In Brief
Cyber Storm Warning
The Department of Homeland Security's Cyber Storm exercise reveals that basic planning is left to be done to prepare for a large-scale cyberattack
By Allan Holmes
November 01, 2006 — CSO — After a simulated cyberattack exercise last winter, officials in charge of cybersecurity at the Department
of Homeland Security said they had identified eight areas they need to work on with the private sector
to secure and respond to cyberattacks on the nation's critical infrastructures.
But as many security experts expected, the Cyber Storm exercise (staged in early February to attack
computers supporting the U.S. and international energy and transportation systems) pointed out that
much basic planning is left to be done to prepare for a large-scale cyberattack.
DHS officials and the "Cyber Storm Exercise Report" were short on details of the exercise and what was
discovered. DHS identified "eight core findings," including the need for more interagency coordination
(such as what events would trigger involving what government agency) and the need for clearer roles
and responsibilities among government agencies and the private sector.
George Foresman, undersecretary for preparedness at DHS, said at a September press conference that
other key findings cited the value of DHS's ability to stage such a large-scale exercise and showed that
the government could work with the private sector on cyberattacks.
Security experts who have monitored the government's cybersecurity efforts say the United States
should be further along in its preparations and note that Cyber Storm did not test how the country
would respond to specific threats, such as a denial-of-service attack.
Foresman defends DHS's performance by saying that the government has been aware of cybersecurity
issues for only 10 years. DHS plans another exercise in 2008. "We ought to have processes and
procedures in place that clarify" the coordination issues highlighted in Cyber Storm, Foresman says. "If
they still exist, then we know we didn't do a good job of implementing it."
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on Symantec.Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is?Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say.7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions.Ponemon Study: How Much Does a Data Breach "Cost"?
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.
- End-Users - Your Weakest Security Link
- Certificate and Smart Card Management with ILM 2007
- How Are Open Source Development Communities Embracing Security Best Practices?
- Using Likewise to Comply with PCI Data Security Standard
- Ponemon Study: How Much Does a Data Breach "Cost"?
- Managing SSL Security in Multi-Server Environments
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
Data Loss Prevention
-
November 13, 2008The Roosevelt HotelRegister now »
New York, NY 10017
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
