Next week, the Department of Homeland Security’s National Cyber Security Division (NCSD) will sponsor its second large-scale national cyber exercise, Cyber Storm II. According to DHS, the exercise “will center on a cyber-focused scenario that will escalate to the level of a cyber incident requiring a coordinated Federal response.” FCW’s Ben Bain provides further background on the exercise.
During my time at DHS, my involvement with the first Cyber Storm, along with other training programs, taught me how important these exercises are to enhance preparedness. In particular, Cyber Storm II has added importance. The revolution of information technology applications has transformed the global economy and opened new horizons of communication across the planet. But at the same time, it has opened doors to new potential vulnerabilities. Bad people can do bad things with added layers of protection under distance and time. The impact of natural disasters can be felt far beyond a single incident. The recent cuts to undersea cables serve as vivid examples of our reliance on cyber systems and the far-reaching impact caused by their interruption – intentional or not.
The unfortunate reality is that in the wake of physical devastation caused by natural disasters, terrorist attacks and even the insane actions of gunmen who indiscriminately kill and maim, societies have been tested through experience and are better able to respond across the globe to many different scenarios that threaten the safety and security of people everywhere. Despite this experience, however, government and the private sector arguably have much more to learn through events like Cyber Storm II. Capturing what is done well, and what is not, is critical in the realm of cyber security and can yield the desired benefits of this exercise.
More importantly, fixing what is broken and incorporating successful practices into everyday public and private sector cyber processes and systems will raise our level of preparedness. In turn, strengthened preparedness will reduce the potential electronic and cascading impacts when bad people use cyber attacks to do bad things or when the fury of mother nature or inadvertent mistakes cause interruptions to our global IT infrastructure. It’s not a matter of if, but when.
Cyber Storm can help raise the consciousness of government and business leaders to serve as a vivid reminder that along with its many benefits, the global IT revolution carries a new generation of risk. Promulgating the lessons of this exercise in a responsible fashion, can help government and the private sector better manage that risk by informing and educating. Disseminating these lessons must be done smartly to keep sensitive information out of the hands of bad people and also quickly to ensure that we do not fall even further behind the power curve.