Government Cyber Storm Ends

Bemmu writes "Mainichi Daily News and BBC News are reporting that the 'Cyber Storm' operation, for testing how prepared America is for fending off cyber attacks, has now concluded. Apparently they even used bloggers as part of the operation, as relayers of misinformation!"

Uh oh

[rwebb]

If the exercise Hurricane Pam is to Hurricane Katrina as Cyberstorm is to an actual cyber attack, then we're in deep doodoo. No smiley.

Re:Uh oh

[carpe_noctem]

Hey, that's a rather unfair comparison. The Hurricane Pam exercise accurately pointed out everything bad that would happen in case of a category-5 hurricane, and it also outlined the government's areas where they were not prepared (well, up until the point when the exercise was cancelled, that is). The exercise itself could have been very useful, had the government actually used information from this exercise. However, gross amounts of miscommunication (which seems to be the norm in the US government these days) led to the katrina disaster.

Mock attack = Mock results

[t7]

"The war game drew in 115 agencies from the FBI and CIA to the Red Cross, the Department of Homeland Security said."

"IT companies and state and foreign governments also played a role in responding to the mock attacks."

These "simulated" attacks are all well and good, but they are being performed by entities meant to keep the system secure. Isn't that only attacking from one angle? Did these groups attack the systems like scriptkiddies would? Like seasoned professionals not skewed or influenced by "standard corporate security measures"? Did they take into account social engineering and attacks from the inside?