- Strong quake hits Japan, triggering tsunami
- Sniper heaven: Pentagon’s self-guided bullets leave enemies nowhere to hide
- Violent gang taking advantage of immigration crisis, using border as recruiting hub
- Medicaid enrollment continues to soar under Obamacare, administration says
- Michelle Obama to Latinos: ‘We cannot afford to wait on Congress’ for immigration
- White House urges GOP to act ‘urgently’ on $3.7 billion request for illegal immigrants
- Politicians, criminals using ‘right-to-be-forgotten’ law EU courts forced upon Google
- Combat fatigue: elite special forces troops are ‘fraying,’ Gen. Joseph Votel warns
- German foreign minister to meet Kerry to discuss spying claims
- Florida police spokesman tells citizens: ‘Get yourself some firearms’
Cyber Storm III aims to protect against real thing
13 nations unify for exercise
Question of the Day
An international cyberwar game to be staged this week by the Department of Homeland Security will simulate a sophisticated hacker attack that undermines the trusted relationships between computers on which the very architecture of the Internet relies.
Thirteen countries, 11 states and seven Cabinet-level federal agencies will take part in the exercise, dubbed Cyber Storm III — the third such biannual war game Homeland Security has organized.
The war game is a so-called “tabletop” exercise, meaning no actual computer networks will be attacked. The purpose, say U.S. officials, is to try out a national draft plan for responding to major cyberwarfare incidents — the National Cyber Incident Response Plan, or NCIRP.
“Cyber Storm III will be “a good way to tell where we have some kinks in the NCIRP,” Bobbie Stempfley, director of Homeland Security’s National Cyber Security Division, said at an embargoed briefing for reporters last week.
Ms. Stempfley noted that the war game will have nearly three times as many countries taking part as the last Cyber Storm, which involved only four in addition to the United States — a reflection of the globalized nature of threats to the Internet and the burgeoning cooperation among U.S. allies in combating them.
But there also will be more domestic participants, a function of the large — critics say confusingly large — number of federal, state and private-sector entities who would be involved in dealing with a real attack.
Another important objective of the exercise is to test a new multi-agency center, the National Cybersecurity and Communications Integration Center (NCIC), inaugurated last October to bring together at a single location the various different elements of Homeland Security and other agencies involved in dealing with Internet threats.
“We want to focus on information-sharing issues,” said exercise director Brett M. Lambo. “We want to know how well all of the different organizations in that room [the NCIC] are compiling, aggregating and acting on information they they’re sharing.”
In particular, the exercise had been designed to test how well and how quickly government agencies could declassify information so that it could be shared with private-sector companies that own and operate the infrastructure on which the Internet and other computer networks run, he said.
Rather than test the technical aspects of the response, the exercise is designed to explore “the decision-making process … and the information that informs that,” Mr. Lambo said.
The exercise is to begin Tuesday and will run for three or four days, depending on how play develops, he said. It consists of a series of so-called “injects,” narrative statements about make-believe events delivered to the players by e-mail, which they then have to respond to.
Mr. Lambo said Homeland Security had “significant industry involvement in building the scenario” for the exercise to ensure “technical rigor.” He declined to name any of the 60 companies taking part but said they include “major software firms, major anti-virus firms, [and] major network operators.”
He said “we’re trying to upset the chain of trust” on which the Internet depends by compromising two very basic services on which Web traffic relies: certificate authority and the domain name system (DNS).
Certificates are the computer codes that identify trusted instructions or addresses. DNS directs Internet traffic, translating Web addresses into the unique numeric codes that identify specific websites.
“We’re kind of using the Internet to attack itself,” Mr. Lambo said.
© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.
About the Author
TWT Video Picks
By Robert N. Tracci
Congress must use its appropriations power to secure the border
- Pentagon's self-guided bullets leave enemies nowhere to hide
- Obama calls GOP lawsuit over executive overreach a 'political stunt'
- A 'new Cold War': China's top paper warns of 'slippery slope' towards conflict with U.S.
- Violent gang MS-13 taking advantage of immigration crisis, using border as recruiting hub
- PRUDEN: 'Dirty Harry' Reids increasing eccentricity
- Michelle Obama to Latinos: 'We cannot afford to wait on Congress' for immigration
- Florida police spokesman tells citizens: 'Get yourself some firearms'
- Hamas orders civilians to die in Israeli airstrikes
- Veteran with concealed weapon turns tables on Chicago gunman
- Armed militia sets up Texas command center to 'fight for national sovereignty'
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq
World Cup's sexiest WAGs