Over 1,100 people across more than 60 organizations took part in Cyber Storm V, the latest DHS-led national cyber security exercise designed to test a coordinated response to cyber attacks across the nation’s 16 critical infrastructure sectors such as energy, communications and financial services.
The threats are real and increasing in sophistication and frequency. Systems are under constant attack ranging from file deletion attempts, theft, system manipulation and espionage. For example, an attack on command and control systems could shut down power generation as was seen in Ukraine last year. According to US-CERT, remote cyber intrusions in December 2015 at three regional power distributors in Ukraine took place within 30 minutes of each other and entailed the following:
– extensive reconnaissance of victim networks
– external, malicious operation of breakers with remote administration tools or remote industrial control system client software
– possible use of legitimate credentials prior to the attack (acquired via spear phishing emails or another Trojan)
– wiping systems using KillDisk malware to erase files and corrupt records
Now in its tenth year, the Cyber Storm event included participants from the healthcare and public health, IT, communications and commercial facilities sectors, as well as federal agencies, eight states, and international organizations.
According to DHS, participants were presented with a broad based scenario that required cross-organizational collaboration and called on them to exercise their training, policies and procedures for identifying and responding to a multi-sector attack.
DHS National Cybersecurity and Communications Integration Center – NCCIC, served as the focal point for federal response and coordination.