Cyberattack simulation highlights vulnerabilities

A simulation exercise today showed the legal and technical problems a cyberattack could cause.

Imagine that a widely downloaded, malicious smart phone application has triggered a national security crisis and brought the country’s telecommunications and electronic infrastructure to a standstill.

This scenario was only make-believe: the East Coast still has power and Midwestern factories are functioning. But the threats from cyber exploits against the national and economic security of the United States is very real, according to former senior government officials who participated in a simulation exercise today in Washington.

The former officials gathered in a mock White House situation room–actually in the Mandarin Oriental Hotel in Southwest Washington–to play the parts of Cabinet officials faced with quickly developing national security and economic crises after a virtual nuisance quickly becomes a real nightmare. The simulation, named Cyber ShockWave and held by the Bipartisan Policy Center, was observed by reporters; CNN plans to air the event.

Related story:

Former officials plan guest appearances in cyberattack simulation

For a few hours the former officials–led by former Homeland Security secretary Michael Chertoff, playing the role of national security adviser–talked through the crisis and discussed how to prepare a sitting president for an immediate press conference on the matter.

The mock Cabinet debated everything from possible retaliatory strikes on the perpetrators of the attack to federalizing utilities to deal with burgeoning energy crisis to political strategy. Meanwhile, the situation just kept getting worse. Disruptions from the “March Madness” smart phone application quickly spread to the Internet, bringing it to a virtual standstill.

Power outages that were said to have a cyber component engulfed the eastern part of the Unites States. Officials remained unable to definitively identify who was behind the attacks, even as they discussed using military forces domestically.

As the former officials weighed their options the limits of the country’s current legal, statutory, and regulatory frameworks for dealing with the cyber world became increasingly apparent.

“I have to tell you that ... we are operating in a bit of unchartered territory.” said Jamie Gorelick, a former deputy attorney general who played the role of attorney general in the exercise.

Meanwhile, as the mock media reports continued to stream into the situation room it also became obvious that immediate responses to the cyber crisis would have huge political and economic implications.

“I think the president has to, despite all of his instincts to reassure people, not undersell this,” Joe Lockhart, former chief spokesman for President Bill Clinton who played the role of counselor to the president. “He’s got to define this as a major crisis ... we will kill ourselves politically if we undersell this.”

“There’s no question this has a disastrous impact on the economy,” said Stephen Friedman, former director of the National Economic Council under President George W. Bush who played the role of treasury secretary. “You have financial markets shut down at this point, ordinary transactions are dramatically depleted, there’s no question that this has a major impact on consumer confidence.”

As the simulation wound down and Chertoff pretended he was off to brief the president, he summed up his observations from the mock exercise. Chertoff said that officials seemed frustrated with the limitations for dealing with cyber threats of the binary system separated into domestic law enforcement and international military components.

“The fact is, this is going to take us in and out of our borders, the servers may be in Russia, the actual originator may be in Sudan, or may be next door here somewhere in suburban Virginia, so we’re going to have to find away to assemble all the tools in the toolkit,” Chertoff said, recapping some of the details of the simulation.