Cyber Storm Overview
Wednesday 2/1/06
0900 PT
Cyber Storm
National Cyberspace Security Exercise
• Mandated in National Strategy to Secure
Cyberspace
• Examine NCRCG concept of operations for
national cyber incident response with public and
private-sector stakeholders.
Cyber Storm will be a five-day, phased, distributed
exercise that includes a 36 hour period of 24x7 play,
staged in real-time with time jumps to allow full
crisis. It will incorporate build-up, crisis and
response/recovery phases. .. The cyber attacks aimed
at state and federal government agencies are
intended to degrade government operations and the
delivery of public services, diminish the ability to
remediate impacts on other infrastructure sectors
and undermine public confidence.
DHS has indicated that the Cyber Defense
Technology Experimental Research Project
(DETER) network testbed will also play a role
in the simulation. Funded by DHS and the
National Science Foundation, DETER is used by
both government and commercial network
researchers to create virtual models of complex
networks, and to subject them to attacks, in a
closed and secure environment. Cyber Storm
will be a larger, more abstract, version of cyber
security exercises routinely conducted by a
variety of institutions. (Gov’t Security News)
DETER - Cyber Storm Outcomes
• Demonstrate Relevance to National Strategy to Secure Cyberspace
– Provide for the Development of Tactical and Strategic Analysis of Cyber Attacks and
Vulnerability Assessments (page 21)
– A/R 2-2: DHS, in coordination with appropriate agencies and the private sector, will
lead in the development and conduct of a national threat assessment including red
teaming, blue teaming, and other methods to identify the impact of possible attacks
on a variety of targets. (page 56)
– A/R 2-12: To optimize research efforts relative to those of the private sector, DHS will
ensure that adequate mechanisms exist for coordination of research and
development among academia, industry and government, and will develop new
mechanisms where needed. (page 57)
• Exercise “Experimenter’s Workbench” Capability
– Realistic Referential Data for Exercise Participants
• Ability to Simulate Agency Participation in National Exercises
• Ability to Model Multiple Attacks on Multiple Networks
• Engage Cyber Storm Stakeholder Community
DHS S&T Cyber Storm Objectives - DETER
• Provide Opportunity to Evaluate S&T DETER Investment
• Demonstrate Relevance of DETER Simulation Capability
• Transition DETER Technology
– Test DETER Ability to Provide Meaningful Operational Feedback
– Understand Current Limits of DETER Capability
– Establish Baseline for Future Evolution of DETER Capability
• Understand Requirements for In-Situ Course of Action Estimation for
Cyber Security Decision Making
• Investigate DETER Potential for Use in Cyber Security War Gaming
• Expand DETER Stakeholder Community
DETER Cyber Storm CONOP
• Ron Ostrenga and Paul Walczak at EXCON
facility (USSS HQ, D.C.)
• DETER testbed operates in Cyber Storm
dedicated mode 6-10 Feb
• 8 MSEL events scripted; opportunity for ad hoc
engagement
• We will NOT operate 7*24; 07-1700 ET (unless
some compelling reason arises)
• NCSD intends to use DETER extensively in
AAR process
DETER Related MSEL
DET5203.01 - Projecting Impact of Major DDOS Attack Effects on State1 071215ET Feb 2006
DET4801-01 - Provide Major Blood Bank a predictive assessment related to effects of likely
extortion consequences 072500ET Feb 2006
DET-5203.6 - Modeling Network Conditions Effecting on State1 080810ET Feb 2006
DET5203.7 - Provide State1 a predictive assessment related to effects of likely extortion
consequences 080825ET Feb 2006
DET-5225 - Modeling Network Conditions Effecting on State1 080910ET Feb 2006
DET-5221 - Monitoring DDOS Attack Effects on State1 090900ET Feb 2006
DET-5224.2 - Monitoring DDOS Attack Effects on State1 090900ET Feb 2006
DET-5223 - Monitoring ISP Outage Effects on State1 091050ET Feb 2006
Q&A