Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
- Veterans in Private Sector: Making the Transition
Shows & Panels
Search Tags: Cyber Storm III
A U.S.-led, global exercise in cybersecurity preparedness and response is expected to wrap up in the next 24 hours. The scenario is helping seven agencies, 11 states, 12 nations and 60 private sector companies prepare for major cyber attack.
Prepare for the worst…and hope for the best. This unofficial mantra of the emergency preparedness and response community also applies to cyber preparedness. This week seven federal agencies, 11 states, 12 international partners, and 60 private sector companies are doing just that: preparing for the worst in cyberspace. These organizations are all participants in Cyber Storm III, a global cybersecurity preparedness exercise led by the U.S. Department of Homeland Security. By the end of the week, these organizations will have responded to a fictionalized cyber threat scenario designed to test their individual and collective capabilities to respond to cyber attacks and the National Cyber Incident Response Plan (Interim Version, September 2010). Federal cyber preparedness has never been more important. The threat to federal information assets and networks is diverse, persistent, and growing. In recent testimony before the U.S. House of Representatives, General Keith Alexander, Commander of the U.S. Cyber Command, stated that U.S. Department of Defense networks are "probed roughly 250,000 times an hour" and characterized the "…shift toward operationalizing cyber tools as weapons to damage or destroy" as a "great concern to us at Cyber Command." The National Cyber Incident Response Plan states:
- Preparedness activities, including establishing common situational awareness in a common operational picture, are shared responsibilities across Federal, State, Local, Tribal, and Territorial governments and the private sector.
- Governance: bringing together the mission, policies, architectures, and organizational alignment to establish the who and what for risk management strategies.
- Risk management: establishing risk tolerance thresholds and implementing the technologies and processes that will assess, prioritize, and monitor risk on a continual basis.
- Compliance: ensuring the organization maintains a cyber security posture compliant with federal laws, regulations, guidelines, and standards with the ability to demonstrate sound risk management strategies when scrutinized by internal and external auditors and Inspectors General.
- Operations: designing, implementing, and monitoring security controls at the operational and tactical levels to include the ability to adequately respond to, withstand, and remediate cyber attacks.
By evaluating federal cybersecurity programs through this framework, agencies can better understand their capabilities and live up to their shared responsibility for cyber preparedness.
DHS kicked off a global exercise to test the capabilities of the government, other nations and the private sector, in dealing with a possible attack on computer networks. The week-long test asks participants to deal with a scenario where the attack takes down the Web.