Mock Cyber Attack Shows US Unpreparedness

An anonymous reader writes with word that the outcome of the large-scale cyberattack simulation promised a few days ago isn't too rosy. From the Help Net Security article: "During the simulated cyber attack that took place yesterday in Washington and was recorded by CNN, one thing became clear: the US are still not ready to deflect or mitigate such an attack to an extent that would not affect considerably the everyday life of its citizens. The ballroom of the Washington's Mandarin Oriental Hotel was for this event transformed into the White House Situation Room, complete with three video screens displaying maps of the country, simulated updates and broadcasts by 'GNN,' an imaginary television network 'covering' the crisis."

Re:Oh - of course its not

[bill_mcgonigle]

Or maybe they're actually not prepared for a cyberattack?

Or maybe it's not possible for the government to defend against a well-planned cyberattack without also giving the government the ability to shut off arbitrary Internet connections? And that would be bad, m'kay?

We have good network operators. They can handle this.

If the government really wants to help, why don't I ever hear any PSA's about turning on your software updates and not being conned by 'Click here to see kittens and get money' spam? Why don't they pay Microsoft to develop a yum/apt-like update mechanism for their OS (that 3rd parties can access)? The other articles said 80% of attacks last year are from people using old versions of Acrobat - that's a solved problem in computing.

Duh!

[RyanFenton]

Security is almost by definition an illusion - by making information accessible to someone, you make it potentially available to anyone. Completely enforcing security ideals to a logical extreme would result in complete paralysis, depleting enormous resources along the way (see: the cold war). If you want to keep anything secret, you have to limit its use, and limit the amount of things you keep secret - otherwise the cost of maintaining that secret status becomes prohibitive and unrealistic.

It's the same thing with 'virtual borders' as it is with real borders - you can't keep eyes, or even cameras, or even CPU cycles going on all potential borders. It just won't work - you have to observe effects and target responses, use honeypots and similar tactics, and marshal your resources to minimize the effects of breaches. Better yet, improve relations and economies on both sides of the border, and make such breaches meaningless while still enforcing your limited security goals - you'll be serving all your underlying motivations at the same time.

Then again - security always seems to be a 'temporary' thing, that happens to almost always be escalating. Don't you love your family enough to own the latest and greatest killing machine? Inside most real life monsters lies the desire for securing safety for one's interests - with the lines of priorities drawn right through the property/face of someone else. That's not something we're likely to be getting over anytime soon, conflicting interests, and aggressive 'defense'.

Ryan Fenton

I don't quite understand 'how' this was simulated

[zero_out]

After reading the article, I'm still not sure how this was simulated. Was it basically a situation where a bunch of agency heads sat around, were given a scenario, and asked 'what would you do'? Was this a test of department decision making, or an actual test of doing something? I'm just having a hard time understanding the 'format' of this simulation.

Led by Negroponte and Chertoff? Pass the salt.

[bughunter]

While I don't disagree that we could do more in the area of computer security, one needs to look closely at the affiliations of the people running this "exercise."

They're both loyal Neocon insiders. John Negroponte is the former Bush Director of National Intelligence. Michael Chertoff is the former Director of Homeland Security, and co-author of the Patriot Act. And both of these positions were just the last in a string of appointments by Bush/Cheney.

And as career neoconservatives, they've been at the forefront of fearmongering and prevarication in order to lead the US to war and erode civil liberties. These are not opinions, these are well-documented facts.

The neocons are a one trick circus; this is just their newest pony. If you've been paying attention the past nine years, how can you possibly doubt that this is anything else?

Re:This is actually very comforting

[vlm]

some well placed bombs could knock the power out for a lot of people really quickly.

The interesting thing is that bombs don't do "much" to power lines. A "sooper soaker" three man sling shot, a couple dozen lengths of chain, and a substation, now you're talking. Transmission towers and cutting torches don't mix very well either.

I have this jewish friend, real jewish like cousins in Israel type of jewish. Anyway, he explains that real terrorists do about a hundred attacks against structures for every time they hit people. Broken glass, molotov fires, graffiti, cut wires, etc. Thats because you never know when a person will whip out an uzi and fight back (well, actually, in the gun control areas in the us, you know they're sitting ducks), but aside from darwin award winners, structures never fight back. Thats how I've always known the "terror threat" in the US is bogus, because no one ever hits our structures.

Now, if we were sitting in the dark, with no water or sewers, no radio or TV, no gas stations, no natural gas, all shop windows broken, all forests on fire, then I'd believe we are under a real terrorist threat... But when its just Reichstag fire acts followed immediately by passage of enabling legislation, followed within a couple years of invasion of multiple innocent countries...