Industry reflects on Cyber Storm 2

Experts give early word on simulated attack

Shaun Nichols at RSA in San Francisco

Groups involved in the Cyber Storm 2 security exercise presented their first thoughts on the simulated attack drill.

Members of five corporate and government groups, including Microsoft, the US Computer Emergency Response Team (US-Cert) and Dow Chemical all spoke about the study on Wednesday at the RSA conference in San Francisco.

Advertisement

The exercise involved 18 government agencies in five countries, as well as more than 40 companies from the private sector.

While none of the participants would give an insight as to what particular incident was simulated, they did reveal that the exercise involved industrial, public relations, and IT elements.

As such, the takeaway from the exercise ranged from lessons in cross-industry communication to public alert tactics.

Each of the groups involved, however, found that the biggest lesson of Cyber Storm 2 was just how important it was to build a network of both government groups and companies around the globe.

"It was really about developing those relationships and broadening up trust and confidence," said Paul McKitrick, managing director for the New Zealand Center for Critical Infrastructure Protection.

"Having those official back channels straight into another security team is essential."

Dan Lohrmann, chief information security officer for the state of Michigan, said that his team also received a lesson in communications as a result of the exercise.

"We worked quite a bit on communicating public awareness," said Lohrmann. " How we can get out communications to our state employees, to our citizens, and other partners."

The operation did also, however, find some weaknesses.

"There were some shortfalls in information sharing," said Randy Vickers, associate deputy director of US-Cert.

"Some of it is as simple as groups not having the means to communicate widely, and so you either have to send information through various groups of people instead of one central point."

Christine Adams, information systems manager at Dow Chemical, said that in addition to being more aware of what elevated threat levels mean, companies need to become more flexible and able to adapt to a crisis situation, particularly when channels of communication are cut.

"We have some work to do in terms of getting priority telecommunications services if we need it."

The final report on Cyber Storm 2 is expected to be released in the autumn.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

a padlock

Microsoft to plug security holes

Microsoft has given advance warning of a number of security...

Nokia handset

Top 10 articles, 10 July 09

No Nokia Android phone, ActiveX attacks and Google enters into...

Can Google beat Microsoft at its own game?

Google's announcement this week that it plans to step into...

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Primary Navigation