Cyber Terrorism Exercise Starts 10 March

Cyber Storm II, a US National Cyber Exercise, is due to run from 10 to 15 March 2008, with participation by the Australian Government. The US Department of Homeland Security’s National Cyber Security Division (NCSD) will exercise with industry people, playing out a scenario involving coordinated cyber and physical attacks on critical infrastructures. As well as Australia, the UK and NZ are particiapting.

One thing to note about such exercises is that they are not so much about trying out technology for preventing cyber-attacks, but testing the procedures to be used when one occurs. Issues to be clarified are: Who is in charge? Who do you tell? Who talks to the media?

There is a detailed Report on the first Cyber Storm exercise, which was held in 2006. It recommended improvements to inter-agency coordination.

Objectives
• Examine the capabilities of participating organizations to prepare for, protect from, and respond to the potential effects of cyber attacks
• Exercise strategic decision making and interagency coordination of incident response(s) in accordance with national level policy and
procedures
• Validate information sharing relationships and communications paths for the collection and dissemination of cyber incident situational awareness, response, and recovery information
• Examine means and processes through which to share sensitive information across boundaries and sectors, without compromising proprietary or national security interests

from: Fact Sheet Cyber Storm II National Cyber Exercise, CERT, US Department of Homeland Security