Cyberattack simulation highlights vulnerabilities

Former officials showed how the president's cabinet could respond to a major cyber incident

Imagine that a widely downloaded, malicious smart phone application has triggered a national security crisis and brought the country’s telecommunications and electronic infrastructure to a standstill.

This scenario was only make-believe: the East Coast still has power and Midwestern factories are functioning. But the threats from cyber exploits against the national and economic security of the United States is very real, according to former senior government officials who participated in a simulation exercise today in Washington.

The former officials gathered in a mock White House situation room–actually in the Mandarin Oriental Hotel in Southwest Washington–to play the parts of Cabinet officials faced with quickly developing national security and economic crises after a virtual nuisance quickly becomes a real nightmare. The simulation, named Cyber ShockWave and held by the Bipartisan Policy Center, was observed by reporters; CNN plans to air the event.

Related story:

Former officials plan guest appearances in cyberattack simulation

For a few hours the former officials–led by former Homeland Security secretary Michael Chertoff, playing the role of national security adviser–talked through the crisis and discussed how to prepare a sitting president for an immediate press conference on the matter.

The mock Cabinet debated everything from possible retaliatory strikes on the perpetrators of the attack to federalizing utilities to deal with burgeoning energy crisis to political strategy. Meanwhile, the situation just kept getting worse. Disruptions from the “March Madness” smart phone application quickly spread to the Internet, bringing it to a virtual standstill.

Power outages that were said to have a cyber component engulfed the eastern part of the Unites States. Officials remained unable to definitively identify who was behind the attacks, even as they discussed using military forces domestically.

As the former officials weighed their options the limits of the country’s current legal, statutory, and regulatory frameworks for dealing with the cyber world became increasingly apparent.

“I have to tell you that ... we are operating in a bit of unchartered territory.” said Jamie Gorelick, a former deputy attorney general who played the role of attorney general in the exercise.

Meanwhile, as the mock media reports continued to stream into the situation room it also became obvious that immediate responses to the cyber crisis would have huge political and economic implications.

“I think the president has to, despite all of his instincts to reassure people, not undersell this,” Joe Lockhart, former chief spokesman for President Bill Clinton who played the role of counselor to the president. “He’s got to define this as a major crisis ... we will kill ourselves politically if we undersell this.”

“There’s no question this has a disastrous impact on the economy,” said Stephen Friedman, former director of the National Economic Council under President George W. Bush who played the role of treasury secretary. “You have financial markets shut down at this point, ordinary transactions are dramatically depleted, there’s no question that this has a major impact on consumer confidence.”

As the simulation wound down and Chertoff pretended he was off to brief the president, he summed up his observations from the mock exercise. Chertoff said that officials seemed frustrated with the limitations for dealing with cyber threats of the binary system separated into domestic law enforcement and international military components.

“The fact is, this is going to take us in and out of our borders, the servers may be in Russia, the actual originator may be in Sudan, or may be next door here somewhere in suburban Virginia, so we’re going to have to find away to assemble all the tools in the toolkit,” Chertoff said, recapping some of the details of the simulation.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.