The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency wrapped up late Thursday an extensive national cyber exercise that tested, assessed and should ultimately strengthen stakeholders’ preparedness and response capabilities against complex and evolving threats.
“It’s been a long but rewarding week,” CISA Assistant Director for Infrastructure Security Brian Harrell told reporters Friday.
Cyber Storm 2020 had been scheduled for earlier this year, but the pandemic pushed the exercise to this month. COVID-19 has altered the operating environment, Harrell noted, and “this exercise reflected that and provided a useful learning point.”
The 2018 iteration of the national exercise, which launched in 2006 and takes place every two years, drew more than a thousand participants. This year, about 2,000 participants took part over the three-day simulation of a real-world event that included state and local governments, law enforcement, defense, and industry including healthcare, retail, critical manufacturing, finance and transportation sectors. No systems were attacked during the event, Harrell said.
Social distancing did not hold back Cyber Storm, as the distributed play plan never intended to have everyone gather in one place and participants used their own tools on their home turfs to respond to the simulated widespread coordinated cyberattack. This allows for assessment of processes, procedures, and information sharing that could help or hinder the response in the event of a real-life cyber attack — and allows stakeholders to strengthen critical relationships before an actual cyber storm.
“Now is the time to exercise — under blue-sky conditions,” Harrell stressed. “Let’s not build our crisis response plan in the midst of crisis.”
The exercise also highlighted the crucial role of information sharing and analysis centers and organizations (ISACs and ISAOs); ransomware information was shared upstream with CISA, which in turn pushed the info to other ISACs. “The value of the ISAC was especially clear in the detection and analysis phase,” Harrell said.
The exercise also underscored the need for entities to have a full understanding of their reliance on third-party services, he said. After understanding your own program first, “you need to go beyond your program and ask questions of some of the vendors that you lean on.”
Harrell could not elaborate on the specifics of the cyber attack scenario, but said it did not deal with election security.
“Anytime you do an exercise, you’re trying to make it as realistic and timely as possible,” he said. Using the most recent tactics being used by cyber adversaries in the simulation helps strengthen organizations to face those challenges in real life.
“We’re trying to be as useful and valuable as we possibly can to stakeholders,” Harrell said.
A final report on Cyber Storm 2020 will be released by CISA in the future.