A simulated cyber attack against U.S. critical infrastructure has shown the nation’s defenses and partners are better prepared for the real thing, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) said late last week.
The three-day, national cybersecurity exercise, which has taken place biannually since 2006, is referred to as “Cyber Storm,” and involves some 2,000 participants from federal, state and local entities, and private sector owners and operators. The point is to measure the nation’s cybersecurity preparedness and examine incident response processes, procedures, and information sharing in a setting players can discover and respond to coordinated cyber attacks as though they were real-world events.
While the manufactured scenario closely mimicked widespread attacks on various sectors in this year’s simulation, and was modeled on known capabilities of U.S. cyber adversaries, no critical infrastructure facilities or operations were actually attacked in the exercise. Election security, despite its front-and-center position three months away from the 2020 election, was not a sector tested by the simulation.
It’s important to simulate a debilitating attack to increase coordination between all the potential groups, said Brian Harrell, CISA assistant director for infrastructure security. “We’re more connected than ever, which means our nation’s critical infrastructure faces increased risks from cyber-attacks,” he said. “No one company or government agency can be expected to go it alone, which is why exercises like Cyber Storm bring everyone together to discuss and exercise how we would respond collectively to a cyber-attack. Each Cyber Storm our coordination and capabilities get better, and this year was no different.”
The current Cyber Storm exercises build on the conclusions of the previous one and is used to evaluate progress made in the cyber response community, CISA said. This year’s Cyber Storm showed the progress made in protecting critical infrastructure from attack since the last simulation in 2018, which involved roughly 1,000 participants, Harrell said. “Did we move the needle when it comes to cyber response, and I think this time around ... we are seeing some marketable improvement across the critical infrastructure space,” he told media outlets.
U.S. federal cyber security agencies have repeatedly sounded the alarm about the threat of attacks on the nation’s critical infrastructure. In the most recent warning issued a month ago, CISA and the National Security Agency strongly recommended that operators of critical systems take “immediate steps to ensure resilience and safety of US systems should a time of crisis emerge in the near term.” State-backed foreign hackers are lining up to target U.S. critical infrastructure, intending to deliver hard cyber shots at vulnerable operational technology underpinning the nation’s defenses, the agencies said in a joint alert.
“Now is the time to exercise under blue sky conditions, you don’t want to exchange business cards during a hurricane,” Harrell said. “The Cyber Storm exercise elements represented actual and potential risks and attacks were made to be as realistic as possible.”