Collaboration is the real test for Cyber Storm III

A U.S.-led, global exercise in cybersecurity preparedness and response is expected to wrap up in the next 24 hours. The scenario is helping seven agencies, 11 s...

By Max Cacas
Federal News Radio

For Phil Reitinger, the deputy undersecretary of the National Protection and Programs directorate at the Department of Homeland Security, Cyber Storm III is about more than just testing the nation’s cybersecurity – it’s about testing the ability of people and organizations to collaborate.

“One of the things that is critical to realize about cyberspace,” he told reporters at a mid-exercise news briefing Wednesday, “is that this is beyond the capability of any one government agency to respond to, or even one government, or even one private sector entity. It really requires a joint response. And what we are seeing now is the framework created by the National Cyber Incident Response Plan and facilities like the National Cybersecurity and Communications Information Response Center that will enable all of the different players to come together, to work together, and to share information, as issues come up, to solve those problems, to work with them together jointly, to come up with solutions and to implement them.”

DHS will wrap up Cyber Storm III, its global cybersecurity preparedness and response exercise, sometime on Thursday.

“I think it’s going very, very well. We’re very excited,” he said. “Things are going to get more and more interesting today (Wednesday), as events continue to ramp up.”

Cyber Storm III includes seven federal agencies, 11 states, 12 nations and 60 private sector companies.

And while DHS is coordinating its response and involvement to the exercise scenario from the National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., the game, or exercise itself, is being run from the headquarters of the U.S. Secret Service in Washington.

It is from a basement level in the building that a still classified scenario, depicting the start of a major cybersecurity breakdown started three-and-a-half days ago. It’s a scenario that even a top player like Reitinger only knows in broad strokes for now.

“To tell you the truth,” he admitted to reporters, “I don’t know the scenario. I have remained ignorant as events come in, because I have a role to play. I just see stuff when it comes up with the rest of the players because that’s how we know how we’re doing. We’re playing this for real.”

Cyber Storm III is what is known as a tabletop exercise, in which participants all over the globe are either e-mailed, or texted the initial scenario, and then subsequent events, known as injects, as the scenario is played out over a four-day period. Participants don’t see the effects of the scenario on an actual computer network.

Reitinger said he was not concerned that Cyber Storm III was not being played out on an operational computer network, but he said that does not rule out the possibility that future versions of Cyber Storm might also one day be played on a specially built network.

Reitinger also said DHS is fulfilling a goal for Cyber Storm in that the exercise is turning out to be a good test of the operational viability of the NCCIC during a prolonged, crisis-like exercise.

Brett Lambo, DHS’ director of the cybersecurity exercise program, and the game master for Cyber Storm III, presides in a brightly lit, bustling room crammed with people, phones and lots and lots of flat screen monitors.

“We have about 100 people kicking around at workstations, and access to all those external networks,” he said. “You can see it’s a pretty big operation, but as we said, multiply that number by 10 for the number of players we have out in the field.”

Lambo also explained the purpose of a 12-foot high projection screen dominating one wall of the room. That big display indicates the status of the various “intersects,” or individual conditions of the fake crisis defined by the Cyber Storm exercise scenario.

Reitinger said almost as soon as the exercise is completed, the hard work of determining what they learned will begin.

“The first thing we’re going to focus on,” he said before returning to his seat in the exercise control floor, “is taking a look at what happened, what did we learn, where are the successes, how we move forward, and then rapidly determine how we turn that to enhancing the National Cyber Incident Response Plan.”

(Copyright 2010 by All Rights Reserved.)

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.