Cyberstorm III & September, 2010

Evidently goes back to 2006, second one was 2008 and from these articles the next was already in the planning process as of 09. The linked pages have an interesting correspondence detailed, and pdf that is from Cyberstorm I.

Have to admit after looking it over, was very intriging to read. Quoted section and source link below are from pdf;

Cyber Storm Overview
What:
 Provided a controlled environment to exercise State, Federal, International, and
Private Sector response to a cyber related incident of national significance
 Large scale exercise through simulated incident reporting only – no actual impact
or attacks on live networks
 Specifically directed by Congress in FY05 appropriations language and
coordinated with DHS National Exercise Program
Who: 300+ participants from
 Federal D/As: Support and/or participation by 8 Departments and 3 Agencies
 States: Michigan, Montana, New York, Washington (Exercise Control)
 International: Australia, Canada, New Zealand, UK
 Private Sector
– IT: 9 major IT firms
– Energy: 6 electric utility firms (generation, transmission & grid operations)
– Airlines: 2 major air carriers
– ISACs: MultiState,
IT, Energy, Finance (off the record participant)
(Nebraska, North Carolina, South Carolina, Texas @ MSISAC)
 When: February 610,
2006
 Where: distributed participation from ~ 60 locations including US, Canada, and UK
National Cyber Exercise: Cyber Storm

DHS' Cyber Storm III to test Obama's national cyber response plan
By Jill R. Aitoro 08/26/2009

ATLANTA -- The Homeland Security Department's third large-scale cybersecurity drill in September 2010 will test the national cyber response plan currently being developed by the Obama administration, said industry and government participants in the simulation exercise during a conference on Tuesday.
The national cyber response plan

As part of DHS wide pre-audit of public facing internet sites, CG-651
is contacting the owners of CG web sites identified that may contain
inappropriate material. Some info may be benign, but need the owner
to review and check to ensure that the info posted is appropriate
for public viewing.

The following link contains a document labeled FOUO:

cryptome.quintessenz.at...

Coast Guard Sends a DHS-Wide Web-Spy Takedown

I did some digging and came up with some other open sources on the subject matter. If these peices of the puzzle are available on the public net, and even some random "Joe" like me... can find these, who is to say real terrorists havn't as well.

[Australian]

Cyber Storm II National Cyber Security Exercise Final Report
... of Homeland Security (DHS) National Cyber Security Division conducted the first US National Cyber Exercise, Cyber Storm, as ... phase will need to be incorporated into Cyber Storm III.

[USA]

CYBER STORM II Final Report
Department of Homeland Security
Office of Cybersecurity and Communications
National Cyber Security Division
EXECUTIVE SUMMARY
The National Cyber Exercise: Cyber Storm II successfully executed on March 10 – 14, 2008 at player locations across the United States, as well as in international partner locations in Australia, Canada, New Zealand, and the United Kingdom. The Department of Homeland Security – National Cyber Security Division (DHS – NCSD) sponsored the exercise to improve the capabilities of the cyber incident response community, encourage the advancement of public-private partnerships within the critical infrastructure sectors, and strengthen the relationship between the federal government and its government partners at the state, local, and international levels.

Cyber Storm II National Cyber Exercise
In March 2008, the Department of Homeland Security’s National Cyber Security Division (NCSD) will sponsor its second large-scale national cyber exercise, Cyber Storm II. Planned in close coordination with and driven by its stakeholders and participants, the exercise will center on a cyber-focused scenario that will escalate to the level of a cyber incident requiring a coordinated Federal response.

Cyber Storm II Initial Fact Sheet

[this relates to continuity of government
and the industrial complex, both military and intelligence]

Through exercises,
participants are able to
validate policies, plans,
procedures, processes,
and capabilities that
enable preparation,
prevention, response,
recovery, and continuity
of operations (COOP).

National Cyber Security Division Cyber Exercise Program

Lessons learned from Cyber Storm II

The exercise simulated a large-scale coordinated cyber attack on critical infrastructure sectors including the chemical, information technology (IT), communications, and transportation (rail/pipe) sectors.

The exercise addressed the increasingly sophisticated cyber security threats that both the public and private sectors face.

DHS | Fact Sheet: Cyber Storm II: National Cyber Exercise

National Exercise Division
Homeland Security Exercise and Evaluation Program
Quarterly Newsletter
Spring 2008

Operational Updates Cyber Storm II Exercise (Tier II)

[the Flint guys are from my home state and are only a couple counties over]

April 25, 2008)--Baker College of Flint, Mich., Texas A&M University and the University of Louisville took first, second and third place honors in the third annual National Collegiate Cyber Defense Competition (CCDC) held April 18-20 at the Airport Hilton hotel in San Antonio. The winning team was invited by the Department of Homeland Security (DHS) to attend the March 2010 Cyber Storm III National Cyber Security Exercise in Washington, D.C.

National cyber defense contest champs announced > UTSA Today

All that and more, the above is just a selection, my choice obviously of what is publically available, and the Coast Gaurd "information assurance" guy is all worried that the pdf they have that was posted on the internet, could get them in some violation of the docs FOUO status. See cryptome link for details.

If they were going for keeping it secret, they are being very counter productive. I am going to say the info assurance guy can let the coast gaurd know they can relax, and let their gaurd down.



[edit to add as after thought, whole cryptome and coast guard/CG thing is about the docs being marked;

This document is FOR OFFICIAL USE ONLY (FOUO). It contains
information that may be exempt from public release under the Freedom
of Information Act (5 U.S.C. 552). It is to be controlled, stored, handled,
transmitted, distributed, and disposed of in accordance with DHS policy
relating to FOUO information and is not to be released to the public or
other personnel who do not have a valid “ need-to-know” without prior
approval of an authorized DHS official.

Which seems to have the information assurance guy sweating, despite all the publically available material provided above.


[edit on 19-2-2010 by ADVISOR]

Thank you, advisor. Lotsa work here, appreciated.
People worry about NLE when here is C3 right in our homes !
I just found out about cyber 3 from searching a dsl address question.
I noticed the 2nd DNS server address on my machine today was four two two two. I found this intruiging so I researched the address. This led me to the document outlining changes in security for 2010, 2011. Here is the title for all who want to check it out.

Proposed Initiatives for Improved DNS Security, Stability and Resiliency

It is called strategic ssr for those who are interested.

Since today is a holiday in the US and many are on the Internet, I wonder if they are exercising C3 today or if Verizon is using the address to handle the traffic?
Fun stuff.