返回列表 发帖

几个有关“网络风暴”演习的资料文件

本帖最后由 天线 于 2011-1-24 16:32 编辑

美国国土安全部主导的“网络风暴”演习迄今为止共举行了三次,有关报道甚多,但鲜见有关细节的信息。最近花了点时间找了下,仍觉十分欠缺。未及细看,先简单罗列下,与同好分享。

国土安全部网络安全署发布的网络演习计划
附件: 您需要登录才可以下载或查看附件。没有帐号?

TOP

本帖最后由 天线 于 2011-1-24 15:37 编辑

网络风暴I概览
附件: 您需要登录才可以下载或查看附件。没有帐号?

TOP

网络风暴II简介
附件: 您需要登录才可以下载或查看附件。没有帐号?

TOP

澳大利亚政府的网络风暴II报告
附件: 您需要登录才可以下载或查看附件。没有帐号?

TOP

本帖最后由 天线 于 2011-1-24 15:44 编辑

网络风暴II的演习成果
Lessons learned from Cyber Storm II
A detailed report outlining Australia’s involvement in the recent international cyber security exercise, Cyber Storm II, has been released by Attorney-General Robert McClelland.

The exercise, led by the United States Department of Homeland Security, allowed the governments and business sectors of Australia, Canada, New Zealand, the United Kingdom and the United States to put their e-security arrangements to the test.

“Cyber Storm II was designed to simulate a significant global incident caused by attacks on critical infrastructure systems via the Internet,” Mr McClelland said.

“The exercise proved Australia’s response arrangements to cyber-attack are sound, but just as importantly, demonstrated areas where improvements can be made.”

“The world’s increasing dependence on electronic communications creates new opportunities for criminals and terrorists. The lessons learned from exercises such as Cyber Storm II help ensure Australia is well placed to combat these threats.”

Australia’s involvement in Cyber Storm II included government agencies, state and territory governments and the largest contingent of private sector organisations ever involved in such an exercise.

Cyber Storm II was held in March in conjunction with the US Department of Homeland Security National Cyber Security Division, the UK's Centre for the Protection of National Infrastructure, Public Safety and Emergency Preparedness Canada and New Zealand's Centre for Critical Infrastructure Protection.

The Cyber Storm II national cyber security exercise final report can be obtained here (PDF).

Key findings were:

Finding 1: Effective response is enhanced by routinely reviewing and testing standard operating procedures (SOPs), incident response plans and/or crisis management arrangements.
Effective response to a cyber crisis is significantly enhanced by having tested procedures or arrangements, in which crisis-management relationships in the cyber response community are regularly reviewed to solidify communications paths and clarify organisational roles.

Finding 2: Non-crisis interaction among key stakeholders enhances effective crisis response during an incident.
More frequent, non-crisis interaction between various stakeholders involved in protecting the national information infrastructure will enhance real world response capabilities. Established relationships facilitate rapid information sharing among community members and must include relationships across sectors, with suppliers, with vendors and with incident response organisations.

Finding 3: Crisis communication procedures, predicated on accurate and appropriate points of contact, must be formalised within contingency planning.
Communication during a crisis significantly impacts the timeliness and effectiveness of responses. A unity of effort can be more effectively maintained when there is a clear understanding of roles and responsibilities and the interfaces between them.

Finding 4: Cyber crises require a tailored response that takes into account multiple interdependencies.
The borderless nature of cyber attacks, and the speed with which they can escalate across infrastructure sectors, was demonstrated in Cyber Storm II. Contingency planning must include potential flow-on effects.

Finding 5: Developing internal reporting and external notification thresholds assists in effective incident response by creating better situational awareness.
Identifying the problem, rather than simply addressing the symptoms, is critical to effective cyber incident response. In order to ensure situational awareness within and between organisations, clear notification thresholds should be developed and promulgated so that technical incident responders know when escalation internally or externally is necessary.

