Cyberattack simulation highlights security challenges

The two-day simulation highlighted the problems of securing cyberspace

Senior-level government and industry officials in a two-day cybersecurity simulation exercise that concluded today said it demonstrated the importance of a cross-sector, integrated approach to cybersecurity. The simulation also illustrated some challenges the Obama administration and next Congress will face in terms of cybersecurity, they said.

The 230 participants in the Cyber Strategy Inquiry came from the public and private sectors in areas such as homeland security defense, transportation, telecommunications and information technology, and intelligence. The event was held Dec. 17 and today in Washington, D.C. It was sponsored by Booz Allen Hamilton and Business Executives for National Security.

The structure of the game involved four government teams, four from industry and one from civil society. The groups had to communicate through a control team, which represented Congress and the White House.

However, those teams also included members from other sectors so they would be forced to consider the perspectives of other people, said Mark Gerencser, a senior vice president at Booz Allen Hamilton, one of the event’s organizers.

“There was a great realization that we are all in this together,” said Gerencser. “And what got uncovered in the game is that there were interdependencies that we didn’t quite understand or appreciate before.”

Gerencser said one of the key take-aways from the event was: there really wasn’t anyone in charge of all of cybersecurity, and perhaps there can’t be one person or entity in charge, so cybersecurity requires distributed leadership.

Gerencser said some issues became apparent as the group played the game, and they included:
  • Privacy versus attribution.
  • Regulation versus incentives for cybersecurity.
  • Disclosure versus classification.
  • Risk management versus resilience.
Gerencser said some of the challenges that emerged during the game included:
  • How to design a legal framework that addresses these issues.
  • The rules of engagement for a cyberattack.
  • How to deal with the global aspects of cybersecurity, including the supply chain.
  • How to educate and train the next generation.
Rep. James Langevin (D-R.I.), chairman of the House Homeland Security Committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, participated in the event and said he didn’t think the United States was prepared to handle a cyberattack.

Langevin said that efforts were needed to get the public more aware of the threat and the solution would require a partnership between the Congress, the executive branch and private industry.

“This will be an ongoing effort,” Langevin said. “The cyberthreat itself is ever changing and ever evolving, it is going to be very difficult to stay one step ahead of it, but that’s what our goal has to be.”

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.