[Infowarrior] - Washington Prepares for Cyber War Games

[Richard Forno]

Washington Prepares for Cyber War Games
Week-Long Simulation Tests Agencies', Companies' Response to Online Attacks

http://www.washingtonpost.com/wp-dyn/content/article/2008/03/07/AR2008030701
157_pf.html

By Brian Krebs
washingtonpost.com Staff Writer
Friday, March 7, 2008; 7:44 AM

The U.S. government will conduct a series of cyber war games throughout next
week to test its ability to recover from and respond to digital attacks.

Code-named 'Cyber Storm II,' this is the largest-ever exercise designed to
evaluate the mettle of information technology experts and incident response
teams from 18 federal agencies, including the CIA, Department of Defense,
FBI, and NSA, as well as officials from nine states, including Delaware,
Pennsylvania and Virginia. In addition, more than 40 companies will be
playing, including Cisco Systems, Dow Chemical, McAfee, and Microsoft.

In the inaugural Cyber Storm two years ago, planners simulated attacks
against the communications and information technology sector, as well as the
energy and airline industries. This year's exercise will feature mock
attacks by nation states, terrorists and saboteurs against the IT and
communications sector and the chemical, pipeline and rail transportation
industries.

Jerry Dixon, a former director of the National Cyber Security Division at
the Department of Homeland Security who helped to plan both exercises, said
Cyber Storm is designed to be a situational pressure-cooker for players:
Those who adopt the proper stance or response to a given incident are
quickly rewarded by having to respond to even more complex and potentially
disastrous scenarios. Players will receive information about the latest
threats in part from a simulated news outlet, and at least a portion of the
feeds they receive will be intentionally misleading, Dixon said.

'They'll inject some red herring attacks and information to throw
intelligence analysts and companies off the trail of the real attackers,'
Dixon said. 'The whole time, the clock keeps ticking, and things keep
getting worse.'

At a cost of roughly $6.2 million, Cyber Storm II has been nearly 18 months
in the planning, with representatives from across the government and
technology industry devising attack scenarios aimed at testing specific
areas of weakness in their respective disaster recovery and response plans.

'The exercises really are designed to push the envelope and take your
failover and backup plans and shred them to pieces,' said Carl Banzhof,
chief technology evangelist at McAfee and a cyber warrior in the 2006
exercise.

Cyber Storm planners say they intend to throw a simulated Internet outage
into this year's exercise, but beyond that they are holding their war game
playbooks close to the vest.

Individuals who helped plan the scenarios all have signed non-disclosure
agreements about the details of the planned attacks. They will act as
puppeteers apart from the participants, injecting events into the game from
a command center at U.S. Secret Service headquarters in Washington, D.C.
Meanwhile, players will participate via secure online connections from
around the world.

At its most basic, organizers say, the exercise tests the strength of
relationships and trust between government officials and the private sector
companies that control more than 80 percent of the nation's critical
physical and cyber infrastructure. In Cyber Storm I, the Department of
Homeland Security and the participating companies largely kept the exercise
a secret until it was virtually completed. In fact, most of the companies
that participated in Cyber Storm I did so anonymously, so that that private
sector players only knew each other's respective companies by fictitious
business names.

The fact that so many companies have chosen to trumpet their participation
in this year's exercise is a testament to how those trust relationships have
grown in the intervening years, said Reneaue Railton, manager of critical
infrastructure response for Cisco Systems, a company whose hardware devices
help direct a large portion of the traffic on the Internet.

'All the companies that played did so anonymously,' Railton said. 'We didn't
always know who we were contacting.'

Railton, who helped plan the attack scenarios in this year's exercise, said
Cyber Storm II promises to keep all participants on their toes, like an
episode of the television show '24,' only for an entire work week at a time.
Dozens of companies and government agencies from Australia, Canada, New
Zealand and the United Kingdom will also participate in the war games and
will keep the game in flux around the clock, she said.

The war games will be far more realistic and inclusive for Australia, whose
participation in the first Cyber Storm amounted to what a spokesperson for
the Australian Attorney General's department called "a desktop exercise"
that did not include any private sector companies.

"This year, we're setting up an exercise control room and will be sending
out injects to the players in both the private sector and the government,"
said Daniel Gleeson of the Australia's Attorney General's office. "So we'll
be involved in this as it unfolds in real time, rather than just talking
about what we'd do in those situations."