90 likes | 326 Views
Cyber Storm Overview. Wednesday 2/1/06 0900 PT. Cyber Storm National Cyberspace Security Exercise. Mandated in National Strategy to Secure Cyberspace Examine NCRCG concept of operations for national cyber incident response with public and private-sector stakeholders.
E N D
Cyber Storm Overview Wednesday 2/1/06 0900 PT
Cyber StormNational Cyberspace Security Exercise • Mandated in National Strategy to Secure Cyberspace • Examine NCRCG concept of operations for national cyber incident response with public and private-sector stakeholders.
Cyber Storm will be a five-day, phased, distributed exercise that includes a 36 hour period of 24x7 play, staged in real-time with time jumps to allow full crisis. It will incorporate build-up, crisis and response/recovery phases. .. The cyber attacks aimed at state and federal government agencies are intended to degrade government operations and the delivery of public services, diminish the ability to remediate impacts on other infrastructure sectors and undermine public confidence.
DHS has indicated that the Cyber Defense Technology Experimental Research Project (DETER) network testbed will also play a role in the simulation. Funded by DHS and the National Science Foundation, DETER is used by both government and commercial network researchers to create virtual models of complex networks, and to subject them to attacks, in a closed and secure environment. Cyber Storm will be a larger, more abstract, version of cyber security exercises routinely conducted by a variety of institutions. (Gov’t Security News)
DETER - Cyber Storm Outcomes • Demonstrate Relevance to National Strategy to Secure Cyberspace • Provide for the Development of Tactical and Strategic Analysis of Cyber Attacks and Vulnerability Assessments(page 21) • A/R 2-2: DHS, in coordination with appropriate agencies and the private sector, will lead in the development and conduct of a national threat assessment including red teaming, blue teaming, and other methods to identify the impact of possible attacks on a variety of targets. (page 56) • A/R 2-12: To optimize research efforts relative to those of the private sector, DHS will ensure that adequate mechanisms exist for coordination of research and development among academia, industry and government, and will develop new mechanisms where needed. (page 57) • Exercise “Experimenter’s Workbench” Capability • Realistic Referential Data for Exercise Participants • Ability to Simulate Agency Participation in National Exercises • Ability to Model Multiple Attacks on Multiple Networks • Engage Cyber Storm Stakeholder Community
DHS S&T Cyber Storm Objectives - DETER • Provide Opportunity to Evaluate S&T DETER Investment • Demonstrate Relevance of DETER Simulation Capability • Transition DETER Technology • Test DETER Ability to Provide Meaningful Operational Feedback • Understand Current Limits of DETER Capability • Establish Baseline for Future Evolution of DETER Capability • Understand Requirements for In-Situ Course of Action Estimation for Cyber Security Decision Making • Investigate DETER Potential for Use in Cyber Security War Gaming • Expand DETER Stakeholder Community
DETER Cyber Storm CONOP • Ron Ostrenga and Paul Walczak at EXCON facility (USSS HQ, D.C.) • DETER testbed operates in Cyber Storm dedicated mode 6-10 Feb • 8 MSEL events scripted; opportunity for ad hoc engagement • We will NOT operate 7*24; 07-1700 ET (unless some compelling reason arises) • NCSD intends to use DETER extensively in AAR process
DETER Related MSEL DET5203.01 - Projecting Impact of Major DDOS Attack Effects on State1 071215ET Feb 2006 DET4801-01 - Provide Major Blood Bank a predictive assessment related to effects of likely extortion consequences 072500ET Feb 2006 DET-5203.6 - Modeling Network Conditions Effecting on State1 080810ET Feb 2006 DET5203.7 - Provide State1 a predictive assessment related to effects of likely extortion consequences 080825ET Feb 2006 DET-5225 - Modeling Network Conditions Effecting on State1 080910ET Feb 2006 DET-5221 - Monitoring DDOS Attack Effects on State1 090900ET Feb 2006 DET-5224.2 - Monitoring DDOS Attack Effects on State1 090900ET Feb 2006 DET-5223 - Monitoring ISP Outage Effects on State1 091050ET Feb 2006