Co-operation between different organisations is the key to coping with co-ordinated cyber-attacks. That's the view of Gregory Garcia, assistant secretary for cyber security and communications at the US Department of Homeland Security describing the build-up to the Cyber Storm II exercise completed last month.
Cyber Storm 2 was a week-long, cybersecurity simulation that included mock attacks on computer and transportation systems. But the exercise brought in many more players from government and other industries: about 2,500 people from the US, UK, Canada, Australia and New Zealand.
Garcia was speaking at the RSA Conference in San Francisco Wednesday. "It's better to exchange business cards now rather than during a crisis," he said. In fact the relationships built during the months of planning ahead of the Cyber Storm II were invaluable, he said. "If the exercise never even took place, I think people would have come away with a much better appreciation of what their vulnerabilities are, what could potentially happen to them, and who they need to connect with in this vast network."
By participating in Cyber Storm II, emergency response mangers could find out if their plans worked out as expected, and, in particular, if people wound up doing what the planners thought they would do, said Christine Adams, a senior information systems manager at the Dow Chemical Company, speaking during a panel discussion at the conference.
"You think you know how people are going to respond... but they surprise you sometimes," said Cyber Storm II participant Daniel Lohrmann, the chief information security officer with Michigan's Department of Information Technology.
Anyone looking for the gory details on how successful attackers were during the latest Cyber Storm will have to wait. Because some of the findings from the exercise are sensitive, the DHS doesn't want to discuss specifics until the after-report is issued, and that's not expected to happen until August at the earliest.
Dow Chemical's Adams did offer one example of a lesson learned. "It got to the point where our communications capability was somewhat compromised," she said. "We have some work to do around having the means to get priority telecom service if we need it."
The DHS said it expects to release an after-action report analysing the event, and is now beginning planning for Cyber Storm III in 2010. This report however is not expected to be released until August. Garcia would like to see more participants and new industry sectors being the "core players" in the next exercise, he said.
Original reporting by Robert McMillan, IDG News Service.