Cyber Storm Attack on U.S. Coming this March

The AP described it as a really bad day, but that somewhat understates the magnitude of it all. It, of course, refers to the “Cyber Storm” war game that the US Government held early 2006, in an attempt to gauge the necessary reaction and requisite skills of the games participants.

In the middle of this biggest-ever "Cyber Storm" war game to test the nation's hacker defenses, someone quietly targeted the very computers used to conduct the exercise.

The surprising perp? The players themselves, the same government and corporate experts responsible for detecting and fending off attacks against vital computer systems, according to hundreds of pages of heavily censored files obtained by The Associated Press. Perplexed organizers sent everyone an urgent e-mail marked "IMPORTANT!" instructing them not to probe or attack the game's control computers.

If anyone has seen the 1983 movie War Games starring a very young Matthew Broderick, then multiply that by 10 and you’ll begin to get close to just what it was the US Government sicked on to the willing participants. The Homeland Security Department ran the exercise to test the nation's hacker defenses, with help from the State Department, Pentagon, Justice Department, CIA, National Security Agency and others.

The "others" included government officials from the United States, England, Canada, Australia and New Zealand and executives from leading technology and transportation companies.

The $3 million, invitation-only war game simulated what the U.S. describes as plausible attacks over five days in February 2006 against the technology industry, transportation lines and energy utilities by anti-globalization hackers. The government is organizing a multimillion-dollar "Cyber Storm 2," to take place in early March.

The simulated attacks consisted of everything imaginable: Washington's metro trains being shut down. New York’s seaport computers going dark. Bloggers revealing the locations of secret railcars containing hazardous materials (it’s always the bloggers!). Airport control towers disrupted at Philadelphia and Chicago. A mysterious liquid found on London’s subway. Planes flying to close to the White House, and more.

In short, the test was to throw everything at the players to see what they could handle, in an attempt to simulate as much public panic as possible. "They point out where your expectations of your capabilities may be overstated," Homeland Security Secretary Michael Chertoff told the AP. "They may reveal to you things you haven't thought about. It's a good way of testing that you're going to do the job the way you think you were. It's the difference between doing drills and doing a scrimmage."

"We want to stress these players," said Jeffrey Wright, the former Cyber Storm director for the Homeland Security Department. "None of the players took 100 percent of the correct, right actions. If they had, we wouldn't have done our job as planners."

And the results aren’t overly encouraging to be honest. No one took home the 100% as mentioned, and companies and governments were said to have worked successfully only “in some cases.” But key players didn't understand the role of the premier U.S. organization responsible for fending off major cyber attacks, called the National Cyber Response Coordination Group, and it didn't have enough technical experts. Also, the sheer number of mock attacks complicated defensive efforts.

One last thing though, in proof that a geek’s ego is much bigger than anyone else you’ve ever met; the geek’s struck back! Or tried too at least. Apparently, according to the 328 heavily censored pages that were turned over to the AP, somebody or someone’s attacked the computers that was being used to conduct the exercise.

"Any time you get a group of (information technology) experts together, there's always a desire, 'Let's show them what we can do,'" said George Foresman, a former senior Homeland Security official who oversaw Cyber Storm. "Whether its intent was embarrassment or a prank, we had to temper the enthusiasm of the players."

Posted by Josh Hill.

If you liked this article, please give it a quick review on Digg, Reddit, or StumbleUpon.Thanks!

Comments

I really don't get this, but then, I'm not a hacker. It sounds like the government *wanted* people to try to hack something, they did, and it pissed them off(?)

I'm so confused.

Posted by: Alkhemist | February 02, 2008 at 03:23 PM

Was this really a 'game'?

Posted by: Howie | February 06, 2008 at 06:38 PM