Slashdot Mirror
Mock Cyber Attack Shows US Unpreparedness
An anonymous reader writes with word that the outcome of the large-scale cyberattack simulation promised a few days ago isn't too rosy. From the Help Net Security article: "During the simulated cyber attack that took place yesterday in Washington and was recorded by CNN, one thing became clear: the US are still not ready to deflect or mitigate such an attack to an extent that would not affect considerably the everyday life of its citizens. The ballroom of the Washington's Mandarin Oriental Hotel was for this event transformed into the White House Situation Room, complete with three video screens displaying maps of the country, simulated updates and broadcasts by 'GNN,' an imaginary television network 'covering'
the crisis."
simulated updates and broadcasts by 'GNN,' an imaginary television network 'covering' the crisis.
Gotham News Network?
Living With a Nerd
This way - the demonstration shows that they need to implement more "Security Features" that encroach upon the rights and freedoms of the average American.
Well, it's good "the CNN" was able to cover it.
Did they change the admin password on the NT boxes they use yet? Doesn't the gov't have an I/T czar or something now? Good job sir.
Der Tod ist der einzige Weg hier raus!
Another reason to take more of our civil liberties in the name of 'national security'
GOING!
Seeing all of the politics inside several government agencies, including DOI, EPA, and a few others, it's not unreasonable to see Facebook and the like not being blocked. Too many self-important people working in these places, and since IT is outsourced, no one in IT has the authority to shut down this kind of non-sense.
If they were being attacked by spammers and DDOSers, they might have been getting coverage from GNAA.
Libertarians somehow believe that private businesses should be stronger than governments but weaker than individuals.
.. would the U.S. Government release results of an attack simulation is beyond me....
TOP DSLR Cameras Reviews of the top DSLRs
Security is almost by definition an illusion - by making information accessible to someone, you make it potentially available to anyone. Completely enforcing security ideals to a logical extreme would result in complete paralysis, depleting enormous resources along the way (see: the cold war). If you want to keep anything secret, you have to limit its use, and limit the amount of things you keep secret - otherwise the cost of maintaining that secret status becomes prohibitive and unrealistic.
It's the same thing with 'virtual borders' as it is with real borders - you can't keep eyes, or even cameras, or even CPU cycles going on all potential borders. It just won't work - you have to observe effects and target responses, use honeypots and similar tactics, and marshal your resources to minimize the effects of breaches. Better yet, improve relations and economies on both sides of the border, and make such breaches meaningless while still enforcing your limited security goals - you'll be serving all your underlying motivations at the same time.
Then again - security always seems to be a 'temporary' thing, that happens to almost always be escalating. Don't you love your family enough to own the latest and greatest killing machine? Inside most real life monsters lies the desire for securing safety for one's interests - with the lines of priorities drawn right through the property/face of someone else. That's not something we're likely to be getting over anytime soon, conflicting interests, and aggressive 'defense'.
Ryan Fenton
Nobody who does anything remotely important or meaningful with computers would ever use the prefix "cyber" in any shape or form. It's clearly just some misdirection being carried out by a D.C. PR/Marketing firm retained by the DoD to keep the Chinese off-balance.
After reading the article, I'm still not sure how this was simulated. Was it basically a situation where a bunch of agency heads sat around, were given a scenario, and asked 'what would you do'? Was this a test of department decision making, or an actual test of doing something? I'm just having a hard time understanding the 'format' of this simulation.
The thinking that came out of this was creepy. giving the feds the ability to shut down cell phone network autonomously? Giving them the right to nationalize the national gaurd? I dont think so.
They cant be serious.
The only decent quesitons in the article was
1) How do you respond if the servers are foreign soil.
2) How likely is it to happen
the big one they failed to ask is
1) How the hell does a piece of malware jump from cell phones to cell NETWORK hardware to the internet?
turkey and some mistletoe helps to make the season bright
so they stand under the mistletoe and kiss the dead turkey flesh?
gross!
