In a drill this week that drew some 2,000 participants, the Department of Homeland Security tested the ability of companies in the health care, manufacturing and other key sectors to withstand hypothetical hacking campaigns that compromise the trust users place in key internet services.
The seventh iteration of Cyber Storm, as the biannual exercise is called, focused on what could go wrong when some of the pillars of the internet are corrupted. It is the subtle manipulation of these IT services that advanced hacking campaigns often exploit in the real world.
The simulation featured compromised certificate authorities, which deem software trustworthy, attacks on the Border Gateway Protocol, the internet’s basic routing mechanism, and the subversion of domain name system (DNS) records, which help send a user to a website that is not malicious.
“Many organizations do not have a full understanding of their reliance on third-party services,” said Brian Harrell, assistant director of DHS’s Cybersecurity and Infrastructure Security Agency who was partly responsible for planning the exercise. “Just because you think you are compliant and secure doesn’t necessarily mean that the folks that you rely on in your time of need are equally as secure.”
But on the whole, Harrell said, critical infrastructure companies have improved their defenses in response to the years of drilling.
Participants, which also included state and local officials and U.S. law enforcement and intelligence representatives, had to respond to “a nationally significant incident where companies lost control” of their DNS regist ..
Support the originator by clicking the read the rest link below.
