Feeds

US, UK and friends have cyber-war party

I'll hose your network, if you hose mine

5 things you didn’t know about cloud backup

Business and government leaders from the US, UK and three other countries will spend much of this week simulating and defending against a large-scale cyber attack in an exercise designed to strengthen coordinated responses to what many perceive as a growing threat.

Participants of Cyber Storm II, which also include about 40 private-sector companies, will enact a scenario in which "persistent, fictitious adversaries" launch an extended attack using websites, email, phones, faxes and other communications systems. Other countries involved are Australia, New Zealand and Canada.

Cyber Storm II comes two weeks after the Pentagon released an assessment of China's military might, warning the People's Liberation Army was intent on expanding its capabilities for cyber warfare. It also comes amid intelligence reports that utilities in several countries have sustained cyber attacks that caused power outages.

This week's exercises are a follow up to Cyber Storm I, which was completed two years ago. They are mandated by an act of Congress that requires the public and private sectors to strengthen cyber preparedness.

Companies including Cisco, Juniper Networks, Dow Chemical, Air Products & Chemical and Wachovia are participating. Nine US states and at least 18 federal agencies are also involved. They represent the chemical, information technology, communications and transportation industries, which are considered ctritical parts of the infrastructure. The US Department of Homeland Security is hosting the event - no doubt with danishes and plenty of Starbucks coffee.

The exercises are designed to sharpen and assess participants' ability to respond to a multi-day, coordinated attack and better understand the "cascading effects" such attacks can have.

Results of Cyber Storm I pointed the the need for better coordination between various agencies and for a common framework for communicating among different parties.

While it's not necessarily a bad idea to simulate imagined threats, there's no indication that participants will delve into actual practices that are known to put national security at risk. For example, last week came word that a private website operator regularly received official Air Force communications containing sensitive information because his email address was similar to those of military leaders. Additionally, a Pentagon official has now confirmed that an attack last year on a network belonging to the Department of Defense involved a Windows vulnerability and allowed the intruders to steal "an amazing amount" of data.

As these episodes make clear, sometimes we can be our own worst enemy, no simulation necessary. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.