Thursday, September 30, 2010

CyberAttack Drill

The U.S. government has launched a full-scale simulated cyberattack to gauge their defenses when the real thing happens. Cyber Storm III was a three-day series of simulated events designed to exploit holes in the nation's cybersecurity system. It was sponsored by the Department of Homeland Security. As could be gleaned from its name, it is the third exercise organized by the federal government to assess its cyberdefenses. The first one was on 2006 (Cyber Storm I) and the second one (Cyber Storm II) was launched last 2008. (Source:;snav)

In a nutshell, the exercise would involve injecting 1,500 different types of threats to examine the ability of the people involved to prepare for cyberattacks, make the correct decisions to respond to them, and share sensitive information with the right parties. To make the exercise more realistic, trusted transactions and relationships would be attacked. For an instance one of the simulations would compromise the encrypted digital certificates that verify identities online, while another would introduce issues into the DNS (domain name system) that pairs domain names with IP addresses.

What about the Philippines? Are we even wary of Cyber Attacks? Judging from the quality of our government websites and the e-services offered by different governmental institutions, I think preparing for Cyber Attacks is at present far from our priority list. Just recently, because of the Manila Hostage Drama, some government sites were hacked (see my previous blog re: hacking of Government sites) and it took time for the government to fix such a simple glitch. What more if government online transactions were sabotaged by a cyber attack?
I wouldn’t think that the reason behind these technological lapses is the lack of skilled programmers. If a Filipino could make a powerful I-Love-You-Virus, then a Filipino could perhaps do something positive but of equal or better yet, greater value. The problem is we take technology for granted. We are too busy with bureaucratic red tape, addressing corruption and other concerns that we let our country lag behind in terms of the contemporary concerns such as Internet Challenges.

Cyber Attack drill is definitely not on our vocabulary. In the meantime, we settle with fire drills and earthquake drills. I just hope and pray that when a real cyber attack happens, we won’t be caught dumbfounded and unprepared again, just as what happened with the SWAT (Sorry We Aren’t Trained?) in the Manila Hostage Taking Crisis.

-- Gen S. (14)

No comments: