February 11, 2010 at 7:57 pm #4655
Cyber ShockWave test involves former administration staff, national security officials. They are holding the simulation in a hotel by reproducing the White House war room. Apparently a production company is providing scripts to security professionals. I assume there will be no actual networks or computers involved.
February 11, 2010 at 8:23 pm #28950
I knew they’d done this with the oil scenario, so not really suprised that they’ll work one up for cyber attacks, too.
I think that would be a very interesting room to be in, if one were actually allowed to observe it… You often wonder how those particular folks would respond to a scenario like that, although because they DO know it’s simulation, you’ve still removed the ‘fear’ factor of the unknown, in that, while you DO want to show you’ll react appropriately, the stress and situational awareness (or lack thereof) in a TRUE attack scenario (where real systems are already down, or compromised, etc,) would be much less ‘real’ / minimized.
Wonder how much info, if any, the public will actually hear about. After all, explaining how something like this is handled, publicly, just gives attackers more thought process to try to workaround similar response methodologies, in the event of a real cyber attack. Assumably, actual ‘details’ of what are done will not be made public, and we’ll only be told that those in the know have decided appropriate actions and behaviors were taken (or not.)
February 11, 2010 at 10:57 pm #28951
This is the same company which did the oil scenario.
Yes, being that they know it is a simulation does relieve some of the edge to the scenario, but it is just like testing your backups, pulling random security footage, updating/testing DRP plans, going to a warm site. It’s all part of planning. They need to make sure their plans, actions, and reactions are up to the threat at hand. I would love to see the outbrief/lessons learned documentation.
Some of my co-workers may be involved, so I’ll ask around.
February 11, 2010 at 11:23 pm #28952
I definitely wasn’t debating the seriousness of the exercise, nor the meaningfulness of the outcome. Any preparation, even in a less than ‘perfect’ simulation, is better than none at all. I’m all for the exercise, just not so sure that making it public knowledge is the best thing, as the public’s view of said outcomes / simulations is totally different from those of seasoned security folks, and the general public would likely be much more critical of the process and expected outcomes, even with much less ‘informed’ knowledge of the procedures and severity.
I’d agree with you, though, as I’d LOVE to see the lessons learned, etc. Just questioning if the public ever will (or should, for that matter!)
February 11, 2010 at 11:56 pm #28953
I wasn’t debating you either, just commenting on your points and further solidifying mine. 🙂
I originally saw this on Slashdot, where it broke down into “OMG! The real hackers are going to take advantage of this and p0wn us!”. 🙂 I like that I can get real discussion here.
February 12, 2010 at 12:28 am #28954
“OMG! The real hackers are going to take advantage of this and p0wn us!”. 🙂
L-O-L!!! ’nuff said! I’m in full agreement, as it’s definitely nicer to come discuss with folks who understand the reality of it, rather than just the hype and ‘fantastic’-ness of it all.
If your buddies are involved, definitely keep us posted on this. I’d really like even a ‘mini-synopsis’ of the whole ordeal, when they finish it up.
February 12, 2010 at 2:50 pm #28955Ash CholeParticipant
This is designed more to coordinate who does what and work on communication and leadership. Not as much to find TRUE weaknesses in the systems.
February 12, 2010 at 3:53 pm #28956
Agreed, fully. We understand the purpose of the exercises. It’s not about the specific systems, etc, it’s about testing leadership and incident response methodology, in general.
However, as I’d said, general public (not the IT-‘informed’) might not understand this, to the same degree, and thus, my questioning the public-release nature, even of the event taking place, let alone any detail on the outcomes, beforehand. I think it might have fared better had they gone through the drill, then after the fact, gone over the results of the response side of things, rather than opening it up, pre-simulation, to scrutiny or ‘blind’ questions from media, etc.
From the standpoint of those involved (industry analysts and lawmakers, as well as the folks formerly holding the critical positions,) I fully agree with their perspectives and knowledge being put to use for this, as well as for the lawmakers having opportunity to lend their insight and reasoning to form new policies and the like, in relation to this type of situation. Mind you, I know I’m being overly cautious / critical, and that ultimately, those in the know will NOT release any data that they shouldn’t. (We are talking about politicians, right? 😉 ) Personally, though, I just don’t think it was as wise to open the floor to public media, even just in acknowledgement, this soon, but rather, I’d have waited until after the exercise is concluded, to brief the rest of the world. (And then, again, only to brief them on generalities, and nothing specific.) Even though we are NOT talking about specific security and infrastructure systems and the like, directly, even giving a firm understanding of how the TEAM of invididuals works together, in this scenario, allows others to try to manipulate that system, and come up with other means to an end.
