Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/27/2010
03:23 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

DHS Launches Cyber Attack Exercise

Cyber Storm III, the largest simulated cyber attack to date, aims to test a new national cyber response plan and stretch the limits of collaborative cybersecurity.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full photo gallery)
For three or four days this week, the Internet will come under a virtual attack from an unknown adversary, and it will be up to the government and private sector's coordinated efforts to root out the cause and work together to keep systems up and running -- at least within the simulated confines of the Department of Homeland Security's Cyber Storm III exercise, which begins Tuesday.

The Cyber Storm series of exercises simulates large cyber attacks on critical infrastructure and government IT assets in order to test the government's preparedness. Specifically, this year's exercise will be the first time DHS will test both the draft National Cyber Incident Response Plan (an effort to provide a coordinated response to major cybersecurity incidents) that will be publicly released later this year and the new National Cybersecurity and Communications Integration Center (the hub of DHS' cybersecurity coordination efforts).

With cybersecurity continuing to heat up as a national defense priority, Cyber Storm III will give the government a chance to see how ready it's processes and people really are in protecting the nation and Internet against malicious hackers. "So much of the cyber mission space is about collaboration, and every once in a while you've got to kick the tires to see how well it works," Bobbie Stempfley, director of DHS' National Cyber Security Division, said in a meeting with reporters last week.

This year's exercise will be the largest yet, including representatives from seven cabinet-level federal departments, intelligence agencies, 11 states, 12 international partners and 60 private sector companies in multiple critical infrastructure sectors like banking, defense, energy and transportation. High-level officials, including federal cybersecurity coordinator Howard Schmidt and deputy homeland security secretary Jane Holl Lute, will be among those taking part.

The exercise's "players" will be working through the scenario in their real-world offices, including the new National Cybersecurity and Communications Integration Center. "It's happening where it would because we're trying to as closely simulate the real world as we can," Brett Lambo, director of DHS' National Cyber Security Division's cyber exercise program, said.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Who knew face masks could also prevent the PII from spreading
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31618
PUBLISHED: 2021-06-15
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why...
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...