Cyberattack simulation highlights vulnerabilities

Former officials showed how the president's cabinet could respond to a major cyber incident

Imagine that a widely downloaded, malicious smart phone application has triggered a national security crisis and brought the country’s telecommunications and electronic infrastructure to a standstill.

This scenario was only make-believe: the East Coast still has power and Midwestern factories are functioning. But the threats from cyber exploits against the national and economic security of the United States is very real, according to former senior government officials who participated in a simulation exercise today in Washington.

The former officials gathered in a mock White House situation room–actually in the Mandarin Oriental Hotel in Southwest Washington–to play the parts of Cabinet officials faced with quickly developing national security and economic crises after a virtual nuisance quickly becomes a real nightmare. The simulation, named Cyber ShockWave and held by the Bipartisan Policy Center, was observed by reporters; CNN plans to air the event.

Related story:

Former officials plan guest appearances in cyberattack simulation

For a few hours the former officials–led by former Homeland Security secretary Michael Chertoff, playing the role of national security adviser–talked through the crisis and discussed how to prepare a sitting president for an immediate press conference on the matter.

The mock Cabinet debated everything from possible retaliatory strikes on the perpetrators of the attack to federalizing utilities to deal with burgeoning energy crisis to political strategy. Meanwhile, the situation just kept getting worse. Disruptions from the “March Madness” smart phone application quickly spread to the Internet, bringing it to a virtual standstill.

Power outages that were said to have a cyber component engulfed the eastern part of the Unites States. Officials remained unable to definitively identify who was behind the attacks, even as they discussed using military forces domestically.

As the former officials weighed their options the limits of the country’s current legal, statutory, and regulatory frameworks for dealing with the cyber world became increasingly apparent.

“I have to tell you that ... we are operating in a bit of unchartered territory.” said Jamie Gorelick, a former deputy attorney general who played the role of attorney general in the exercise.

Meanwhile, as the mock media reports continued to stream into the situation room it also became obvious that immediate responses to the cyber crisis would have huge political and economic implications.

“I think the president has to, despite all of his instincts to reassure people, not undersell this,” Joe Lockhart, former chief spokesman for President Bill Clinton who played the role of counselor to the president. “He’s got to define this as a major crisis ... we will kill ourselves politically if we undersell this.”

“There’s no question this has a disastrous impact on the economy,” said Stephen Friedman, former director of the National Economic Council under President George W. Bush who played the role of treasury secretary. “You have financial markets shut down at this point, ordinary transactions are dramatically depleted, there’s no question that this has a major impact on consumer confidence.”

As the simulation wound down and Chertoff pretended he was off to brief the president, he summed up his observations from the mock exercise. Chertoff said that officials seemed frustrated with the limitations for dealing with cyber threats of the binary system separated into domestic law enforcement and international military components.

“The fact is, this is going to take us in and out of our borders, the servers may be in Russia, the actual originator may be in Sudan, or may be next door here somewhere in suburban Virginia, so we’re going to have to find away to assemble all the tools in the toolkit,” Chertoff said, recapping some of the details of the simulation.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected