By Calvin Biesecker
A national coordinating center established last fall to better coordinate the nation’s response to cyber attacks is making a “positive difference” so far in a major cyber security exercise being hosted this week by the Department of Homeland Security (DHS) that includes a wide array of government and private entities, a department official said yesterday.
While DHS has had various response capabilities before, “What the NCCIC (National Cybersecurity Communications and Integration Center) provides is the organizational mechanism to bring all of those capabilities together on a joint watch floor,” Phil Reitinger, deputy under secretary of the National Protection and Programs Directorate and director of the DHS National Cybersecurity Center, told reporters yesterday during a briefing about the ongoing Cyber Storm III exercise. “To share information not only virtually but with people breathing the same air between the public and private sectors and broadly across government. We’re looking forward very much to see how that enables our response over the course of the exercise.”
The NCCIC, which is based in Arlington, Va., combines US-CERT, which leads the public and private partnership against attacks on the nation’s cyber infrastructure, and the National Coordinating Center for Telecommunications, a government-industry arm of the National Communications System responsible for restoring and reconstituting United States government national security and emergency preparedness telecommunications.
The NCCIC was created last October.
Cyber Storm III, which began on Tuesday and is slated to finish today, is testing the ability of players to identify and respond to attacks in real time. The massive test involves thousands of participants, including government and private sector representatives at the NCCIC, but also at companies themselves, other government agencies including states, and internationally.
The exercise is also testing the Obama administration’s blueprint for responding to cyber events, the National Cyber Incident Response Plan, which lays out the response roles and responsibilities of government and industry. The NCIRP is classified and was issued late last year and early this year and is meant to be an organic document that is constantly updated.
Reitinger said that once the Cyber Storm exercise is over, one of the first after-action items is to identify lessons learned and then “rapidly…turn that into enhancing the National Incident Response Plan process and all of the things that go on with it, including how the NCCIC operates.” The NCIRP isn’t just for the exercise, “it’s the plan we’re using right now to respond to incidents so we want to make sure that is a living document that stays up to date and is as effective as possible,” he said.
The lessons learned will be crafted together by the public and private sectors and shared broadly with both “as the path forward,” Reitinger said. He declined to give specific timelines as to when various after-action reports would be completed.
The NCCIC and NCIRP is the “framework” that enables joint information sharing and problem solving during a cyber event, Reitinger said.
The exercise is being controlled from within the DHS Secret Service Headquarters in Washington, D.C. Cyber Storm III includes potentially 1,700 “injects” or events that were generated over the past 18 months specifically for the three-day test.
In Cyber Storm III responders are dealing, at least in part, with attacks based on the Internet’s trusted elements.