Friday January 9, 2009 1:34 PM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Discontinuing the issuance of MD5 certs is a good first step, but the real problem is that the ..."
on VeriSign addresses SSL certificate flaw
by Scott | Jan 6, 2009 3:13 PM
 
"My facebook profile has been hacked through one of these sites and they have changed my password ..."
on Facebook user profiles hacked, Wall feature relaying spam
by Ryan geen | Jan 3, 2009 3:51 PM
 
"http://impresser.com.au/category/security/ We need more websites like this. Security is an ..."
on Using international standards in your compliance program
by Andrew Galdes | Dec 27, 2008 3:46 PM
 
"Um... what product were you really using???? documentation is supplied in printed form (aka a ..."
on WebMarshal
by Glen | Dec 23, 2008 12:11 PM
 
"maybe that is just why it is best to outsource your intranet solution to experts companies like ..."
on Survey: Collaboration applications inadequately secured
by Pankaj | Dec 23, 2008 7:09 AM
Web

Industry reflects on Cyber Storm 2

  • Email a Friend
  • Print Page
Industry reflects on Cyber Storm 2
Related Articles
By Shaun Nichols
Apr 11, 2008 6:10 AM
Tags: "rsaconf" | "cyberstorm" | "global | security"
Groups involved in the Cyber Storm 2 security exercise presented their first thoughts on the simulated attack drill.

Members of five corporate and government groups, including Microsoft, the US Computer Emergency Response Team (US-Cert) and Dow Chemical all spoke about the study on Wednesday at the RSA conference in San Francisco.

The exercise involved 18 government agencies in five countries, as well as more than 40 companies from the private sector.

While none of the participants would give an insight as to what particular incident was simulated, they did reveal that the exercise involved industrial, public relations, and IT elements.

As such, the takeaway from the exercise ranged from lessons in cross-industry communication to public alert tactics.

Each of the groups involved, however, found that the biggest lesson of Cyber Storm 2 was just how important it was to build a network of both government groups and companies around the globe.

"It was really about developing those relationships and broadening up trust and confidence," said Paul McKitrick, managing director for the New Zealand Center for Critical Infrastructure Protection.

"Having those official back channels straight into another security team is essential."

Dan Lohrmann, chief information security officer for the state of Michigan, said that his team also received a lesson in communications as a result of the exercise.

"We worked quite a bit on communicating public awareness," said Lohrmann. " How we can get out communications to our state employees, to our citizens, and other partners."

The operation did also, however, find some weaknesses.

"There were some shortfalls in information sharing," said Randy Vickers, associate deputy director of US-Cert.

"Some of it is as simple as groups not having the means to communicate widely, and so you either have to send information through various groups of people instead of one central point."

Christine Adams, information systems manager at Dow Chemical, said that in addition to being more aware of what elevated threat levels mean, companies need to become more flexible and able to adapt to a crisis situation, particularly when channels of communication are cut.

"We have some work to do in terms of getting priority telecommunications services if we need it."

The final report on Cyber Storm 2 is expected to be released in the autumn.

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
2009 apple browser business data encryption firms free internet issues malware management microsoft safari security software threats update updates vendors