By Stephen Bell
27 February, 2007
New Zealand organisations will find their online defences tested for the
first time in a huge international cyber-security exercise being
coordinated by the US Department of Homeland Security next year.
Private and public-sector organisations will be involved in next Marchs
Cyber Storm II attack simulation, along with organisations in the US,
Canada, the UK and Australia.
The exercise will simulate, on a private network, a series of hacking
and cyber-terrorism events attempted via the internet.
Nothing of a dangerous nature will be attempted on live networks, says
Richard Byfield of the Centre for Critical Infrastructure Protection,
which will coordinate the local part of the exercise.
The first Cyber Storm simulation took place in March 2006, but New
Zealands involvement was small, just a table-top exercise, with
simulations of escalating events being represented on paper. This time,
there will be an online portal, where scenarios appropriate to our
national security will be played out, testing the responses and
inter-communication abilities of government organisations such as CCIP,
the Defence Force, the Security Intelligence Service and the Polices
electronic crime lab, as well as private-sector maintainers of vital
infrastructure such as Telecom and Transpower. Some internet service
providers are likely to be asked to be involved as well, says Byfield.
As organisations respond to the attacks, the situation will escalate in
unpredictable ways. Like a fire-drill, there will be an exhaustive check
after the simulation exercise, to see if the right people and agencies
were informed at the right time.
Naturally, there is no advance knowledge of exactly what will be
simulated, but unofficial reports suggest one of the major scenarios
could involve the chemical industry, says Mike Harmon, who is in charge
of the exercise for the CCIP.
New Zealand will have some flexibility when it comes to the scenarios it
chooses to run, to reflect our particular vulnerabilities.
The electricity grid and telecommunications are good things to test in
New Zealand, says Byfield, because management of the two industries is
dominated by one company in each sector.
Interruptions to the electricity supply are likely to involve not only
the core network but also the digital supervisory control and data
acquisition (Scada) network that overlies and controls electricity
For a long time, Scada been concealed from public view Harmon calls it
security by obscurity but the networks are now connected via the
internet, making them more visible and therefore more vulnerable.
A preliminary table-top exercise will be held next month, to prepare for
the real thing in 2008.
The first Cyber Storm simulation uncovered gaps and stresses in
communications between agencies, particularly when there were multiple
threats which demanded concurrent responses.
Management of public information was also identified as critical, and
will be carefully monitored this time round.
As part of the exercise, authorities have to ensure public information
is accurate, so as to avoid creating needless panic, says the report
from the first exercise. Misleading information or deliberate
disinformation is a risk, particularly in a world of bloggers and other
independent media sources. Media organisations, particularly those that
cover ICT, could be asked to play a role in Cyber Storm II, says Harmon.
Media relations staff from the various agencies involved in the exercise
will certainly be important participants.
Copyright Fairfax Business Media
Subscribe to the InfoSec News RSS Feed