Cyberattack simulation highlights security challenges

The two-day simulation highlighted the problems of securing cyberspace

Senior-level government and industry officials in a two-day cybersecurity simulation exercise that concluded today said it demonstrated the importance of a cross-sector, integrated approach to cybersecurity. The simulation also illustrated some challenges the Obama administration and next Congress will face in terms of cybersecurity, they said.

The 230 participants in the Cyber Strategy Inquiry came from the public and private sectors in areas such as homeland security defense, transportation, telecommunications and information technology, and intelligence. The event was held Dec. 17 and today in Washington, D.C. It was sponsored by Booz Allen Hamilton and Business Executives for National Security.

The structure of the game involved four government teams, four from industry and one from civil society. The groups had to communicate through a control team, which represented Congress and the White House.

However, those teams also included members from other sectors so they would be forced to consider the perspectives of other people, said Mark Gerencser, a senior vice president at Booz Allen Hamilton, one of the event’s organizers.

“There was a great realization that we are all in this together,” said Gerencser. “And what got uncovered in the game is that there were interdependencies that we didn’t quite understand or appreciate before.”

Gerencser said one of the key take-aways from the event was: there really wasn’t anyone in charge of all of cybersecurity, and perhaps there can’t be one person or entity in charge, so cybersecurity requires distributed leadership.

Gerencser said some issues became apparent as the group played the game, and they included:
  • Privacy versus attribution.
  • Regulation versus incentives for cybersecurity.
  • Disclosure versus classification.
  • Risk management versus resilience.
Gerencser said some of the challenges that emerged during the game included:
  • How to design a legal framework that addresses these issues.
  • The rules of engagement for a cyberattack.
  • How to deal with the global aspects of cybersecurity, including the supply chain.
  • How to educate and train the next generation.
Rep. James Langevin (D-R.I.), chairman of the House Homeland Security Committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, participated in the event and said he didn’t think the United States was prepared to handle a cyberattack.

Langevin said that efforts were needed to get the public more aware of the threat and the solution would require a partnership between the Congress, the executive branch and private industry.

“This will be an ongoing effort,” Langevin said. “The cyberthreat itself is ever changing and ever evolving, it is going to be very difficult to stay one step ahead of it, but that’s what our goal has to be.”

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.