The U.S. Department of Homeland Security released an overview this week of its cyberattack exercise which simulated the government's response to a large-scale disruption of the critical infrastructure and the Internet.
More than 100 organizations in over 60 locations and five countries participated in the exercise in February of this year. According to a previously published presentation (PDF) outlining the scenario, the exercise pitted the responders against a mish-mash of anti-globalization cyberattackers.
While the report summed up Cyber Storm as a success and stated that those involved "met the challenges," many of the problems were significantly downplayed. In several parts, the DHS voiced concern that the relatively modest resources dedicated to cyberattack response would be overwhelmed in a real attack. The National Cyber Response Coordination Group (NCRCG), for example, became so overwhelmed that "development of an accurate situational picture was challenging," the report stated.
The report also highlighted the poor lines of communications between response groups, especially between the United States' responders and their counterparts abroad. Responders also have to be more savvy about disseminating accurate data to the media without exacerbating the situation, the report said.
The report also briefly mentions problems in upgrading supervisory control and data acquisition (SCADA) systems. Security experts have worried for some time that a vulnerability in SCADA systems could not be patched quickly, if at all, because the systems are not meant to be easily updated. The situation is slowly changing, but the DHS report minimized the issue to two sentences.
"There was a great deal of research and discovery in the area of Supervisory Control and Data Acquisition (SCADA) patching processes during the exercise planning process," the report stated. "This process identified and demonstrated the various difficulties that would result in recovery if a vulnerability existed."
Posted by: Robert Lemos