informa
/
Risk
News

Cyberattack Drill Shows U.S. Unprepared

A group of high-ranking former federal officials scramble to react to mobile phone malware and the failure of the electricity grid in a staged exercise.
Imagine what would happen if a massive cyberattack hit the U.S., crippling mobile phones and overwhelming both telephone infrastructure and the electricity grid.

"Cyber Shockwave," conceived and executed by the Bipartisan Policy Center along with experts in cybersecurity, simulated such an attack on Tuesday -- and discovered that the U.S. is ill-prepared to handle a large scale cyberattack.

In an effort to spur U.S. officials to take cybersecurity more seriously, Cyber Shockwave brought together a group of former high-ranking White House, Cabinet, and national security officials to see how they would deal with such a crisis in realtime.

They did not fare especially well, said Eileen McMenamin, vice president of communications for the Bipartisan Policy Center, said in an interview Wednesday. The Bipartisan Policy Center is a nonprofit think tank that reaches across party lines to come up with solutions to policy issues.

"You can't visualize this kind of attack until it happens," she said. "The panel agreed we were not sufficiently prepared for an attack of this magnitude. We don't have the systems to deal with [it]."

Cyber Shockwave posed two scenarios. In the first, a March Madness mobile application spread malware from cell phone to cell phone. In the second, the U.S. electricity grid crashed for reasons not immediately known.

The event recreated a White House Situation Room where the president's advisers reacted to the cyber attack in real time. It also created a fake news agency, GNN, to provide news updates about what was happening as a result of the attack.

Some of the difficulties officials faced when dealing with the malware attack was how to stop a worm that spreading via people's personal property, as there is no law mandating how to protect the security of mobile phones, McMenamin said.

In the scenario of the power grid collapse, a lack of information about the origin of the event -- whether it was the result of a cyberattack or of a technical failure " also hampered officials' ability to handle the situation.

"We don't have legal structures to deal with these questions," McMenamin said.

Officials who participated in the event included: Secretary of Homeland Security Michael Chertoff as National Security Advisor; Director of National Intelligence John Negroponte as Secretary of State; White House Homeland Security Advisor Fran Townsend as Secretary of Homeland Security; Director of Central Intelligence John McLaughlin as Director of National Intelligence; Senator Bennett Johnston as Secretary of Energy; Deputy Attorney General Jamie Gorelick as Attorney General; and White House Press Secretary Joe Lockhart as Counselor to the President.

The experience was apparently eye-opening, and officials already may be taking heed. The U.S. Senate Committee on Commerce, Science, and Transportation next week has scheduled a hearing to discuss the next steps to protect critical infrastructure from attacks like the one simulated.

It's not known whether the hearing is a response to the simulation, and the committee could not be reached immediately for comment on any connection between the Cyber Shockwave event and the hearing.

McMenamin said that until her interview with Informationweek she wasn't aware that lawmakers had planned to convene about cybersecurity next week. She is pleased, however, that lawmakers are taking the issue more seriously.

"It's definitely something that needs to be discussed," she said. "There are a lot of different issues out there that need to be talked about."

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5