Feds prepare security test

SAN FRANCISCO -- The federal government and several international partners will hold a cyber preparedness exercise in November, Homeland Security Department officials said here at the RSA Conference.

Its purpose is to give federal agencies an opportunity to test their plans for responding to a direct or indirect attack on the computer networks that control the nation's critical infrastructure such as power plants and oil pipelines. The exercise will be unclassified, and the public will be informed, said Hun Kim, deputy director of the National Cyber Security Division at DHS.

Although the federal government's best cyber experts say they don't know what kind of attack to expect, they can offer scenarios of what a cyber winter might be. G. Rick Wilson, special assistant for strategic policy at the National Security Agency's Information Assurance Directorate, said he doubts that a cyber winter would be caused by a massive denial-of-service attack on critical routers and servers. "I don't think it's going to be loud and noisy," he said.

Instead, Wilson said he suspects that sophisticated intruders would quietly try to wreak havoc, causing a loss of confidence in the interconnected system of networks and information systems on which the nation's economy and security now depends. "Somebody's going to figure out how to get across a low wall and get on the inside, and they're not going to go in a chat room and talk about it," Wilson said. "We're talking about a sophisticated adversary."

Wilson, continuing with his hypothetical scenario, said the adversary would "remain hidden until something happens, maybe something in the geopolitical sphere."

Finding a hidden enemy and cleaning up the damage in such a scenario would be extremely difficult, Wilson said. "You're going to have not only national security issues; you're going to have privacy issues. I'll leave it at that," he said.