Wednesday, September 15, 2010

Surprising simulation to the cyber-threat?

Maj William Ottati highlighted some interesting talking points from a Tuesday presentation "Cyber Shock Wave".

The discussion titled "Cyber Shock Wave" opened with a video of a recent simulation conducted by the Bipartisan Policy Council. The video described the "March Madness" bot attack on US telecommunications. The "executive simulation" involved former national security and US cabinet members, such as Michael Chertoff, former DHS Secretary, as well as other notable leaders in the national policy arena like Fran Townsend, Stephen Friedman, and John Negroponte. This panel was a simulated National Security Council struggling to understand what to advise the President to do about this growing cyber attack. As the internet was slowing down and telecommunications nationwide were being affected, the panel was struggling with whether or not they had the legal authority to quarantine those cell phones and networks that had been affected, as well as trying to determine where the attack came from and whether or not the attack constituted an "act of war." The video ended with simulated news reports that the financial sector and electrical grids were already being affected by this attack. There didn't seem to be any decision on exactly what this panel would advise the President to do.

The video ended and discussion continued with comments from Gen Hayden and Gen Keys. What became glaringly obvious from the video was summed up well by Gen Hayden: "Our policy [in this area] is way behind our operational capabilities and needs." He also discussed the lack of a 21st century definition of what a reasonable expectation of privacy is on the internet. Lastly, Gen Hayden sought to inject a discussion of who has authority and responsibility in the different domains (.com vs .mil). What he saw in the simulation was a quick "punt" from the DHS secretary to the DoD secretary, much quicker than he thinks would actually occur if a real attack were to occur. Gen Keys brought home the message that it is difficult to deter bad actors in this domain, as he said: "How do you deter the indeterable?" One suggestion he made was to change the return on investment, meaning make it less lucrative for the enemy and/or make the cost of being caught much greater than it currently is.

The discussion ended with questions aimed at the audience. What did this simulation/exercise achieve? What was the result? Though a clear answer has yet to be defined, both generals believe the exercise got hold of people’s attention and would hopefully fuel the policy debate to fill the gams that currently exist.

1 comment:

Cyber Security Simulation Exercise said...

Cyber security simulation create representative cyber attack and intrusion detection sensor alert data. Thanks for sharing