Cyber-Terrorism Simulation

By Stephanie Jordan
in

On February 16 the Bipartisan Policy Center (BPC) hosted Cyber ShockWave, a simulated cyber attack on the United States, in Washington D.C. According to the organization, Cyber ShockWave highlighted the immediate, real dangers of cyber-terrorism by bringing together a bipartisan group of former senior administration and national security officials playing the roles of Cabinet members.

The simulation envisioned an attack that unfolds over a single day in July 2011. When the Cabinet convenes to face this crisis, 20 million of the nation’s smart phones have already stopped working. The attack, the result of a malware program that had been planted in phones months earlier through a popular “March Madness” basketball bracket application, disrupts mobile service for millions. The attack escalates, shutting down an electronic energy trading platform and crippling the power grid on the Eastern seaboard.

Of a potential cyber attack on the U.S., Stephen Friedman, who played the role of Secretary of the Treasury, said, “There is no question in my mind that this is a predictable surprise and we need to get our act together.”

During the exercise, legal questions were raised regarding personal privacy versus national security. “We have to come to grips with the implications for our personal privacy and the relationship between the federal government and the private sector,” says Jamie Gorelick, who played the role of Attorney General.

Commenting on the best practices that corporations and governmental agencies should learn from the simulation, Joe Hagin, former White House Deputy Chief of Staff stated, “In today’s highly charged environment and with the incredible reliance upon mobile communications, it is of vital importance that anyone with exposure to cellular technologies, either personally or in their business, take proactive steps to protect themselves, their networks, their users, and their data from attack.”

SMobile Systems offered five best practices to avoid the vulnerabilities exposed by the BPC simulation, these include:

  • Protect mobile devices with the same baseline security as PCs;
  • Recognize and take action to centrally control a heterogeneous mobile device environment;
  • Implement technology to protect against all lost and stolen devices;
  • Embrace productivity by supplementing mobile devices with security;
  • Look to the cloud for solutions.

General Dynamics Advanced Information Systems, SMobile Systems, Southern Company, Georgetown University, and PayPal sponsored the Cyber ShockWave simulation with contributions from Symantec Corporation.

While it is hard to know how realistic the exercise was or exactly what the stated outcome of: “unprepared for cyber threats” exactly means, exercises such as these can be valuable, if nothing else to get people to think about disaster preparedness.

Published February 24, 2010