In preparation for dealing with a cyber terrorist attack Australia is set to engage in an international computer hacking exercise that has been dubbed little more than a vendor meet and greet.
Officially codenamed Cyber Storm, the exercise is being coordinated by the US Department of Homeland Security and involves Australia's intelligence agencies, Department of Defence and federal police, AusCert and the Attorney General's critical infrastructure protection branch.
While the goal is to prepare and test contingency plans in the event of an attack on critical infrastructure, users have told Computerworld the exercises will be dominated by vendors protecting their gear against known vulnerabilities.
According to sources, who requested anonymity, vendors involved are those with large government contracts and it is a provider's technology that will determine the type of hacking exercises undertaken.
While it is a good idea for the private and public sector to work together, said Bill Hutchinson, IBM Professor of Computer and Information Security at Edith Cowan University, vendor involvement will shape the exercises and that is the real problem.
"It will be full of companies and government departments and the limitation of such an exercise would be that it would be close-minded," Hutchinson said.
"Product and government people have to have a world view, but in an integrated situation you need creative input - say for instance if a hardware person was trained by one particular vendor then they will only know how one product works: they have had a system of training that is rigid and fixed, but you need someone creative to cope with savage exploits, or else they will only use products they know how to fix.
"To me, if they were trying to test accurate security responses then they would not get people in the establishment to attack themselves. It is a bit like saying our system is secure, because we have tested it."
A similar exercise, also dubbed Cyber Storm and run by the US Department of Homeland Security was held in the US last November.
The vendors involved were Cisco, Computer Associates, CSC, Microsoft, Symantec and Verisign.
Hutchison said the assumption is that the same vendors will be involved in the Australian exercise.
"While I support the exercise my concern is that they are not bringing in outsiders to criticize them; most of the hackers are outside the establishment anyway," he said.
A spokesperson for the Attorney General's office described Australia's involvement in Cyber Storm as a table-top exercise.
"The critical infrastructure protection branch is coordinating a table-top exercise in order to test responses to a major cyber incident," a spokesperson said.
"The scenario is expected to involve hackers disrupting transport and communications systems."
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Taking On Demand CRM Integration to the Next Level
How to improve employee productivity in small and medium businesses
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Delivering the Power of Choice with Microsoft Dynamics CRM
Everything you need to know about email and web security (but were afraid to ask)
Data grids and service-oriented architecture
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Fortinet November Threatscape Report Shows Calm Before Holiday Storm 2008-12-05 16:00:00+11
Epicor® Cited as an Order Management Solutions Leader by Independent Research Firm 2008-12-05 15:52:00+11
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
Enterprise Wireless WLAN Security
Learn more about the security challenges to be faced when defining and implementing security mechanisms within diverse wired and wireless network environments. Download this must-read guide to plan your wireless data protection strategy now.
Buying Guides
Latest Products
Buying Guides