Finding 6: Attempts to facilitate an interactive international game were hampered by time zone differences, isolated scenario building and unexpected player actions.
International play was not extensive in the Australian national exercise. A longer pre-exercise build up, a longer exercise duration (to account for the 18 hour difference between Wellington and Washington) and more international communication during the exercise planning phase will need to be incorporated into Cyber Storm III.
来源:http://www.continuitycentral.com/news04174.html

TOP

网络风暴III已于10年9月举行,目前暂无详情介绍,找了一个09年Jill R. Aitoro 写得的演习展望,
DHS' Cyber Storm III to test Obama's national cyber response plan
ATLANTA -- The Homeland Security Department's third large-scale cybersecurity drill in September 2010 will test the national cyber response plan currently being developed by the Obama administration, said industry and government participants in the simulation exercise during a conference on Tuesday.

Cyber Storm III will build upon the lessons learned in the two previous exercises that took place in February 2006 and March 2008, and provide the first opportunity to assess the White House strategy for responding to a cyberattack with nationwide impact.

"The national cyber response plan will be an offshoot of a lot of the findings that came out of Cyber Storm I and II that will formalize the roles and responsibilities," said Brett Lambo, director of the cyber exercises program in DHS' national cybersecurity division. He participated on an afternoon panel at the GFirst conference in Atlanta hosted by the department's U.S. Computer Emergency Readiness Team. "It's not a direct cause-and-effect relationship, but a lot of questions bubbled up [from the exercises]," followed by the announcement along with President Obama's 60-day cyber review that a response plan should be developed.

Details of the national cyber response plan are still being finalized through weekly meetings with stakeholders from federal government and industry. An initial report is scheduled to be released in November, less than a year before Cyber Storm III kicks off, said Robert Dix, vice president of government affairs and critical infrastructure protection at Juniper Networks, who is among the industry representatives involved in both the plan's development and the Cyber Storm exercises.

"Right now, there's arm-wresting happening -- identifying roles and responsibilities; determining what information needs to be shared, to whom and when," Dix said. "This is a fairly large group with varying levels of experience in different topical areas all making important contributions."

In the first Cyber Storm, DHS used simulated attacks to bring down parts of the Internet and test the abilities of different sectors to recover their networks. In the simulated Cyber Storm II, the Internet was used as an attack vector for spreading malicious software and other cyber threats through computer systems. DHS is now discussing with state and local government and industry what form Cyber Storm III will take.

DHS hopes Cyber Storm III will provide an opportunity to enhance methods for information sharing; better define roles and responsibilities, and bring all sectors with a stake in information security to the table to inform the effort.

"These are not technology issues; they're policy issues," Lambo said. "And these are the things we're going to try to enforce through Cyber Storm III."

Tests likely will target control systems that support the country's critical infrastructure, such as the electric grid and transportation systems, Dix said. Homeland Security also will call upon subject matter specialists to develop the manufactured cyberattacks. "With all due respect, these are some of the creepy minds that are able to conjure up these scenarios that are real world likelihoods," Dix said.

While tests in the previous Cyber Storm exercises were customized to the participating markets, with various sectors defending their computer systems against different types of attacks, DHS plans to have participants in Cyber Storm III "fighting the same fight" against a common threat that might manifest itself differently across different organizations, Lambo said. He compared the strategy to the Conficker worm, which rapidly installed malicious software on computers running the Microsoft operating system and posed a contrasting threat for critical infrastructure organizations envisioning the shut-down of services versus federal agencies fearing the loss of sensitive information.

One objective of Cyber Storm III is to harmonize the various alert level systems used in government and the private sector so that all stakeholders at least speak the same language.

"Everyone has their own alert level system in states, private sectors and federal government, but we don't have each other's criteria," Lambo said. "If someone calls and says 'We just went to alert level red,' if I don't know what red is, that doesn't mean a damn thing to me... We're trying to tackle that monster."

Homeland Security has just begun planning Cyber Storm III and is focused on encouraging early participation from the state and local communities, and private sector, including the variety of infrastructure markets.

In the long term, Dix said, the true impact of the simulation on the administration's national response plan depends on follow-through.

"A lot of recommendations that came out of Cyber Storm I and II have not been touched or acted upon," he said. "If we're serious about improving our resiliency, we need to take this seriously. My hope is that with this administration's attention, we can raise the bar through action and not just reports that we place on a shelf."
来源:http://www.nextgov.com/nextgov/ng_20090826_9168.php

TOP

谢谢整理,学习学习

TOP

很好,很强大!

