Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) between February 6-10, 2006 to evaluate the performance of various public and private organizations. The simulation was conducted from computers in the basement of the Secret Service in Washington DC.
The scenario targeted specific public and private organizations and involved both physical and Internet-based components. As part of the plan, bloggers spread misleading information along with information related to the scenario. Organizations being tested tried to discern which bits of information were relevant and, from that information, determine the nature of the attack.Content Continues Below
Cyber Storm was aimed at computer systems involved in the operation of the critical infrastructure of the USA, particularly the information technology (IT), energy, communications, emergency management, military, and transportation sectors. The simulation did not involve or target private individuals or enterprises without their knowledge or consent.
The 115 participants involved in the planning and execution of Cyber Storm included government agencies at the federal, state and local levels, along with international agencies and corporations. Participants included:
- Department of Commerce
- Department of Defense
- Department of Energy
- Department of State
- Department of Transportation
- Department of Treasury
- Department of Justice
- Director of National Intelligence
- Central Intelligence Agency
- National Security Agency
- CERT Coordination Center
- States of Michigan, Montana and New York
- U.S. Secret Service
- American Red Cross
- Public Safety and Emergency Preparedness Canada.
Full details have not been made public, but the DHS has indicated that Cyber Storm was complex and extensive enough to constitute a good simulation of an actual cyber attack. Cyber Storm evaluated communication and interaction among key organizations but did not involve major ISPs and backbone providers. The DHS will coordinate with IT-ISAC (Information Technology Information Sharing and Analysis Center) later in 2006 for a simulated attempt to bring down the Internet.