While I don't disagree that we could do more in the area of computer security, one needs to look closely at the affiliations of the people running this "exercise."
They're both loyal Neocon insiders. John Negroponte is the former Bush Director of National Intelligence. Michael Chertoff is the former Director of Homeland Security, and co-author of the Patriot Act. And both of these positions were just the last in a string of appointments by Bush/Cheney.
And as career neoconservatives, they've been at the forefront of fearmongering and prevarication in order to lead the US to war and erode civil liberties. These are not opinions, these are well-documented facts.
The neocons are a one trick circus; this is just their newest pony. If you've been paying attention the past nine years, how can you possibly doubt that this is anything else?
I can see the fnords!
Ugh. And Michael Hayden. Bush's chief wiretapper.
Please. These people are among the threats we need security from.
I can see the fnords!
That's good. If it was too rosy that would be a bad thing. Just like we don't want pizza that is too hot or too cold.
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
Regarding a possible shutdown of the cell phone and Internet service to prevent a cascading effect, the group found out that federal agencies actually don't have the authority to do so, and that companies providing these services might be unwilling to do it when asked.
Another thing that might prove to be an issue is the Governors' reluctancy to put their power in the hands of the federal government, which would possibly lead to a nationalization of the National Guard.
Federal Times reports that "Attorney general" Gorelick mused on the idea of introducing laws that would allow the government to seize broader power for the time it takes to suppress a nation-wide cyber attack.
A simple two step plan for advancing authoritarianism:
1. Scare People
2. Seize More Power
What, precisely, would lead us to believe that the Federal government is sufficiently adept at cyber-security to improve upon the staged outcome of this theatrical "attack"? I want better cyber-security and think it is important, much like health care. I do not, however, believe that our government has the skills, the lack of corruption, the honor, or the honesty to do it well. Much like health care.
Tell me, fear-mongers, what you are going to do to solve the problem. Not just a thousand pages of blather within which to hide giveaways to key lobbying groups. Real solutions that the information science and economics communities can scrutinize. If you cannot provide that, you are just asking for power. You are taking liberty with a vapid hint that maybe it will help security. Nay, not even that -- you are taking liberty by shouting fire in a crowded theater.
Bullshit. Start by presenting the solution. Shove your fear-mongering up your ass.
And as for you CNN: You should be ashamed for being their puppet. Sacrificing your journalistic integrity at the alter of the exclusive. What will your pretty shock-graphic story title say? How about: "Cyberwar: Public at Peril"
Stop-Prism.org: Opt Out of Surveillance
What did i do with that mod point?
Ugh. And Michael Hayden. Bush's chief wiretapper.
Please. These people are among the threats we need security from.
You are going to need security from the MS13 punk who lives down the street from you when the power grid has been down 1-2 days.
Looking at the list of participants, they seem to be all policy/political types. Was anyone with technical knowledge involved? My observation of the policy/political types is that their knowledge is so sketchy, vague, and reasoned by analogy (e.g., "collection of tubes") that they can't be depended on for anything technically accurate or definitive.
This event looks like it might have been hype for the purpose of motivating funding.
I wish I could mod you to +6. This "exercise" was nothing but a partisan attempt to embarrass the Obama Administration, scare the American people, dupe the press, and justify a bunch of heavy-handed neocon anti-civil-liberty measures. Its outcome from forgone before the day even began.
SJW: Someone who has run out of real oppression, and has to fake it.
Nothing really technical was simulated. You've got the right idea. A bunch of people sat down, each were sat down and told their duties and the scenario. Ready set go, collect the end result.
Yes seriously, the mods could spend all their points in this slashdot article very quickly.
You group up with some people you know and all camp out in one house for mutual defense.
