Government and industry united in battle on cyber crime
Carl Banzhof
With a single keystroke, a coordinated cyber attack is launched on the U.S. Public infrastructure, communications, government and military networks all fall victim to a sophisticated adversary wielding stealthy malicious code. In the control center, red lights are flashing, but no warning can be made. The enemy has taken over all networked communications.
Because of the adversary’s planning and technical fortitude, systems nationwide fall victim simultaneously, opening the door to physical attacks, leaving our nation’s public works, transportation, financial institutions and other critical establishments completely exposed. The infrastructure of the U.S. dissolves with systematic precision. The public is in panic.
The good news: this doomsday hacker scenario, called a "Fire Sale," only happened in a movie. The bad news: in the evolving realm of IT security, coordinated cyber attacks like the one portrayed in the blockbuster action film "Live Free or Die Hard" aren’t that far from the realm of possibility (though much more complicated to initiate).
If we’ve learned anything from the past few years, it’s that cyber attacks are real government threats, and they’re an issue that our federal government takes very seriously. In response to the growing pervasiveness of cyber attacks, the Department of Homeland Security has been proactively exercising cyber security preparedness in both the public and private sector through simulated exercises such as TOPOFF4, Cyber Storm I and soon-to-come Cyber Storm II.
While these exercises are very large scale simulations, the scenarios are based on very real technology threats. Today, organizations evaluate their system defenses and calculate risk based upon vulnerabilities and threats posed by insiders and external forces, but they often overlook a much larger part of the equation. What happens in the event of a catastrophic cyber attack outside our doors? How will we communicate safely with agencies, other support organizations and the general public? These are questions that our government has shown tremendous leadership in answering. As part of DHS’s mission to lead the unified national effort to secure America, it has initiated simulated exercises -- particularly Cyber Storm -- that are providing real advantages to government, industry and our citizens through an effective and safe means to practice large-scale cyber security response efforts.
In 2006, the DHS National Cyber Security Division (NCSD) successfully executed the first government-led, full-scale cyber security exercise called Cyber Storm. Cyber Storm I was a large-scale, dynamic, participant-driven cyber security exercise conducted through a partnership of domestic and international governments and the private sector. The exercise was designed to enhance national cyber security by examining and validating response measures and policies in the event of a coordinated large-scale cyber attack. More than 100 public and private agencies, associations and corporations participated in the exercise from more than 60 locations and five countries.
Cyber Storm I participants included federal agencies, states, companies from information technology, telecommunications, energy and transportation, and international partners. Together, they collaborated in response to a simulated large-scale cyber campaign that disrupted multiple elements of our national infrastructure: energy, information technology, transportation and telecommunication. The scale of collaboration witnessed during the Cyber Storm exercise was unprecedented. For the first time, government agencies, industry participants, states and international partners joined together to thwart simulated cyber attacks waged on our nation. By involving private industry as participants in Cyber Storm, DHS was able to rally a team of truly dedicated IT security experts who were able to share insights gained from their diverse backgrounds. Sharing this expertise will be critical in shaping and refining our ongoing national cyber security strategy.
The primary objective of Cyber Storm was to exercise the national cyber incident response community with a special focus on:
• Interagency coordination through the National Cyber Response Coordination Group (NCRCG)
• Identification of policy issues that affect response and recovery
• Identification of critical information sharing paths
• Identification, improvement and promotion of public and private sector interaction in processes and procedures
Hard Evidence
Cyber Storm underscores a growing trend of partnerships being made between government and industry in order to protect our nation from evolving IT security threats. The world of cyber crime is still in its infancy, yet it has already redefined the way we look at security today. New forms of malware and attack strategies are growing incessantly. We’ve only begun to realize the potential threat posed when they are coordinated. To address this problem, government and industry have to work together.
At McAfee, we’re already delivering a security risk management strategy that’s helping agencies automatically scan for vulnerabilities, remediate issues and assess current threats to guard against insider and external forces. A holistic security risk management practice will undoubtedly remain the best way to protect internal IT assets. However, there is now a growing need for government and industry to focus on threats occurring outside an organization’s borders. As we become increasingly connected, wide-scale cyber attacks are generating fallout that has created entirely new security implications.
