Skip to main content

U.S. launches a drill to test international cybersecurity

By Paul Courson, CNN
STORY HIGHLIGHTS
  • Drill began Tuesday
  • It is a worldwide event to test cybersecurity

Washington (CNN) -- It's only a drill and no computers will be harmed in testing now underway to check whether governments, private industry, and other computer infrastructure could handle a major cyberspace attack.

The drill, called "Cyberstorm III," is staged as a worldwide event and "is beyond the capability of any one government agency to respond to," said Phillip Reitinger, a deputy undersecretary in the Department of Homeland Security, the sponsoring agency.

Security experts spent more than a year developing nearly 2,000 elements that resemble symptoms of a hostile electronic attack, arriving via the internet or through the spread of malicious computer programming.

The attempted takedown began Tuesday.

By Wednesday, hundreds of these elements, called "injects," had been distributed to information technology players who must respond and mitigate what confronts their systems.

In a briefing for reporters, Reitinger explained that a top goal of the exercise is to examine whether those affected by a cyberattack can communicate with each other and coordinate among themselves to minimize damage and perhaps block the spread of an attack.

Australia, Canada, Germany, Japan, France and the United Kingdom are among international participants in the exercise, at a time cyberattacks are increasingly launched from outside a targeted country.

Visiting a computer world equivalent of a war room, reporters Wednesday were allowed to observe about a hundred security experts as they originated the simulated elements of a cyberattack.

"These are the folks behind the curtain, pulling the strings, to actually make the exercise work," said Brett Lambo, the director of the Cyber Exercise Program, part of Homeland Security's National Cyber Security Division.

Looking at a flatscreen monitor that nearly covered an entire wall in the room, he pointed to a grid of color-coded boxes with alpha-numeric identifiers. "You can see who it went to, what was the expected player action, and what was the actual player action," he said.

Lambo declined to further describe the simulated attack now underway, saying disclosure might spoil some of the game. Participants, as part of the drill, are provided access to replica news outlets, describing impact the public could notice from a cyber-attack, as if one were really underway.

Last week, in a preview briefing about the preparedness drill, Lambo provided a look at the National Cybersecurity and Communications Integration Center -- the real war room where cybersecurity experts continually monitor against electronic systems attack.

The visit, to an unmarked high rise office building in the Virginia suburbs near Washington, was allowed only if reporters agreed not to immediately disclose any details of the drill that would begin within days.

Lambo explained, "There's never a better time to attack someone than when you know they're distracted by an exercise. And cyberspace being what it is and the adversary being what it is, it would be a lot of fun for someone -- it would be a giant feather in someone's cap -- to say they they hacked a cybersecurity exercise."

As of Wednesday morning, there were no known real attacks in reality. As for the exercise, "we are very pleased in how things are going," according to Reitinger, the DHS deputy secretary.

In addition to U.S. and international government agencies, the list of players includes information technology representatives from banking and finance, the chemical industry, major telecom firms, the energy sector, defense contractors, and those from the transportation, atomic energy, and other utility infrastructures.