U.S. Government Tests Its Hacker Defenses

By Matthew Harwood

According to documents obtained by the Associated Press, the U.S. government conducted its largest-ever war game in February 2006 to test the nation's defenses against hackers.

The Department of Homeland Security ran the invitation-only war game, called "Cyber Storm," with help from the State Department, Pentagon, Justice Department, CIA, National Security Agency and others. The exercise cost $3 million and included government officials from the United States, England, Canada, Australia, and New Zealand, as well as executives from powerful technology and transportation companies.

According to the AP, the threat scenario looked like this:

Imagined villains include hackers, bloggers and even reporters. After mock electronic attacks overwhelmed computers at the Port Authority of New York and New Jersey, an unspecified "major news network" airing reports about the attackers refused to reveal its sources to the government. Other simulated reporters were duped into spreading "believable but misleading" information that worsened fallout by confusing the public and financial markets, according to the government's files.

Other fictional disasters included: 

Hacker break-ins at an airline; stolen commercial software blueprints; problems with satellite navigation systems; trouble with police radios in Montana; school closures in Washington, Miami and New York; computer failures at border checkpoints.

One scenario even had hundreds of people on "No Fly" lists suddenly inundating airport ticket counters.

The exercise separated the attacks into three categories: computer, physical, or psychological operations.

The former "Cyber Storm" director for DHS, Jeffrey Wright, said players made mistakes responding to the various crises, but noted that if they were perfect, "we wouldn't have done our job as planners."

Overall, government officials and private sector officials worked well in some areas and failed in others.

One problem was that players didn't understand the role of the National Cyber Response Coordination Group, the government organization responsible for defending the country against large cyberattacks. Also, the myriad attack scenarios overwhelmed the players' defenses.

This won't be the last time the government tests its defenses against hacker attacks, DHS has scheduled another war game, "Cyber Storm II," for this March, reports AP.



View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.