The Cybersecurity and Infrastructure Security Agency is preparing for a large-scale “Cyberstorm” exercise aimed at simulating the response to a large-scale cyber incident in critical infrastructure.
A twice-yearly exercise begins this month as CISA rewrites the National Cyber Incident Response Plan to deal with such events. It also comes as authorities warn that real-world hackers are targeting and, in some cases, successfully infiltrating critical infrastructure networks in the United States.
This year's Cyber Storm, the ninth since its inception in 2006, will feature more than 2,000 participants from government and industry.
Lisa Bewley Russo, CISA's exercise associate director, said the “participants” will be from fields such as chemistry, communications, critical manufacturing, defense industrial base, energy, financial services, food and agriculture, health care and public health, and information technology. He said it comes from. , transportation systems, water and sewage systems.
“This is a fairly large list, and we expect to see a lot of very good cross-disciplinary interaction there,” Beaulie-Russo said in an interview.
During the week-long exercise, participants receive an “exercises piece” that explains how their organization has been affected by the incident. After that, they need to respond with whatever policies and procedures they have in place, Buri-Russo said.
CISA also offers a “simulated worldview” that includes news feeds, videos, and other simulations that help mimic the real world.
For operational security reasons and to avoid informing participants, Bewli-Russo declined to name specific threats, technologies, and scenarios that participants will encounter as part of this year's Cyberstorm. Rejected. Previous exercises have incorporated specific technologies such as industrial control systems.
But Buri-Russo said one of the most important goals is to practice “information sharing” during a large-scale cyber incident that affects multiple critical infrastructure sectors.
“Is information being shared across the player set, between government partners, from government to critical infrastructure owner-operators, and within and across sectors?” she said. “Is the information shared actually useful? Are we sharing the right things? Are we sharing information quickly enough for people to take effective action?”
“We will also consider whether and how the plan will be implemented,” she added.
The event comes as CISA rewrites its 2016 National Cyber Incident Response Plan as directed by last year's National Cyber Strategy. This plan sets out how both government and industry will respond to major cyber incidents.
CISA plans to release an updated plan by the end of this year.
Meanwhile, U.S. officials warned earlier this year that a Chinese-linked hacker group called Bolt Typhoon was targeting multiple critical infrastructure networks in the United States. The group's activities have been discovered on some networks for more than five years, the agency said.
Beli Russo acknowledged that the cyberstorm was occurring “at a critical time.” He said the exercise will help rewrite the national cyber incident response plan.
“One of the things we have learned from previous exercises is that industry partners often do not fully understand the actions and processes included in the plan,” she said. “One of the things we're looking at is making some of these things a little more clear in the rewrite. We want to share these findings and see what initial We are working very closely with the team at CISA to see if we can confirm the update.”
Ultimately, the goal of this exercise is to ensure that when an incident response plan is required in the real world, it is not the first time that a government agency or industry has gone through this process.
“We don't want to wait for a major cyber incident to result in a data breach,” Beaulieu-Russo said. “We want to work in a secure environment in steady state operations to really stress test these plans and procedures and make sure they are ready. The important thing is not “if” but “when”. So we're going to make sure we take advantage of these opportunities as much as we can to operate in a safe space and really figure out what's working and what can be improved and address these issues as one united community. I would like to work on this. ”
Copyright © 2024 Federal News Network. All rights reserved. This website is not directed to users within the European Economic Area.
