Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mock Cyber Attack Shows US Unpreparedness

Posted by timothy on from the sir-we've-lost-amazon dept.

An anonymous reader writes with word that the outcome of the large-scale cyberattack simulation promised a few days ago isn't too rosy. From the Help Net Security article: "During the simulated cyber attack that took place yesterday in Washington and was recorded by CNN, one thing became clear: the US are still not ready to deflect or mitigate such an attack to an extent that would not affect considerably the everyday life of its citizens. The ballroom of the Washington's Mandarin Oriental Hotel was for this event transformed into the White House Situation Room, complete with three video screens displaying maps of the country, simulated updates and broadcasts by 'GNN,' an imaginary television network 'covering' the crisis."

12 of 148 comments (clear)

  1. Re:Oh - of course its not by TheKidWho · · Score: 3, Insightful

    Or maybe they're actually not prepared for a cyberattack?

    Nono, the man is trying to stick it to us obviously.

  2. Hey what do you know! by Anonymous Coward · · Score: 3, Insightful

    Another reason to take more of our civil liberties in the name of 'national security'

  3. Re:Oh - of course its not by BobMcD · · Score: 3, Insightful

    Why not both?

  4. Re:Oh - of course its not by Monkeedude1212 · · Score: 4, Insightful

    There's a lot of things they aren't prepared for. They beef up airline security while neglecting the security of pipelines in Iraq and Iran. They worry about polution but don't stop the corporations from doing so.

    I'm not saying that they aren't NOT prepared - just that this is going to be abused beyond all recognition. Like how they weren't prepared for a terrorist attack and now I can't bring more than a litre of liquids onto a plane. However - none of that stops guys from setting off bombs in their pants.

  5. Re:Why. by megamerican · · Score: 2, Insightful

    So when they launch a false flag attack on the internet in order to shut it down and censor it they can have a report and say, "See, we told you!"

    --
    If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
  6. Re:Led by Negroponte and Chertoff? Pass the salt. by bughunter · · Score: 4, Insightful

    Ugh. And Michael Hayden. Bush's chief wiretapper.

    Please. These people are among the threats we need security from.

    --
    I can see the fnords!
  7. Authoritarian Theater by Bob9113 · · Score: 4, Insightful

    Regarding a possible shutdown of the cell phone and Internet service to prevent a cascading effect, the group found out that federal agencies actually don't have the authority to do so, and that companies providing these services might be unwilling to do it when asked.

    Another thing that might prove to be an issue is the Governors' reluctancy to put their power in the hands of the federal government, which would possibly lead to a nationalization of the National Guard.

    Federal Times reports that "Attorney general" Gorelick mused on the idea of introducing laws that would allow the government to seize broader power for the time it takes to suppress a nation-wide cyber attack.

    A simple two step plan for advancing authoritarianism:

    1. Scare People
    2. Seize More Power

    What, precisely, would lead us to believe that the Federal government is sufficiently adept at cyber-security to improve upon the staged outcome of this theatrical "attack"? I want better cyber-security and think it is important, much like health care. I do not, however, believe that our government has the skills, the lack of corruption, the honor, or the honesty to do it well. Much like health care.

    Tell me, fear-mongers, what you are going to do to solve the problem. Not just a thousand pages of blather within which to hide giveaways to key lobbying groups. Real solutions that the information science and economics communities can scrutinize. If you cannot provide that, you are just asking for power. You are taking liberty with a vapid hint that maybe it will help security. Nay, not even that -- you are taking liberty by shouting fire in a crowded theater.

    Bullshit. Start by presenting the solution. Shove your fear-mongering up your ass.

    And as for you CNN: You should be ashamed for being their puppet. Sacrificing your journalistic integrity at the alter of the exclusive. What will your pretty shock-graphic story title say? How about: "Cyberwar: Public at Peril"

    --
    Stop-Prism.org: Opt Out of Surveillance
  8. Re:Why. by characterZer0 · · Score: 4, Insightful

    "All warfare is based on deception."

    -Sun Tzu

    --
    Go green: turn off your refrigerator.
  9. Re:Led by Negroponte and Chertoff? Pass the salt. by hoggoth · · Score: 4, Insightful

    > You are going to need security from the MS13 punk who lives down the street from you when the power grid has been down 1-2 days.

