Cooperation and communication among private and public entities would need to improve to defend against a mass cyberattack on the nation's critical infrastructure, according to the U.S. Department of Homeland Security (DHS)findings from a February simulated cyberattack exercise.
The National Cyber Exercise: Cyber Storm, in which 115 public, private and international organizations participated, simulated a major cyberattack affecting critical infrastructure components within the nation's energy, information technology, transportation and telecommunications sectors.
Among the findings from the report, released Wednesday from DHS:
· There needs to be further refinement of operations and coordination procedures.
· Planning, risk assessment and understanding of roles and responsibilities must improve.
· Responders must better develop strategies to handle multiple attack scenarios across sectors.
· Regular exercises must be implemented to boost awareness of incident response, roles, policies and procedures.
· Continued information sharing among domestic and international responders must occur.
· Continued cooperation among all respondents, especially as the number of cyberevents increases, must occur.
· Making the public aware of what is happening is crucial to incident response.
There was some good news. The report said responses were effective at times, particularly when procedures were fully understood by those involved and when the attacks were not widespread in nature.
"The cyber community must continue to improve its ability to effectively respond to and recover from even the most sophisticated of cyberattacks," the report said. "In doing so, the community must consider formalizing many of these practices into standard of operations and contingency plans."
Click here to email Dan Kaplan.