Even in penetration testing and security analysis, we often examine our clients’ security policies for backup, data handling, incident handling / prevention, etc. That doesn’t mean that if we question any of it, disagree or even agree with it, that we release it to other individuals outside the scope of the testing. It defeats the purpose of confidentiality, ethics and common sense. And while yes, this IS the United States’ critical infrastructure we are talking about, that doesn’t preclude US citizens, some of whom HAVE ill intentions, from using any given data against the system.
Understand, I fully agree with everything stated in this thread, from the nature of the testing and simulation, to the lessened severity of the outcome of simply simulating, and awareness of the results, per se. And these are FORMER post holders, not present, so there’s no guarantee that the responses will be the same as they’d be with the current position holders involved in a real scenario. However, IF protocol is in place, as it SHOULD be, then ‘technically’ they should be following set procedures, etc, and those procedures do NOT need to be publicly scrutinized or disclosed, as it’s the job of those in the proper positions of authority to adequately understand, react and rectify these types of situations, by procedural guidelines. (That’s the point of this, right, to analyze current procedures and modify / change / better them, to accommodate future changes in technology and methodology, in order to come up with BETTER ones?)
That’s my opinion, and again, I fully agree with the rest of the points by myself, unsupported, and Ash Chole.
Again, from the security-realm / world perspective, I’d still be interested in hearing any results of the procedural outcome, so if you hear anything, unsupported, let us know.
February 15, 2010 at 12:08 pm #28957
CNN is filming the events and will report on it after it is completed.
I agree with Salina. I picture future wars to be like the episode in ST:OS, where the civilization wages war with each other on a computer and then the “causalities” are loaded into an incinerator, single file.
February 15, 2010 at 12:41 pm #28958
I picture future wars to be like the episode in ST:OS, where the civilization wages war with each other on a computer and then the “causalities” are loaded into an incinerator, single file.
LOL… It’d be nice if war were that simple, even when waged on computers… But yes, I’d agree with you both, that in the end, the technology of warfare is less likely to be physical, and more logical. Thus the even greater need to train up and prepare those in our line of work.
February 16, 2010 at 12:02 pm #28959
February 16, 2010 at 3:35 pm #28960
February 16, 2010 at 5:10 pm #28961blackazarroParticipant
In today’s simulated attack (Cyber ShockWave), it appears based on twitter feeds from @BPC_Bipartisan that the attackers were able to bring down a large portion of the U.S. grid. There’s massive power outage and smart phones have stop working. The president has express his concerns regarding the Cyber Warefare attack:
How much worse will this get? What can we do to restore electricity? Who did this? Is it connected?
Additionally, there were power outages in Canada as well. The economy is being hit hard.
February 16, 2010 at 5:33 pm #28962
February 16, 2010 at 5:44 pm #28963
The east coast is now officially a disaster area. For power and cell phone outage?
Ok, the rational part of me understands calling a disaster area in order to better provide federal assistance, but is this the right action to take?
Also, too bad I haven’t been accepted into Infragard yet. I could be preparing for martial law.
February 16, 2010 at 5:47 pm #28964
It just keeps getting better!
“Can we make people download protections for their own computers?”
Are they referring to industry or Joe User? I would assume industry. I can see the writing on the wall here. Let’s mark power and telecommunications as national infrastructure and then regulate security. (That does not sound too bad, it will keep us employed.)
February 16, 2010 at 5:52 pm #28965
February 19, 2010 at 11:18 am #28966
This coming Saturday and Sunday at 8PM, CNN will broadcast a documentary on a mock cyberattack against the United States.
Fact Check: Cyberattack threat
By Jim Dexter, CNN
February 16, 2010 6:42 p.m. EST
Networks of “critical infrastructure owners and operators” already endure repeated cyberattacks, the CICS says.
* Most U.S Internet executives in survey expect “major cyberincident” within two years
* Think tank’s Robert Knake: Economic impact of major cyberincident may be limited
* Knake compares potential impact to that of 2003 Northeast blackout
* Knake: Nations that have ability to deliver devastating cyberstrike have much to lose
- You must be logged in to reply to this topic.