Working together

Gregory White, technical director of the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio, which is leading the planning and execution of Dark Screen, said a core group of about 12 people representing various organizations has been working on the exercise for the past year.

A planning conference In May included about 75 cybersecurity specialists from among the participants. They provided input on possible scenarios to ensure that they would be as realistic as possible, White said. Those attendees then took the ideas back to their colleagues to review the plausibility of the proposed scenarios.

As an example, White said officials at the Air Intelligence Agency at Lackland Air Force Base, Texas, can often detect hacks and intrusions that are generated overseas long before they hit targets on the U.S. mainland because many of those events "follow the sun."

"That's cool that the military knows about it," he said, "but how do you get that to the city, the private sector, the state" and other players? "We don't have real good mechanisms to do that."

White said the Texas National Guard could help in this area, because it is one of the few organizations with federal and state duties. "People in Washington say this needs to be done, and our goal is to start identifying ways of doing it."

John Pike, a former defense analyst at the Federation of American Scientists and now director of the nonprofit GlobalSecurity. org, said planning is crucial to the success of Dark Screen. It will be especially challenging to come up with tabletop and live scenarios that are realistic but don't actually do harm.

"I think that the big challenge will be conducting a simulation that is sufficiently realistic to be useful, without being so realistic as to leave utility customers sitting in the dark," Pike said. "The problem is that most other emergency response exercises either take place in existing emergency operations centers or are staged in the field. But actual attempts to penetrate networks is the real test, since I think there is considerable uncertainty as to the extent to which this will prove possible."