By Joshua Hill
Canada Free Press
January 31, 2008
The AP described it as a really bad day, but that somewhat understates
the magnitude of it all. It, of course, refers to the Cyber Storm war
game that the US Government held early in 2006, in an attempt to gauge
the necessary reaction and requisite skills of the games participants.
If anyone has seen the 1983 movie War Games starring a very young
Matthew Broderick, then multiply that by 10 and youll begin to get close
to just what it was the US Government sicked on to the willing
participants. The Homeland Security Department ran the exercise to test
the nations hacker defenses, with help from the State Department,
Pentagon, Justice Department, CIA, National Security Agency and others.
Those others, included government officials from the United States,
England, Canada, Australia and New Zealand and executives from leading
technology and transportation companies.
The simulated attacks consisted of everything imaginable: Washingtons
metro trains being shut down. New Yorks seaport computers going dark.
Bloggers revealing the locations of secret railcars containing hazardous
materials (its always the bloggers!). Airport control towers disrupted
at Philadelphia and Chicago. A mysterious liquid found on Londons
subway. Planes flying too close to the White House, and more.
In short, the test was to throw everything at the players to see what
they could handle, in an attempt to simulate as much public panic as
possible. They point out where your expectations of your capabilities
may be overstated, Homeland Security Secretary Michael Chertoff told the
AP. They may reveal to you things you havent thought about. Its a good
way of testing that youre going to do the job the way you think you
were. Its the difference between doing drills and doing a scrimmage.
?We want to stress these players, said Jeffrey Wright, the former Cyber
Storm director for the Homeland Security Department. None of the players
took 100 percent of the correct, right actions. If they had, we wouldnt
have done our job as planners.
And the results arent overly encouraging to be honest. No one took home
the 100% as mentioned, and companies and governments were said to have
worked successfully only in some cases. But key players didnt understand
the role of the premier U.S. organization responsible for fending off
major cyber attacks, called the National Cyber Response Coordination
Group, and it didnt have enough technical experts. Also, the sheer
number of mock attacks complicated defensive efforts.
One last thing though, in proof that a geeks ego is much bigger than
anyone else youve ever met; the geeks struck back! Or tried too at
least. Apparently, according to the 328 heavily censored pages that were
turned over to the AP, somebody or someones attacked the computers that
was being used to conduct the exercise.
Any time you get a group of (information technology) experts together,
theres always a desire, Lets show them what we can do,? said George
Foresman, a former senior Homeland Security official who oversaw Cyber
Storm. Whether its intent was embarrassment or a prank, we had to temper
the enthusiasm of the players.
Subscribe to InfoSec News