In May of 2007, one of the most infamous cyber attacks on record swept through Estonia, plaguing its government, first-responders, media and financial Web sites with denial of service errors -- virtually cutting Estonia off from its networked infrastructure. When an event reaches this magnitude, it is no longer just an IT issue; it’s a national security crisis. Agencies and other support organizations have to respond accordingly. Exercises like Cyber Storm help them practice and prepare.
In addition to the millions lost in collateral damage and recovery costs, the attack in Estonia showed the world hard evidence that our governments are not immune to wide-scale cyber crime. The threat is imminent. Cyber attackers have the odds in their favor. Every day, there are cyber attacks on government and private sector systems. These attacks range from minor incidents like spam and phishing to sophisticated attacks against critical infrastructure, like the one seen in Estonia. The persistence of global cyber crime calls for an equally vigilant international focus on this problem. Exercises such as Cyber Storm help keep experts focused on this issue and engaged in the development of new solutions and security initiatives.
Connecting government and industry
As an integral participant in Cyber Storm, McAfee is proud to say that the mission objectives laid out at the 2006 exercise were achieved, with tremendous credit due to the depth of participation granted by DHS. In several cases, DHS encouraged Cyber Storm’s players to share intelligence openly, creating a unique exercise environment where industry and government could work together more closely to accomplish objectives. The extent of this cooperation was a valuable leadership experience for all parties involved. With private industry "plugged-in," cyber responders were able to draw from a broader body of security knowledge and support, which in turn helped them identify threats faster and implement countermeasures precisely. At the 2006 Cyber Storm exercise, McAfee’s IT security expertise was especially useful in situations where dispersed, seemingly unconnected cyber and physical attack events could be identified as elements of a broader attack strategy.
More importantly, making this connection required trusted information sharing between industry and government. In the event of a wide-spread cyber attack, agencies, industry and other support organizations have to be prepared to share information quickly and safely. This was one of the most important aspects of Cyber Storm: Working together to effectively share mission-critical information across agencies and with industry while upholding internal security policies and protecting national security interests. In fact, the DHS Cyber Storm I report specifically listed this as a key achievement, where the DHS established numerous public and private relationships that will be invaluable in future preparation for -- and response to -- cross-sector cyber incidents. From frontline operations to policy adaptation, this was a major area of focus that will continue to be evaluated and refined at Cyber Storm II.
Goals to be evaluated further at Cyber Storm II:
During Cyber Storm II, McAfee is committed to helping DHS achieve the following goals throughout exercise week:
• Refine operations and coordination procedures to improve interagency and government-industry collaboration;
• Define contingency planning, risk assessment and organizational roles to further improve response times;
• Correlate incidents between public and private sectors to identify a potentially broader threat strategy;
• Establish ongoing training and exercise programs to raise awareness of cyber incident response roles, policies and procedures;
• Perfect communication across Cyber Storm’s community of interest in multiple-incident scenarios;
• Create a common framework for a continuous flow of synchronized information, available to cyber incident stakeholders;
• Develop a strategic communications and public relations plan to inform the response community and empower the pubic to take individual response or protective action;
• Improve processes, tools and technology to enhance response quality, speed and coordination.
McAfee is looking forward to participating in Cyber Storm II with the DHS National Cyber Security Division this spring, where previous insights will be applied and exercised in a rigorous exercise environment. As a leading dedicated security provider, we’re proud to play such a prominent role in this exercise and help our government create first-response frameworks that will empower our nation’s IT preparedness posture.
We now live in a world where any organization that operates a network connected directly or indirectly to the Internet is vulnerable to cyber attack. Unless we continue to foster government/industry cooperation and apply the knowledge of both realms, disasters like Estonia will continue to create global headlines. In 2007, we witnessed another record year for security breaches in the U.S. -- and abroad -- emphasizing the need for exercises like Cyber Storm. We applaud DHS’s commitment to lead the unified national effort to secure America by bringing public, private and international partners together to keep our world safer from cyber crime.
Carl Banzhof is vice president and chief technology evangelist for McAfee, Inc. He can be contacted at:
- Add your comment
- trackback url: http://www.gsnmagazine.com/cms/trackback/488-1