TOP

好东西,学习一下

TOP

好东西,学习一下

TOP

2012年,网络风暴4也该举行了吧。几月份有消息没,各网络空间司令部应该会更多地参与了吧。

TOP

DHS网络风暴III总结报告
附件: 您需要登录才可以下载或查看附件。没有帐号?

TOP

好资料,努力学习ING!

TOP

回复 13# 天线


   楼主光发文件咋就不发表以下自己的见解呢?

   3阶段的演习,主要技术支撑是ips.nsa主导开发的.他们目的在验证有关技术.


   不过,根据结果,至少说明一点,那就是Signature还有待完善,假以时日,一定成为阻击恶意攻击者的神器.网络太xx了,就不敢多谈了

TOP

回复 15# @kkkevin123456

见解粗鄙,羞于示人。只是觉得好资料应该与君共享,贴出来做个记号,以后需要好找。呵呵。楼上若有研究,到愿意听听您的高见。

TOP

谢谢整理,好东西

TOP

楼主好Imba,灰常感谢~~~

TOP

有没有网络风暴一的,刚开始上传的那个打不开啊

TOP

好东西,先收藏了........

TOP

本帖最后由 天线 于 2014-8-26 21:21 编辑

网络风暴IV简介

The U.S. Department of Homeland Security’s (DHS) Cyber Storm Exercise Series is part of the Department’s ongoing efforts to assess and strengthen cyber preparedness; examine incident response processes in response to ever-evolving threats, and enhance information sharing among Federal, state, international and private sector partners. The latest installment of the series, Cyber Storm IV (CS IV), is designed as a set of building block exercises, which began in fall 2011 and will conclude in 2012.  This exercise design promotes more focused exercise activities, allowing participants to delve deeper into particular cyber issues.  Members of the cyber incident response community are actively collaborating with DHS in the design and execution of these building block exercises.  Observations and findings from exercises will inform National Level Exercise 2012 (NLE 12) planning activities, continue to enhance the cyber incident response community’s capabilities, and support the Nation’s ongoing resilience efforts.  


Cyber Storm IV Objectives
CS IV’s objectives are designed to address cybersecurity preparedness and response capabilities through a series of building block exercise activities.  These activities will further national efforts to strengthen cyber response while positioning DHS and its stakeholders for successful participation in NLE 12. CS IV’s objectives are:
  Identify, exercise, and foster the improvement of processes, procedures, interactions, and information sharing mechanisms that exist, or should exist, under the National Cyber Incident Response Plan (NCIRP).
  Examine the role of DHS and its associated components during a global cyber event.
  Exercise coordination mechanisms, information sharing efforts, development of shared situational awareness, and decision-making procedures of the cybersecurity community (Federal, State, private-sector, international) during cyber events.
  Maintain awareness of other cyber exercise initiatives.

Building the Nation’s Cyber Resilience
Exercises like the Cyber Storm serve enhance cyber incident response capabilities, promote public awareness, and reduce cyber risk. CS IV provides the cyber incident response community with the opportunity to conduct focused exercises that evaluate specific capabilities. Through these exercises, the cyber incident response community will be able to improve both their capabilities and response processes, thus bolstering the Nation’s cyber resilience.  
CS IV exercises focus on the role of the Department and its associated components during a cyber event. These exercises will assess the quality of the incident response processes, procedures, interactions, and information sharing mechanisms that exist under the NCIRP. Through these efforts, DHS will enhance the Nation’s ability to respond to a cyber incident.
Cyber Storm IV Design
Cyber Storm IV embraces a planning and execution concept that promotes more focused exercise activities.  By developing a series of spiral, or building block, exercises, CS IV can efficiently address findings from CS III and from emerging cybersecurity issues within the community.  
As in previous Cyber Storm exercises, a core group of key stakeholders representing the cybersecurity community support ongoing CS IV series planning.  This group helps to identify exercise targets and potential participants, provides scenario guidance, and works to ensure the series remains nationally linked. DHS and the Planning Team host planning meetings, conduct focused collaborative meetings, and conduct briefings (as necessary) to ensure that these efforts remain centrally coordinated and that the CS IV community maintains awareness of activities and outcomes.  Observations from these smaller exercises inform the broader stakeholder community, feed into NLE 12 activities, and support Post-Exercise Period documentation.

CS IV engagements serve as NLE 12 preparatory events which will better position participants of both exercises for effective participation.

TOP

返回列表