do with PR, it wouldn't have even been mentioned to the press. When's the last time they reported on a fire drill or internal audit?

I didn't say it has "nothing to do with PR," I said it wasn't a PR exercise. The article quotes politicians, who are of course looking for PR. The article has everything to do with PR. The actual exercise probably has very little to do with it.

Re:

[kesuki]

Sir, there are plenty of hackers who are entirely motivated by greed. Most of those, probably have nightmares about being shot if they talk about what they do every day, that earns them good money without working hard. If they're the type who don't have nightmares then sir you should be worried. Those Are the type of people who Enjoy their work, breaking the law, and have no qualms about staying hush hush. It didn't take long for organized crime to realize the potential of the internet, and depending on

Re:

[RKBA]

"One thing, though: The past seven years has certainly changed my opinion of the Second Amendment. And I choose to extend the "right to bear arms" to the "cyber" type, including the best crypto I can find. Maybe not to use every day, but to keep for the inevitable."

Welcome to the "Right to Keep and Bear Arms" club. The way things are looking, we may need to use all the weapons in our arsenals to restore Constitutional government and defeat the ruling fascists.
~ RKBA

Re:

[PopeRatzo]

Welcome to the "Right to Keep and Bear Arms" club.

Thank you, RKBA.

I think the thing that made me take so long to realize the importance of the Right to Bear Arms was my lack of imagination when it comes to what "Arms" can mean.

Living in a big city, it was easy for me to see why wider availability of cheap handguns might be a problem. Now that I look at "arms" more broadly, I can see the importance of that right.

I had one of these!

[schon]

In my Amiga 3000. [amiga.org] Was pretty cool, at the time.

Re:

[nogginthenog]

I still have one in my A4000! Mine doesn't have a fan though (doesn't seem to be a problem...).

Your mission

[StarfishOne]

Your mission, if you choose to accept it, is to prevent certain military groups from sending sensitive information about Air Force One [slashdot.org].

Ready Set Go

[sciop101]

The call-lists are up-to-date. The start/stop dates are set. Did we forget anything?

Our recent unknown intruder penetrated using the superuser account, giving him access to our whole system.

LET THE GAMES BEGIN.

I still feel I forgot something.

Will they...

[another joe]

...invite these folks? http://www.cnn.com/2008/TECH/03/07/china.hackers/index.html [cnn.com] Never mind, they don't need an invite.

I hope they get strong corporate backing ...

[chronosan]

Everyone knows sequels suck, I'm waiting for the third edition.

The perfect date

[nurb432]

To do *real* break-ins. Yours might get lost in the noise of the 'test'.

There has already been the denial of WoW attack

[dbIII]

OK, co-incidence but still annoying.

Invite the general public to participate?

[hughperkins]

Could it make sense to hide some arbitrary data (string of random letters lets say), on a secured network, and give authorisation for anyone anywhere to attack this network, attempt to obtain the letters?

First one to get the letters gets USD500 000; with an extra USD500 000 if they can describe how it was done sufficiently for other people to be able to reproduce these steps. (So, half a million for succeeding, half a million for communicating how they succeeded).

Corporate Wars?

[Lunatrik]

Every time I see articles about Cyberstorm it brings me back to the old Cyberstorm strategy games. I wish they still made those (or something similar).

On a side note, if these games teach us anything it's that Cyberstorm 1 will have been a heckofalot better than 2 :)

Re:

[Fuzzlekits]

These corporate wars? http://www.gamespot.com/pc/strategy/cyberstorm2corporatewars/index.html [gamespot.com] I missed not getting to play the original Cyberstorm. Hexes were a much better play surface than squares. Maybe someone should make sure they're using Hexes for the second operation, might suck less...

The DoD could use some friendly probing.

[cavebison]

If they break into a chorus of Moon River, something definitely got past the ring of protection.

You know, the funniest thing happened ...

[psycho sparky]

At half past nine this morning we were actually running an exercise for a company of over a thousand people in London based on simultaneous bombs going off precisely at the railway stations where it happened this morning, so I still have the hairs on the back of my neck standing up right now.