Cyber Storm tests US infrastructure defences

UK government helps test US internet systems

The UK government last week took part in a major exercise to test whether key parts of the US national infrastructure could withstand cyber attacks from hackers and viruses.

Key elements of the US critical national infrastructure (CNI), including power stations and banking systems, were tested to see if internet-connected IT systems would be able to survive an electronic threat.

The operation, codenamed Cyber Storm, was carried out by the US Department of Homeland Security, and received assistance from the UK’s Ministry of Defence and the National Infrastructure Security Co-ordination Centre (NISCC), which works to prevent similar attacks in the UK.

Some 115 federal and state agencies, private sector organisations and other foreign governments took part in the week-long US operation.

The simulated attacks were aimed at causing ‘significant cyber disruption’ to energy, transportation and government sectors, says George Foresman, an undersecretary at the US Department of Homeland Security.

‘Cyber security is critical to protecting our infrastructure, because information systems connect so many aspects of our economy and society,’ he said.

The exercise also looked at how blogging web sites could be used by protesters or terrorist groups to spread misinformation.

The US government has been criticised in the past for being unprepared for an orchestrated electronic attack against its CNI, but it is believed that last week’s mock attacks caused very little disruption.

A Home Office spokeswoman told Computing that similar tests were planned for the UK CNI, but refused to divulge timings.

‘We collaborate with international colleagues, and NISCC does have its own regular programme which it runs twice a year,’ she said.

‘The programme is designed to test response capabilities and incident management.’
The Home Office would not say if its cyber-attack simulations involve private sector organisations, which run about 80 per cent of the CNI in the UK and are mainly unregulated in terms of security.