WASHINGTON, March 10 (UPI) -- Officials from 18 federal agencies, nine states, four foreign governments and more than three dozen private companies will take part in a cyberwar exercise staged by the U.S. Department of Homeland Security this week.
The war game, codenamed Cyber Storm II, will run Monday to Thursday, based at U.S. Secret Service headquarters in Washington. It is the second DHS biannual cyber-exercise, designed to test the ability of federal agencies and their partners in state, local and foreign governments and the private sector to respond to and recover from cyberattacks on their computer networks.
"The goal of Cyber Storm II is to examine the processes, procedures, tools, and organizational response to a multi-sector coordinated attack through, and on, the global cyber infrastructure," says a fact sheet from the department.
Details of the planning for the event are closely held, in part to avoid tipping off participants. The fact sheet says only that the exercise -- the culmination of more than 18 months of planning led by DHS' National Cyber Security Division -- will simulate a series of coordinated physical and cyberattacks on IT and communications systems and chemical, rail and pipeline infrastructure.
The attacker is not identified, but has "a specific political and economic agenda," says the fact sheet. In the last Cyber Storm exercise in 2006, the enemy was an anarchistic coalition of "hacktivists" -- politically motivated hackers -- called the Worldwide Anti-Globalization Alliance, joined by a number of "independent actors."
In the scenario, the attackers penetrated state health records' databases, attacked Federal Aviation Administration systems and defaced newspaper sites.
"Key elements of the hacker attack plan were to strike at trusted cyber systems that were used to control both physical infrastructures and digital commerce and services," says the DHS' after-action report, released in September 2006. "The attackers focused on maximizing economic harm and fomenting general distrust of big business and government by disrupting services and misleading news media and other information outlets."
The choice of adversary -- which the report stressed "was neither a forecast of any particular threats … currently existing nor an expression of any specific concerns" -- raised some eyebrows. Among U.S. military planners, nation states, and in particular China, are considered the actually existing adversaries with the most significant capabilities to launch attacks on, or through, the Internet.
One report, by Washington Post blogger Brian Krebs, said Cyber Storm II will feature a nation-state attacker, but a DHS official familiar with the planning said only that this was "a possibility."
The official added that the adversary was "more sophisticated" than in 2006. The scenario was "designed to examine the response to some of the threats that are out there in the real world," he said.
Having a nation-state adversary would make sense, former DHS preparedness chief George Foresman told UPI.
"The top candidates for adversaries would be states, terrorist groups and criminal enterprises" as they were in the real world, said Foresman, who was only involved in the very early stages of planning the event.
As in 2006, the attacks this week will be simulated on special systems set up for the exercise "and will not impact any live networks," says the fact sheet.
Participants in the exercise, which consists of a series of detailed scenarios unfolding according to a strict timetable, will learn of developments via more than 1,700 pre-scripted "injects" in the form of phone calls or e-mails from exercise managers, or through a mock TV news channel set up for the event.
But some of what players will learn from the channel will be bogus, former DHS official Jerry Dixon told Krebs' Security Fix blog.
"They'll inject some red herring attacks and information to throw intelligence analysts and companies off the trail of the real attackers," said Dixon, who helped plan the exercise.
The $6 million event will involve thousands of participants across the world, including from departments of the Australian, British, Canadian and New Zealand governments, and from U.S. agencies including the Department of Defense, CIA, National Security Agency and FBI.
Foresman said the foreign countries participating, all signatories to the 1947 UKUSA intelligence-sharing accords with the United States, were chosen because "there is a shared basis by which you can deal with classified information."
In Australia, which has ramped up its level of participation since the last exercise in 2006, officials from the federal police, Attorney General's Department and AUSCERT -- the Australian national Computer Emergency Response Team -- will all take part, Attorney General Robert McClelland told a news conference Friday.
In New Zealand, participating agencies include the Ministry of Foreign Affairs and Trade, the Ministry of Health, the Customs Service and the New Zealand Defense Forces, according to ComputerWorld.co.nz.
Companies taking part include ANZ National Bank, Cisco Systems Inc., which owns much U.S. Internet infrastructure, Dow Chemical, IBM, computer security firm McAfee, software giant Microsoft and Verizon.
International and private-sector participation is essential, said Foresman. "A cyberattack against the United States with real-world effects inside our borders can be launched from anywhere in the world," he said, adding that the attacks would target or utilize infrastructure owned by the private sector.
Cyber-warfare is "inherently international and inherently private (sector)," he said.
The 2006 after-action report said Cyber Storm I was designed to test basic elements of communication and decision-making in a complex environment of interdependent systems and multiple stakeholders. "Effective response to the scenario was designed to require rapid communications and de-confliction of critical information between players in all sectors and organizations, as well as strategic integration of information to gain accurate situational awareness," it said.
"It's all about the information," Foresman said, adding that "the ability to communicate highly technical information in real-time" between government officials without a common vocabulary had been a major challenge identified by Cyber Storm I.
"Collaboration between the government and the private sector" was something planners continued to wrestle with. "We haven't mastered that piece yet," he said.
