Cyberattack simulation highlights security challenges
The two-day simulation highlighted the problems of securing cyberspace
Senior-level government and industry officials in a two-day
cybersecurity simulation exercise that concluded today said it
demonstrated the importance of a cross-sector, integrated approach to
cybersecurity. The simulation also illustrated some challenges the
Obama administration and next Congress will face in terms of
cybersecurity, they said.
The 230 participants in the Cyber
Strategy Inquiry came from the public and private sectors in areas such
as homeland security defense, transportation, telecommunications and
information technology, and intelligence. The event was held Dec. 17
and today in Washington, D.C. It was sponsored by Booz Allen Hamilton
and Business Executives for National Security.
The structure of
the game involved four government teams, four from industry and one
from civil society. The groups had to communicate through a control
team, which represented Congress and the White House.
those teams also included members from other sectors so they would be
forced to consider the perspectives of other people, said Mark
Gerencser, a senior vice president at Booz Allen Hamilton, one of the
“There was a great realization that we are
all in this together,” said Gerencser. “And what got uncovered in the
game is that there were interdependencies that we didn’t quite
understand or appreciate before.”
Gerencser said one of the key
take-aways from the event was: there really wasn’t anyone in charge of
all of cybersecurity, and perhaps there can’t be one person or entity
in charge, so cybersecurity requires distributed leadership.
Gerencser said some issues became apparent as the group played the game, and they included:
- Privacy versus attribution.
- Regulation versus incentives for cybersecurity.
- Disclosure versus classification.
- Risk management versus resilience.
Gerencser said some of the challenges that emerged during the game included:
- How to design a legal framework that addresses these issues.
- The rules of engagement for a cyberattack.
- How to deal with the global aspects of cybersecurity, including the supply chain.
- How to educate and train the next generation.
Rep. James Langevin (D-R.I.), chairman of the House Homeland Security
Committee’s Emerging Threats, Cybersecurity, and Science and Technology
Subcommittee, participated in the event and said he didn’t think the
United States was prepared to handle a cyberattack.
said that efforts were needed to get the public more aware of the
threat and the solution would require a partnership between the
Congress, the executive branch and private industry.
be an ongoing effort,” Langevin said. “The cyberthreat itself is ever
changing and ever evolving, it is going to be very difficult to stay
one step ahead of it, but that’s what our goal has to be.”
Ben Bain is a reporter for Federal Computer Week.