Cyberattack simulation highlights security challenges

The two-day simulation highlighted the problems of securing cyberspace

Senior-level government and industry officials in a two-day cybersecurity simulation exercise that concluded today said it demonstrated the importance of a cross-sector, integrated approach to cybersecurity. The simulation also illustrated some challenges the Obama administration and next Congress will face in terms of cybersecurity, they said.

The 230 participants in the Cyber Strategy Inquiry came from the public and private sectors in areas such as homeland security defense, transportation, telecommunications and information technology, and intelligence. The event was held Dec. 17 and today in Washington, D.C. It was sponsored by Booz Allen Hamilton and Business Executives for National Security.

The structure of the game involved four government teams, four from industry and one from civil society. The groups had to communicate through a control team, which represented Congress and the White House.

However, those teams also included members from other sectors so they would be forced to consider the perspectives of other people, said Mark Gerencser, a senior vice president at Booz Allen Hamilton, one of the event’s organizers.

“There was a great realization that we are all in this together,” said Gerencser. “And what got uncovered in the game is that there were interdependencies that we didn’t quite understand or appreciate before.”

Gerencser said one of the key take-aways from the event was: there really wasn’t anyone in charge of all of cybersecurity, and perhaps there can’t be one person or entity in charge, so cybersecurity requires distributed leadership.

Gerencser said some issues became apparent as the group played the game, and they included:
  • Privacy versus attribution.
  • Regulation versus incentives for cybersecurity.
  • Disclosure versus classification.
  • Risk management versus resilience.
Gerencser said some of the challenges that emerged during the game included:
  • How to design a legal framework that addresses these issues.
  • The rules of engagement for a cyberattack.
  • How to deal with the global aspects of cybersecurity, including the supply chain.
  • How to educate and train the next generation.
Rep. James Langevin (D-R.I.), chairman of the House Homeland Security Committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, participated in the event and said he didn’t think the United States was prepared to handle a cyberattack.

Langevin said that efforts were needed to get the public more aware of the threat and the solution would require a partnership between the Congress, the executive branch and private industry.

“This will be an ongoing effort,” Langevin said. “The cyberthreat itself is ever changing and ever evolving, it is going to be very difficult to stay one step ahead of it, but that’s what our goal has to be.”

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.