Anything can be found funny, from a certain point of view.
the faux attack began with malware masquerading as a free March Madness application for smartphones. Once activated, it spread fast and first incapacitated cellphone networks, then landlines, the Internet, and finally - aided by mock bombs exploding in a couple of gas pipelines and power stations and a hurricane hitting the Gulf Coast - brought the entire East Coast electrical power grid to its knees. Air traffic was thrown into disorder and commerce came to a standstill.
Ignoring the practical difficulty of bringing down a cellphone network AND the entire internet with a free March Madness smartphone application, notice that for an internet to have any real effect, they needed to include bombs exploding gas pipelines and power stations.......and a hurricane.
In other words, if you bomb things in the US it can cause problems. Seriously, we have thousands of miles of unprotected power lines across the country......some well placed bombs could knock the power out for a lot of people really quickly.
Qxe4
Don't you see?!? This is just a ploy. You "admit" you are unprepared for an attack to provoke an attack, so you can track the attackers back to their home base and destroy them. And to think some of you consider yourselves intelligent, observant people. [/TinfoilHat]
> You are going to need security from the MS13 punk who lives down the street from you when the power grid has been down 1-2 days.
On August 14, 2003 the power grid was down for 1-2 days. I didn't see any punks looting or attacking. But my neighborhood did come out of their houses for once and everyone got to meet each other. The kids got to know each other and had a great time playing instead of hiding inside from the big bad world. We made lasting friends and the neighborhood has been better for it in the years since that.
Stop fear mongering.
- For the complete works of Shakespeare: cat
FTFA, it's clear that the powers-that-be in charge are incapable with dealing with the scenario properly, what I didn't see covered is anything about "could we handle an attack" from a real infrastructure and mitigation standpoint. IMHO, who gives a flaming rip that some congressional desk monkey can't follow the very policies and procedures they wrote themselves. We all know IT people like me, you and the rest of the InfoSec world are going to have to deal with it and if I noticed it on a national, federal, state or private sector level on my watch, I wouldn't wait for someone to bark an order from up high to try and do something about it.
For all I know, it could be a big U.S. government social propaganda honey-pot to lure attacks to learn from them or see which country "jumps first". I think I just gave my own government WAY too much credit.
Yeah, ramp up that TERROR, turn the dial to PANIC !
Are you scared yet citizen ? Are you ...
More likely big, pointless hardware and software purchases. If you know anyone who works in government the words marginally competent might be a flattering way to describe their business processes. As the professional IT person in my family I find myself regularly horrified by civilian-army family members describing their IT departments (and generally working environment). Did you know ex-military applicants take priority over more qualified non ex-military applicants? And that's not even touching on the rampant nepotism, sheltered career incompetence and general disdain and misunderstanding of the importance of proper training of information technology staff. Of course on the plus side, it probably makes for greater freedom.
Quack, quack.
This was not a mock cyber attack, but in fact it was a media event hosted by the U.S. government.
Seriously, this is the prelude to new legislation that will in practice be used to justify terminating all kinds of service to clamp down on free speech, in the name of prevention of terrorism. And if you try to discuss it, you'll just lose your connection to the internet. When will we wake up and build a mesh network permitting an end-run around the Powers That Be?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
why didn't they just let Skynet handle it?
That was a "simulation" of an attack that just happened to have "cyber" elements.
You are a professional fucking idiot. Do the Internet a favor and save your rubbish for your World of Warcraft buddies.
Let the rest of us handle your security. The least you could do is shut the fuck up while other people protect your ass.
...aided by mock bombs exploding in a couple of gas pipelines and power stations and a hurricane hitting the Gulf Coast - brought the entire East Coast electrical power grid to its knees...
