Drill Trains Participants for Potential Cyber Storm Front

Perhaps it began with Y2K, this realization that the unseen operational grid could come crashing down by the mere numerical click from one century to the next-but the threats to operational functionality in all areas of human-machine interface are very real. A cyber exercise conducted again this year will incorporate some changes to simulate new challenges. In his article, "An Approaching Cyber Storm Includes New Threats," Defense Editor Max Cacas examines the global cybersecurity exercise Cyber Storm in this issue of SIGNAL Magazine. The U.S.-led global event will sport a new look and format when it takes place later this year. The changes reflect the constantly deviating nature of threats posed daily to the world's cyber infrastructure. Cyber Storm exercises have been conducted almost every two years since 2006. All have been organized and conducted under the aegis of the Department of Homeland Security's (DHS's) Office of Cybersecurity and Communications, National Cyber Security Division. These are primarily policy-driven tabletop exercises, and do not involve the injection of malicious digital code into a functioning network. Rather, participants rely on text messages or email as a means of communicating changes in the test scenario. According to Brett Lambo, director of the Cybersecurity Exercise Program with the DHS's National Cyber Security Division, cyberthreats are now being viewed in a much broader manner:

We've long since left the notion of a purely destructive hacker in our rear-view mirror. We're all organizing, training and equipping to meet challenges that are sophisticated, and to do that, we've been developing capabilities of our own that are fairly sophisticated.

Lambo is planning the exercise's fourth iteration, returning a second time in the role of chief architect and game master. After reviewing how much things have changed since Cyber Storm III, it was time for a new approach, he reports. The 2012 Cyber Storm format will feature an ongoing series of events, not just one main event, and the series of events will be broken up by different constituency groups. Participants will include a wide-ranging group of representatives from private industry and local, state, federal and international government. Lambo says the broad spectrum of active participants is part of the "method to the madness" of the Cyber Storm exercise, especially in its new format. Exercise details still are being developed and are heavily classified until after the exercise is completed. However, Lambo is clear when he says that change will be a centerpiece of this year's program. Unlike the exercise two years ago, Cyber Storm IV will not have a formal beginning. Once planning is completed in the spring, Lambo explains:

We will start rolling out these exercises, small and large, but nothing like you saw in September of 2010.

The most important tool gleaned from these exercises, Lambo emphasizes, is the lessons learned. For the DHS, he says Cyber Storm also offers a unique way to rigorously test the National Cyber Incident Response Plan (NCIRP), which details how the nation will prepare for, and deal with, a cyber attack. It also addresses the roles and responsibilities of other cabinet-level agencies, as well as on how the federal government is expected to respond to the needs of citizens and private businesses, along with those of foreign governments that increasingly rely on the public Internet. In reflecting on the outcome of Cyber Storm III and how it's shaping his master plan for Cyber Storm IV, Lambo says he is satisfied that many of the core policies driving U.S. cybersecurity strategies have been verified, with some work still to be done. Will Cyber Storm IV prove anything new or different that wasn't already addressed in previous Cyber Storm exercises? What unique new technologies have been developed in the past two years that will help protect the wide-ranging, yet nearly invisible, domain of cyberspace? Share your thoughts and opinions here.