US Dept. of Homeland Security Launches 'Cyber Storm III', a Large-Scale Cyber-Attack Test

The United States Department of Homeland Security has initiated Cyber Storm III, a new simulated cyber-attack exercise to test the ability of government agencies and over 60 private-sector organizations to work together under such distress.

The Cyber Storm III exercise would be the third large-scale cyber-attack that the DHS (Department of Homeland Security) would carry out. The last exercise, Cyber Storm II, was conducted in March of 2008.

With malware threats increasing to new levels and new parasites become more sophisticated and complicated, we think that exercises such as Cyber Storm III are necessary to ensure that Internet's fundamental elements are not used against itself or to compromise governmental infrastructure. In other words, conducting this exercise will reveal to government agencies on what they need to improve upon when it comes to the National Cyber Incident Response Plan and the ability of agencies to share attack information among each other.

Cyber Storm III will focus mainly on the complicated cyber-attacks. Since cybercrooks and hackers have moved beyond the realm of common attacks such as denial of service (DOS) attacks in favor of more complex targeted attacks, it makes an exercise such as Cyber Storm III all the more relevant. Not to mention the recent attack of Stuxnet which security researchers still do not know exactly where it came from but has had an impact on a nuclear power plant facility in Iran.

DHS launched Cyber Storm III yesterday and as explained by Phil Reitinger, deputy undersecretary of the DHS National Protection and Programs Directorate, the details of the exercise have not been revealed to outsiders because they did not want any media reports to influence the results. Basically, Cyber Storm III will be conducted in a way that would mimic an actual large-scale cyber-attack that no one knew was coming.

Several U.S. agencies will be involved in Cyber Storm III including the Departments of Energy, Defense, Justice, U.S. National Security Agency, State, Transportation and the White House. Not only are agencies in the United States participants in Cyber Storm III, but officials from Canada, Germany, France and the U.K. are also part of the exercise. With us knowing that large-scale cyber-attacks are hardly ever specific to a certain country, it would only make sense to include other areas of the world in such an exercise.

Do you think the U.S., along with other large countries, should conduct more exercises such as Cyber Storm III to improve upon their cyber security infrastructure or do they already do enough? Do you think we will witness a major cyber-attack that causes serious damage in our lifetime? Do you take proactive actions to protect your own computer at home from cyber-attacks?