Ok let's examine this shall we. Only 2 threats would have the resources, motivation, and means to even attempt something on this scale. 1) Well funded and organized terrorist organizations. They would have to successfully infiltrate and carry out an attack on a very tight and specific schedule. All the while avoiding raising suspicion with the NSA, CIA, and FBI to name a few. 2) Foreign Governments: Not only would they have to do all the same things as the above, they might as well have troops ready to invade because once this gets traced back to them, which it would, it would start a war. Hell, while we're at it why don't we simulate the attacker coordinating with strategic Nuke strikes at key infrastructure points and parachuting in commando units to secure corridors from troops invading in from Mexico and across the bearing straight. We could call it operation Red Dawn. Point is, if either of these scenario's caught us completely by surprise. We have bigger problems than our National infrastructure.
On August 29, 2005, the power grid was down for several weeks. There were punks looting and attacking. I stopped reading your comment at about this point.
... shows US preparedness. Bruce Willis and crew on standby.
L'esperienza de questa dolce vita (The experience of this sweet life) - Dante Alighieri, The Divine Comedy
Hey nobody mentioned anything about a fire sale.
From Wikipedia:
"Power outage
The ice storm left more than 700,000 people without power in and near the Appalachians, including 630,000 customers in Georgia, 358,000 in South Carolina, 328,000 in North Carolina and 13,000 in Virginia. It took over a week to restore power. Several emergency shelters also were opened.[5][6] Electricity was not restored in many places until 20 December 2005, by which time one death was blamed on the outage.[7]"
Yeah, sounds like mass murder rampaging across the nation. Not.
- For the complete works of Shakespeare: cat
Seriously. I was in south Florida when Hurricane Andrew hit back in the early '90s, and while my family was fortunate not to have been in the direct path of the storm, we knew people whose houses were gone or whose electricity was out for weeks. To this day, I remember one of those people telling me about how wonderful it was to be out of electricity for so long since they it really helped the entire neighborhood bond together in a way that they never would have otherwise.
Similarly, my family was living in Houston when Hurricane Rita hit, and I personally knew several people that had their houses literally washed away (one guy I know found his house a few miles away, completely intact with all of his dishes in the cupboards and clothes still hung up and dry, even) or completely destroyed. Again, the same story emerged: the communities rallied and it became a major social victory.
Really, Katrina is the only recent disaster where I can recall hearing about widespread illegal activity (e.g. looting, rioting, etc.).
I agree; my initial impression upon reading the list of participants was that it was a neocon reunion.
Besides, they're sorta-kinda fibbing (ok, they're lying).
If we did get the U.S. of A. sufficiently hardened - to include all internet users in the nation ('cuz who knows what super-secret intelligence a g'ment worker would put on his or her home system), then three things would happen:
The moral of the story is one of:
Or maybe both.
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
You mean the original members of "Security Theatre" (TM) have reformed for a come-back tour?
I want tickets!
Who has ever match their performance of "Ignorance"?
OK, I'll admit Michael Steele IS working on it...
Looks like the "Acting" Attorney General was potentially a 9/11 style bottleneck. Perhaps she should read the 9/11 reccomendations......oh, that's right, she was one of the authors. Guess her retrospective analysis is clearer than her on the spot decision making ability ;)
Stop fear mongering.
After you, my dear Alphonse.
You sir/madam, are an amateur idiot. Do the Internet a favour and hand back your IP address.
Now go be quiet. Adults are talking.
Federal Times reports that "attorney general" Gorelick mused on the idea of introducing laws that would allow the government to seize broader power for the time it takes to suppress a nation-wide cyber attack
If I was an American, that would scare the crap out of me. They've laid their agenda on the table... to support even MORE powers to control their populace.
The United States lives in clueless blissful ignorance of things such as this. We don't care either-all we want are things to be 'taken care of for us'. Bill Maher said something on Larry King last night that really hit home. He stated that the average American is completely clueless-but does know when their leaders aren't leading (as Obama has been doing the past few months-he reminds me more of a college professor then our President).
Thank you. Interesting how several Troll and Flamebait mods came in overnight on every top reply critical of the exercise leaders' pedigrees.
I can see the fnords!
You first, my dear Gaston.
- For the complete works of Shakespeare: cat