Today, the Bipartisan Policy Center hosted a mock cyber attack called Cyber ShockWave, simulating a meeting with the National Security Council (Michael Chertoff played the chairman of the NSC) and how it would respond to a major attack.
The attack simulated a widespread attack, infecting telecommunications and IT infrastructure throughout the US. The simulated attack was debilitating and widespread, leaving much of the US’ telecom and IT infrastructure offline for an extended period of time.
The event featured a number of former US government officials who played the part of senior members of the NSC. The exercise sought to examine how the NSC would react to a major cyber attack in real time.
The exercise was set in 2011. After the US experienced a series of natural disasters, a popular smart phone application turns out to contain embedded malware and causes a cascade failure in communications and information networks. Later in the exercise, parts of the power grid are taken offline via cyber attack.
During the exercise, simulated attacks included an electronic stock exchange being disabled, disrupted telecommunications, and the Internet being taken offline, along with widespread power outages along the Eastern seaboard. The event dramatized the difficulties in dealing with attacks coming from cyberspace, including attribution of responsibility and the pursuant legal quagmire.
In cyberspace, subterfuge is made much easier and plausible deniability is easy to achieve through dummy IP addresses and remotely controlled networks of “bots” (hijacked computers) can act as surrogate attackers. At the close of the exercise, John Negroponte, the first US Director of National Intelligence and playing the role of Secretary of State in the exercise, said “attribution was one of the hardest issues to deal with.”
In the exercise, while a server hosting the attack appeared to be based in Russia, the developer of the malware program was actually in the Sudan. The source of the attack remained unclear throughout the event.
Because of the difficulty in attributing responsibility, the exercise highlights serious challenges to international diplomacy. If the US were to take action against a server based in a foreign country that appears to be leading the attack, what happens if a hacker uses US servers to attack China or Russia?
A number of participants advocated for the DoD to defend not only defense networks but also critical civilian infrastructure. Fran Townsend, former Assistant to President George W. Bush and mock Secretary of Homeland Security for the event, spoke in favor of ceding Homeland Security’s cyber responsibilities to the DoD and supporting them in a ‘homeland defense’ model.
Ultimately, the attack illustrated the need to establish firm guidelines and practices before the US comes under attack, as well as the need for sound doctrinal definitions of what constitutes an act of cyberwar and the appropriate response.