The U.S. government recently held a mock cyberattack against a fictitious chemical company as part of the Department of Homeland Security's efforts to help private-sector companies prepare for and deal with cybersecurity issues.
The drill was held in Idaho Falls, Idaho, in conjunction with the Idaho National Laboratory, an expert technology organization that also carries out nuclear research. The mock cyberattack put a cap on a week-long training session sponsored by the DHS.
For the exercise, the made up ACME chemical company was infiltrated by cybercriminals. Participants were tasked with regaining control of the enterprise network while also limiting the damage done by the hackers.
Overall, the focus was on the human response to the data security issue, according to DHS officials.
"This is a game of strategy in how to best implement your defenses in an industrial control environment," Marty Edwards, director of the DHS Control Systems Security Program, told Reuters. "This isn't all about technology, it's about people."
The scenario set forth was that ACME had recently produced a new product, and hackers associated with the Barney Advanced Domestic Chemical Company were attempting to steal secrets. The fake hacker utilized a phishing attack to trick ACME's CEO into clicking a malicious link that opened a tunnel into the company's enterprise network and exposed the CEO's password.
The person posing as the cybercriminal is a hacker in real life. According to Reuters, he works for the Idaho National Laboratory and is tasked with testing its Internet security systems by employing common hacking tactics.
By staging such situations, the DHS hopes that companies will become more prepared for real-life security incidents.
"They figure out ways to get around the defenses that you deploy, and because they are changing their methodologies, we need to evolve and change ours on a regular basis. And I don't see that that's going to end," Greg Schaffer, a senior official at the DHS National Protection and Programs Directorate, said.
The exercise held by the DHS and the Idaho National Laboratory was held right around the time organizations across the country kicked off National Cyber Security Awareness Month. Put on by the National Cyber Security Alliance, the month-long event aims to highlight the growing concerns for data security and how organizations and consumer Web users alike can better protect their systems and confidential information.
Security News from SimplySecurity.com by Trend Micro