While serving in the Marine Corps, one activity that I felt was effective in preparing both myself and my unit to be able to handle real-world scenarios, was getting as much experience as possible from military training exercises. In most cases multiple branches worked together or, as in the case with NATO exercises, multiple countries worked together. The goal was always to prepare us for various potential scenarios as well as learning to quickly adapt due to the impossible-to-calculate number of permutations of attacker, weapons, target, collateral damage, etc.
Today the Bipartisan Policy Center (BPC) held a simulated cyber attack against the United States. The goal was to take a group of former high-ranking Cabinet and national security officials and successfully complete the mission of advising the president throughout the crisis. Their responses will be in real-time as will be the intelligence and news feeds. The full list of participants is available from the PRNewsWire press release (http://www.prnewswire.com/news-releases/cyber-shockwave-hits-washington-83570087.html).
The exercise began at 10 am EST and lasted for three hours. During that time, the attack escalated from cellular networks to electrical utilities. The exercise was designed by former CIA Director Michael Hayden in partnership with the BPC.
To understand the scope and capabilities of the adversaries we are facing in today's connected world, I selected what I thought was a very applicable report: Annual Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence. This report is from the congressional testimony on February 2, 2010, by US Director of National Intelligence, Dennis Blair. Below are samplings of his comments:
"The cyber criminal sector in particular has displayed remarkable technical innovation with an agility presently exceeding the response capability of network defenders. Criminals are developing new, difficult-to-counter tools."
"Criminals are collaborating globally and exchanging tools and expertise to circumvent defensive efforts, which makes it increasingly difficult for network defenders and law enforcement to detect and disrupt malicious activities."
The full testimony (PDF) is available here (http://www.dni.gov/testimonies/20100202_testimony.pdf)
This brings to mind the old adage, "fight fire with fire" – which is applicable when combating cybercrime and cyber attackers. Continually increasing global cooperation (for instance: laws, extradition agreements, criminal sentences) coupled with fast-paced innovation can have the direct impact of not only closing the gap, but also plain and simply putting them in a "hurt locker" (aka "world of hurt") since, in many cases, cybercriminals/attackers don't feel pain commensurate with the scale and scope of their crimes.
I brought up cybercrime because a number of the tools and techniques are similar or identical between cybercriminals and those that would wage cyber warfare. In fact, if you were to follow the money trail of all cybercrime activity there is a very high probability that you will ultimately encounter an adversary that is planning, or conducting, cyber attacks against the United States.
By now you can read about operation Cyber ShockWave from just about anywhere on the 'net. You can also go to the Bipartisan Policy Center's web site directly: http://www.bipartisanpolicy.org/events/cyber2010. This weekend CNN will be providing special coverage of Cyber ShockWave (Saturday February 20).
Hopefully this exercise provided realistic attacks and the video coverage will show the decision-makers "making the call" in different scenarios. For obvious reasons, the "big gaping holes" shouldn't be exposed to the world, but at the very least, it does bring awareness to a problem that governments across the world face on a daily basis – how to handle the dynamic nature of threats as they continually evolve.
Sr. Research Director
Author ESET Research, We Live Security