An international cyberwar game to be staged this week by the Department of Homeland Security will simulate a sophisticated hacker attack that undermines the trusted relationships between computers on which the very architecture of the Internet relies.
Thirteen countries, 11 states and seven Cabinet-level federal agencies will take part in the exercise, dubbed Cyber Storm III — the third such biannual war game Homeland Security has organized.
The war game is a so-called “tabletop” exercise, meaning no actual computer networks will be attacked. The purpose, say U.S. officials, is to try out a national draft plan for responding to major cyberwarfare incidents — the National Cyber Incident Response Plan, or NCIRP.
“Cyber Storm III will be “a good way to tell where we have some kinks in the NCIRP,” Bobbie Stempfley, director of Homeland Security’s National Cyber Security Division, said at an embargoed briefing for reporters last week.
Ms. Stempfley noted that the war game will have nearly three times as many countries taking part as the last Cyber Storm, which involved only four in addition to the United States — a reflection of the globalized nature of threats to the Internet and the burgeoning cooperation among U.S. allies in combating them.
But there also will be more domestic participants, a function of the large — critics say confusingly large — number of federal, state and private-sector entities who would be involved in dealing with a real attack.
Another important objective of the exercise is to test a new multi-agency center, the National Cybersecurity and Communications Integration Center (NCIC), inaugurated last October to bring together at a single location the various different elements of Homeland Security and other agencies involved in dealing with Internet threats.
“We want to focus on information-sharing issues,” said exercise director Brett M. Lambo. “We want to know how well all of the different organizations in that room [the NCIC] are compiling, aggregating and acting on information they they’re sharing.”
In particular, the exercise had been designed to test how well and how quickly government agencies could declassify information so that it could be shared with private-sector companies that own and operate the infrastructure on which the Internet and other computer networks run, he said.
Rather than test the technical aspects of the response, the exercise is designed to explore “the decision-making process … and the information that informs that,” Mr. Lambo said.
The exercise is to begin Tuesday and will run for three or four days, depending on how play develops, he said. It consists of a series of so-called “injects,” narrative statements about make-believe events delivered to the players by e-mail, which they then have to respond to.
Mr. Lambo said Homeland Security had “significant industry involvement in building the scenario” for the exercise to ensure “technical rigor.” He declined to name any of the 60 companies taking part but said they include “major software firms, major anti-virus firms, [and] major network operators.”
He said “we’re trying to upset the chain of trust” on which the Internet depends by compromising two very basic services on which Web traffic relies: certificate authority and the domain name system (DNS).
Certificates are the computer codes that identify trusted instructions or addresses. DNS directs Internet traffic, translating Web addresses into the unique numeric codes that identify specific websites.
“We’re kind of using the Internet to attack itself,” Mr. Lambo said.