Cyber Storm

The scenario targeted specific public and private organizations and involved both physical and Internet-based components. As part of the plan, bloggers spread misleading information along with information related to the scenario. Organizations being tested tried to discern which bits of information were relevant and, from that information, determine the nature of the attack.

Cyber Storm was aimed at computer systems involved in the operation of the critical infrastructure of the USA, particularly the information technology (IT), energy, communications, emergency management, military, and transportation sectors. The simulation did not involve or target private individuals or enterprises without their knowledge or consent.

The 115 participants involved in the planning and execution of Cyber Storm included government agencies at the federal, state and local levels, along with international agencies and corporations. Participants included:

• Department of Commerce
• Department of Defense
• Department of Energy
• Department of State
• Department of Transportation
• Department of Treasury
• Department of Justice
• Director of National Intelligence
• Central Intelligence Agency
• National Security Agency
• Microsoft
• CERT Coordination Center
• States of Michigan, Montana and New York
• FBI
• U.S. Secret Service
• NORTHCOM
• American Red Cross
• Public Safety and Emergency Preparedness Canada.

Full details have not been made public, but the DHS has indicated that Cyber Storm was complex and extensive enough to constitute a good simulation of an actual cyber attack. Cyber Storm evaluated communication and interaction among key organizations but did not involve major ISPs and backbone providers. The DHS will coordinate with IT-ISAC (Information Technology Information Sharing and Analysis Center) later in 2006 for a simulated attempt to bring down the Internet.

Read more about Cyber Storm: - The Department of Homeland Security issued a press release about Cyber Storm. - eWeek announced that "Feds Deem Operation Cyber Storm a Success."

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Application and Platform Security,   Enterprise Vulnerability Management,   Security Testing and Ethical Hacking,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Screencast: Samurai offers pen-testing nirvana Peter Giannoulis demonstrates the Samurai Web Testing Framework, a free, live Linux distro pre-configured to function as a stand-alone Web pen-testing... McAfee to acquire Solidcore Systems for whitelisting The $47 million deal adds Solidcore's whitelisting technology to McAfee's product line up. The Pipe Dream of No More Free Bugs Security researchers have declared they want vendors to compensate them for their independent search for vulnerabilities.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary ethical hacker  (SearchSecurity.com) ethical worm  (SearchSecurity.com)