    On August 14, 2003 the power grid was down for 1-2 days. I didn't see any punks looting or attacking. But my neighborhood did come out of their houses for once and everyone got to meet each other. The kids got to know each other and had a great time playing instead of hiding inside from the big bad world. We made lasting friends and the neighborhood has been better for it in the years since that.

    Stop fear mongering.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  10. Mock cyber attack == Real media circus by drinkypoo · · Score: 5, Insightful

    This was not a mock cyber attack, but in fact it was a media event hosted by the U.S. government.

    1. "The entire scenario was thought up by Michael Hayden, the former CIA Director" — 'nuff said.
    2. "A bevy of former top US officials were given various roles to play" — note that none of these people were the actual officials playing themselves. Thus this "test" proves nothing.
    3. "a free March Madness application for smartphones. Once activated, it spread fast and first incapacitated cellphone networks, then landlines" — You shut off the cellphone networks and this problem ends. And given how crap they are, they'll probably go down by themselves before they actually take out the land lines. Further, military communications (including governmental backups) are not dependent on either.
    4. "aided by mock bombs exploding in a couple of gas pipelines and power stations" — What does this sentence even mean? Mock bombs exploding does nothing except make smoke and a noise. Mock bomb attacks on these items takes this out of the realm of a "cyber" attack.
    5. "When the servers serving the malware were "discovered" to be located in Russia, "National Security Advisor" Chertoff immediately began inquiring about the possibility of shutting them down and the implications of such an action." — But since there's only a few choke points for traffic to enter the country, this is a stupid and deliberately provocative question to ask. Anyone suggesting doing this in the event of an actual attack should be eliminated from the chain of command for incompetence immediately.
    6. "Regarding a possible shutdown of the cell phone and Internet service to prevent a cascading effect, the group found out that federal agencies actually don't have the authority to do so," — So what? That's what declaring a state of emergency is for. Then they "magically" get the authority for the duration of the emergency.
    7. "Another thing that might prove to be an issue is the Governors' reluctancy to put their power in the hands of the federal government, which would possibly lead to a nationalization of the National Guard." — If the federal government doesn't have any power, how would that help anyway? To create a larger clusterfuck? Also, what does this sentence mean? Which power? Which part of the federal government?
    8. "Federal Times reports that "Attorney general" Gorelick mused on the idea of introducing laws that would allow the government to seize broader power for the time it takes to suppress a nation-wide cyber attack." — But since no such laws were needed, the true purpose of this exercise was revealed.
    9. "When the "exercise" came to an end, the likelihood of such a scenario was discussed. "Secretary of State" Negroponte declared that the attack seemed very plausible to him." — Because otherwise the whole thing would be revealed as either a direct manipulation or a big jerkoff waste of time, and we can't have either of those things coming out, can we?
    10. "Will a real cyber attack of these proportions be required to wake the government up? Probably. In the meantime, war games such as these can start the ball rolling into the right direction." — And apparently that direction is towards greater fascism.

    Seriously, this is the prelude to new legislation that will in practice be used to justify terminating all kinds of service to clamp down on free speech, in the name of prevention of terrorism. And if you try to discuss it, you'll just lose your connection to the internet. When will we wake up and build a mesh network permitting an end-run around the Powers That Be?

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  11. Re:hmm by Obfuscant · · Score: 4, Insightful
    US foreign aid dollars are mostly a quid-pro-quo or negotiating tool.

    Yeah, because we get SO much back from our investments in third world countries. Mostly it's "stop attacking your neighbors and we'll give you more food and money", neither of which gets where it's supposed to go because the rulers are pocketing it.

    We certainly don't do it out of the goodness of our hearts.

    Considering that we don't have to do it at all, don't look the gift horse in the mouth. And then let's talk about the billions in private charity in addition to the billions in taxpayer provided charity, all of which is "goodness of our hearts."

  12. Re:Duh! by Lord+Ender · · Score: 3, Insightful

    Holy bad analogies, batman!

    I know slashdot loves bad analogies, but this you the cake. IT security is most certainly not an illusion. It is very real. With no IT security, an kid halfway around the world could steal your data and sabotage your business on a whim. With well-funded, well-implemented, and fully-staffed IT security programs, it would take a dedicated, big-budget espionage operation to ruin you. And even then, such things would likely be detected and contained.

    If you call that difference illusionary, you've got vision problems.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.