Simulated Hack To Test US Government Response

superapecommando writes "Security industry analysts and lawmakers will get an unprecedented chance next week to evaluate how the government might respond to a hack attack on critical infrastructure targets. The Bipartisan Policy Center, a Washington-based non-profit established in 2007 by several lawmakers, will host a simulated nation-wide cyber-attack next Tuesday for a group of former administration and national security officials, who will be playing the roles of Cabinet members."

Re:Use it as cover!

[poetmatt]

not only that, but knowing a hack is coming is not exactly realistic.

I'm sure the results will say "we're well prepared for a hack" even though reality proves otherwise.

Simulated?

[ircmaxell]

A "Simulated" attack? So basically people wandering around pretending that power just went out? I understand that holding fire drills is good and all, but why not try lighting a controlled fire and seeing how everyone reacts? And never announce a drill. Otherwise, it's simply not real enough to give you useful information about the response...

how will they know?

Security industry analysts and lawmakers will get an unprecedented chance next week to evaluate how the government might respond to a hack attack on critical infrastructure targets

Have they been notified? And how is it a simulation if they are or how will they know how to respond or detect it even?

If I imagine this to happen here, to a global bank, this has been a real scenario:

"How did they get those data?"
"Appearantly all our clients have been leaked"
"Oh shits, heads gonna roll! Call serverteam!!"
*Perform security audit, fire 3rd party solution creators, creating a hole through carelessness.*

Now, if you would do a "large scale test", it will in my experience go like this:
:
"Agents complain of slow access, what is up?"
"It's lunchbreak, people are surfing, let them know we're checking it out."
"Agents are still complaining, we have some error logs coming in from website users."
"Ok, lets contact servermaintenance, request a logfile."
"Server maintenance here, we're swamped with requests, I can send it to you tomorrow or the day after soonest."
"We need a stat on the server, things are slow"
"CPU is looking ok, memory is reasonable. Must be some configuration on your side, wait for the logs. Tmorrow."
"Oh, nvm it cleared up. Guess we got a pusblished article in the papers drawing in more folks. Applause for sales. Close the ticket."

Re:Use it as cover!

[Lumpy]

yes and no.

I did a simulated data disaster at Comcast a decade ago. but I informed only one important key person that I was going to cause a very real data loss event in the billing system. I would back thing up myself, but the backups that IT were running I would silently fail for a WEEK before the event.

at the event horizon I deleted the SQL database, the SQL team yawned and went to restore the database.... Oh crap nothing to restore but week old backups....

They shit themselves and we let them panick for a good hour before we walked in and asked...

What do you mean? you check your backups of critical data daily dont you? how about vertifying the validity of those backups? when was the last time you did a test restore on a backup server to make sure it was right?

I knew they were not backing it up or testing, I used that to my advantage to scare the hell out of them in hopes of getting what I have been telling them for a year through their skulls.

It also proved my point to the IT director that his "teams" were NOT ready for this.

I'll bet you $1000.00 they STILL dont test the backups, and rarely check to see if they are running.

Chinese Sub

[Hadlock]

Does anyone remember this event happening?
 
  http://www.dailymail.co.uk/news/article-492804/The-uninvited-guest-Chinese-sub-pops-middle-U-S-Navy-exercise-leaving-military-chiefs-red-faced.html
 
Yes, that really happened in real life. It also happened in Tom Clancy's book "Executive Orders". Let me summarize the headline for you real quick, The uninvited guest: Chinese sub pops up in middle of U.S. Navy exercise, leaving military chiefs red-faced
 

When the U.S. Navy deploys a battle fleet on exercises, it takes the security of its aircraft carriers very seriously indeed.
At least a dozen warships provide a physical guard while the technical wizardry of the world's only military superpower offers an invisible shield to detect and deter any intruders.
That is the theory. Or, rather, was the theory. Uninvited guest: A Chinese Song Class submarine, like the one that sufaced by the U.S.S. Kitty Hawk
American military chiefs have been left dumbstruck by an undetected Chinese submarine popping up at the heart of a recent Pacific exercise and close to the vast U.S.S. Kitty Hawk - a 1,000ft supercarrier with 4,500 personnel on board.
By the time it surfaced the 160ft Song Class diesel-electric attack submarine is understood to have sailed within viable range for launching torpedoes or missiles at the carrier.
According to senior Nato officials the incident caused consternation in the U.S. Navy.
The Americans had no idea China's fast-growing submarine fleet had reached such a level of sophistication, or that it posed such a threat.
One Nato figure said the effect was "as big a shock as the Russians launching Sputnik" - a reference to the Soviet Union's first orbiting satellite in 1957 which marked the start of the space age.
The incident, which took place in the ocean between southern Japan and Taiwan, is a major embarrassment for the Pentagon. Battle stations: The Kitty Hawk carries 4,500 personnel
The lone Chinese vessel slipped past at least a dozen other American warships which were supposed to protect the carrier from hostile aircraft or submarines.
And the rest of the costly defensive screen, which usually includes at least two U.S. submarines, was also apparently unable to detect it.
According to the Nato source, the encounter has forced a serious re-think of American and Nato naval strategy as commanders reconsider the level of threat from potentially hostile Chinese submarines.
It also led to tense diplomatic exchanges, with shaken American diplomats demanding to know why the submarine was "shadowing" the U.S. fleet while Beijing pleaded ignorance and dismissed the affair as coincidence.
Analysts believe Beijing was sending a message to America and the West demonstrating its rapidly-growing military capability to threaten foreign powers which try to interfere in its "backyard".
The People's Liberation Army Navy's submarine fleet includes at least two nuclear-missile launching vessels.
Its 13 Song Class submarines are extremely quiet and difficult to detect when running on electric motors.
Commodore Stephen Saunders, editor of Jane's Fighting Ships, and a former Royal Navy anti-submarine specialist, said the U.S. had paid relatively little attention to this form of warfare since the end of the Cold War.
He said: "It was certainly a wake-up call for the Americans.
"It would tie in with what we see the Chinese trying to do, which appears to be to deter the Americans from interfering or operating in their backyard, particularly in relation to Taiwan."
In January China carried a successful missile test, shooting down a satellite in orbit for the first time.

...So who's to say something similar won't happen this time, except in cyberspace? Imagine, in the middle of a simulated hack, the Chinese government actually hacks our systems during a military exercise. Knowing what we know now, it's not improbable.