By LISA HOFFMAN
Scripps Howard News Service
February 09, 2006
In this case, the e-assault was a simulation that the Department of Homeland Security calls the first-ever international cyber-security exercise. Dubbed "Cyber Storm," the simulation began Monday and has unfolded in secret in Washington and beyond.
"Cyber Storm is intended to act as a catalyst for exercising communications, coordination and partnerships across critical infrastructure sectors," Homeland Security said in a news release about the exercise.
On Friday, Homeland Security officials will reveal details of the complicated scenario, along with some of the preliminary insights the massive simulation may have spawned.
Until then, only the broad outlines of the exercise are known. According to reports in the technology industry press, it includes scores of players from state, federal and foreign governments, along with such high-tech firms as Microsoft Corp., Cisco Systems Inc., and Intel Corp. Overseas news reports have said Great Britain, Canada and Australia are participating.
Originally planned for last fall, the game was postponed until now because dealing with the aftermaths of hurricanes Katrina and Rita took precedence for Homeland Security personnel.
According to an overview of the cyber war exercise on the Web site of the Information Technology Association of America, an industry trade group, the intent is to test the nation's readiness to fend off, combat and recover from a large-scale attack launched by terrorists or even foreign governments. The vulnerability of the nation's energy and transportation infrastructure will be spotlighted.
This week's exercise comes amidst a growing debate over the degree of cyber threat that actually exists today, or in the near future.
The absence of any significant attack so far that has caused more than temporary, quickly remedied disruption leads some experts to contend that the bad guys may simply lack the capability to mount a widespread, coordinated assault. While it would be foolhardy to neglect the potential for such an attack, it is equally unwise to exaggerate the threat, they say.
"We definitely have security problems, but they are more in the nature of self-inflicted wounds that render us vulnerable to hooligans than to guys in turbans and beards hunched over laptops in caves," said John Pike, head of GlobalSecurity.org, a national security think tank.
Even so, Pike says the Cyber Storm exercise, which was ordered by Congress, has merit. So does Paul Kurtz, executive director of the Homeland Security Leadership Alliance, a nonprofit organization for the homeland security industry.
"We have to think the unthinkable," Kurtz said. "We need to have exercises to bring this out of the abstract."
An October 2005 report by the Congressional Research Service found that at least one previous exercise brought good news. A U.S. Naval War College simulation in 2002 showed that attempts to cripple the U.S. telecommunications infrastructure failed because sufficient defenses prevented widespread damage.
But the congressional report also stressed that the United States is the nation most targeted by cyber foes. In the first half of 2005, U.S. computer systems were attacked 10 times more often than those of other countries.
And it warned that, as the nation continues to harden its borders and buildings against conventional attacks, terrorists might turn to other avenues to wreak harm.
"Persistent Internet and computer security vulnerabilities, which have been widely publicized, may gradually encourage terrorists to develop new computer skills, or develop alliances with criminal organizations, and consider attempting a cyber attack against the U.S. critical infrastructure," the report concluded.
Distributed to subscribers by Scripps Howard News Service.
Publish A Letter on SitNews Read Letters/Opinions