Cyberattack simulation highlights security challenges

The two-day simulation highlighted the problems of securing cyberspace

• By Ben Bain
• Dec 18, 2008

Senior-level government and industry officials in a two-day cybersecurity simulation exercise that concluded today said it demonstrated the importance of a cross-sector, integrated approach to cybersecurity. The simulation also illustrated some challenges the Obama administration and next Congress will face in terms of cybersecurity, they said.

The 230 participants in the Cyber Strategy Inquiry came from the public and private sectors in areas such as homeland security defense, transportation, telecommunications and information technology, and intelligence. The event was held Dec. 17 and today in Washington, D.C. It was sponsored by Booz Allen Hamilton and Business Executives for National Security.

The structure of the game involved four government teams, four from industry and one from civil society. The groups had to communicate through a control team, which represented Congress and the White House.

However, those teams also included members from other sectors so they would be forced to consider the perspectives of other people, said Mark Gerencser, a senior vice president at Booz Allen Hamilton, one of the event’s organizers.

“There was a great realization that we are all in this together,” said Gerencser. “And what got uncovered in the game is that there were interdependencies that we didn’t quite understand or appreciate before.”

Gerencser said one of the key take-aways from the event was: there really wasn’t anyone in charge of all of cybersecurity, and perhaps there can’t be one person or entity in charge, so cybersecurity requires distributed leadership.

Gerencser said some issues became apparent as the group played the game, and they included:

• Privacy versus attribution.
• Regulation versus incentives for cybersecurity.
• Disclosure versus classification.
• Risk management versus resilience.

Gerencser said some of the challenges that emerged during the game included:

• How to design a legal framework that addresses these issues.
• The rules of engagement for a cyberattack.
• How to deal with the global aspects of cybersecurity, including the supply chain.
• How to educate and train the next generation.

Rep. James Langevin (D-R.I.), chairman of the House Homeland Security Committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, participated in the event and said he didn’t think the United States was prepared to handle a cyberattack.

Langevin said that efforts were needed to get the public more aware of the threat and the solution would require a partnership between the Congress, the executive branch and private industry.

“This will be an ongoing effort,” Langevin said. “The cyberthreat itself is ever changing and ever evolving, it is going to be very difficult to stay one step ahead of it, but that’s what our goal has to be.”

Reader comments