DHS Conducts Full-Scale Cyber Security Exercise

The U.S. Department of Homeland Security (DHS) announced the completion of Cyber Storm, a full-scale government-led cyber security exercise to examine response, coordination and recovery mechanisms to a simulated cyber-event within international, federal, state and local governments, in conjunction with the private sector. In total, said DHS in a release, 115 public, private and international agencies, organizations and companies were involved in the planning and implementation of Cyber Storm.

"Cyber security is critical to protecting our nation's infrastructure because information systems connect so many aspects of our economy and society," said George W. Foresman, DHS Under Secretary for Preparedness. "Preparedness against a cyber attack requires partnership and coordination between all levels of government and the private sector. Cyber Storm provides an excellent opportunity to enhance our nation's cyber preparedness and better manage risk."

One of the scenarios simulated an incident where a utility company's computer system is breached, causing numerous disruptions to the power grid. The intent of this scenario is to highlight the interconnectedness of cyber security with the physical infrastructure and to exercise coordination and communication between the public and private sectors. Each of the scenarios was developed with the assistance of industry experts and was executed in a closed and secure environment.

Cyber Storm exercised national cyber incident response within the context of a large-scale cyber incident affecting the energy, information technology, telecommunications and transportation sectors. Capabilities examined, include:

• Interagency coordination through the National Cyber Response Coordination Group
• Identification of policy issues that affect response and recovery
• Identification of critical information sharing paths and mechanisms among public and private sectors
• Improvement and promotion of public and private sector interaction.

Organizations that participated in this exercise in addition to the DHS include:

• Department of Commerce
• Department of Defense
• Department of Energy
• Department of State
• Department of Transportation
• Department of Treasury
• Department of Justice
• Director of National Intelligence
• Central Intelligence Agency
• National Security Agency
• National Security Council
• Homeland Security Council
• States of Michigan, Montana and New York
• FBI
• U.S. Secret Service
• NORTHCOM
• American Red Cross
• Canada (PSEP-C)

The exercise was a simulated event, and there were no real-world effects on, tampering with, or damage to any critical infrastructure. While the exercise scenario was based on a hypothetical situation, it was not intended as a forecast of future terrorist threats.

The National Cyber Security Division (NCSD), a part of the department's new Preparedness Directorate, provides the federal government with a centralized cyber security coordination and preparedness function. The NCSD is the focal point for the federal government's interaction with state and local government, the private sector, and the international community concerning cyberspace vulnerability reduction efforts.