One thing to note about such exercises is that they are not so much about trying out technology for preventing cyber-attacks, but testing the procedures to be used when one occurs. Issues to be clarified are: Who is in charge? Who do you tell? Who talks to the media?
There is a detailed Report on the first Cyber Storm exercise, which was held in 2006. It recommended improvements to inter-agency coordination.
Objectives
• Examine the capabilities of participating organizations to prepare for, protect from, and respond to the potential effects of cyber attacks
• Exercise strategic decision making and interagency coordination of incident response(s) in accordance with national level policy and
procedures
• Validate information sharing relationships and communications paths for the collection and dissemination of cyber incident situational awareness, response, and recovery information
• Examine means and processes through which to share sensitive information across boundaries and sectors, without compromising proprietary or national security interests
from: Fact Sheet Cyber Storm II National Cyber Exercise, CERT, US Department of Homeland Security
No comments:
Post a Comment