After participating in a two day cyber war simulation last week, government and industry officials said that the United States is ill-equipped to cope with a major attack against computer networks Reuters reports.
The cyber war game brought together 230 representatives of government agencies, private companies and other groups, and revealed failings in leadership, planning, and communications.
Mark Gerencser, vice president of Booz Allen Hamilton, the consulting service which ran the simulation said: “There isn’t a response or a game plan; there isn’t really anybody in charge.”
The threats are serious. Earlier this year, federal prosecutors charged 11 people with stealing more than 41 million credit and debit card numbers, cracking what appeared to be the largest hacking and identity theft network ever exposed.
Chairman of the Homeland Security Subcommittee on Cybersecurity, US Representative James Langevin said that a successful attack could lead to failure of banking or national electrical systems.
“We’re way behind where we need to be now,” said Langevin. “This is equivalent in my mind to before September 11 … we were awakened to the threat on the morning after September 11.”
Mock War Game Findings Similar to CSIS Report
The mock cyber attack follows the December 8 release of the CSIS Cybersecurity Commission report, Securing Cyberspace for the 44th Presidency which found that America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration.
The report claims that there has been immense damage to the national interest, citing major intrusions to various government departments during 2007 alone:
- The unclassified e-mail of the Office of the Secretary of Defense was hacked
- The Department of State had lost terabytes of information
- Homeland Security suffered break-ins in several of its divisions
- NASA had to impose e-mail restriction before shuttle launches and had allegedly seen designs for new launches compromised
- The Department of Commerce was forced to take the Bureau of Industry and Security offline for several months
- The White House recently dealt with unidentifiable intrusions in its networks
Slashdot Puts Questions to Rep. Langevin
With the 98 page CSIS report raising more questions than answers, Slashdot solicited questions for Langevin in an attempt to better understand some of the recommendations. Yesterday Slashdot posted his reply.
The key points include:
- The advantages of moving towards a more operational-focused testing environment like red/blue teams and penetration testing
- The need to develop and issue standards and guidance for securing three specific critical cyber infrastructures – telecom, finance, and energy
- Whether or not cyber operations should be run by the White House
Having witnessed President Elect Obama’s capabilities when it comes to all things Web, and having heard his intent to renew our information superhighway, we suspect he understands the importance of focusing on our cyber security issues and continues to build a stronger Internet for the citizens of the United States.
Photo credit: Marcos Papapopolus