Simulated Hack To Test US Government Response 73
superapecommando writes "Security industry analysts and lawmakers will get an unprecedented chance next week to evaluate how the government might respond to a hack attack on critical infrastructure targets.
The Bipartisan Policy Center, a Washington-based non-profit established in 2007 by several lawmakers, will host a simulated nation-wide cyber-attack next Tuesday for a group of former administration and national security officials, who will be playing the roles of Cabinet members."
Re:Use it as cover! (Score:5, Insightful)
not only that, but knowing a hack is coming is not exactly realistic.
I'm sure the results will say "we're well prepared for a hack" even though reality proves otherwise.
Simulation of the results follows (Score:3, Insightful)
Re:Use it as cover! (Score:3, Insightful)
not only that, but knowing a hack is coming is not exactly realistic.
Indeed. They should launch the simulation without warning on Sunday or Monday and see how prepared they really are. ;)
Neither the attack nor the response is realistic (Score:2, Insightful)
Re:Use it as cover! (Score:4, Insightful)
From reading TFA I'm fairly sure no pen-testing will be involved.
By the look of it it's going to be a beurocratic drill rather than a technical one.
No actuall hacking, just a load of suits in a room being given fictional reports of the progress of the "cyber attack" against them.
They pretend to know anything at all about it, they make fictional descisions and then some consultants go over it all afterwards with them and try to guess which chocies wouldn't have been good ones had it been a real situation.
Re:Simulated? (Score:3, Insightful)
That's kind of an extreme position, don't you think?
Just because an unannounced drill is useful, doesn't mean announced drills aren't useful. For one thing, you *can't* do realistic drills of some scenarios. Some reactions to emergencies kill people. Clog the roads with emergency vehicles and panicking people and rush most of your EMTs and ambulances to the "disaster" site and people who need to ride in an ambulance for real suffer. Shutdown the airport for a few hours and somebody might not get his heart transplant.
People and groups learn by being stretched, and of course an unannounced drill stretches people, but sometimes when people are very poorly prepared they don't learn anything from abject failure. If *nothing* works, then you get a useless emotional reaction. If you give people a chance to prepare, you can get them to think about the general parameters of what an effective response would be.
Not everything in a drill people know is coming has to be expected. So you got your workers out there, and then you say, "OK everyone, the UHF radios have stopped working," or "You can't get any blood plasma from Mount Sinai because they're full up with casualties," or "Guess what, this isn't a chemical spill, it's radioactive."
The thing about disasters is that they disrupt normal systems. That's the definition of a disaster. It takes a while to get people trained up to the point where you can throw anything at them and it will be a learning experience.
The ancient DoS attacks: are they really prepared? (Score:2, Insightful)
Who needs a complicated hack when you can use thermite on key interconnections?
2) Lure an insider
Ancient methods that the CIA is still using to gather foreign "intelligence" from their euphemistically called "Agents" (in their respective countries these Agents would be called traitors).
Who can stop a trusted and authorized user with the right privileges from opening ports from behind the enemy lines (aka. firewalls)... when the "bad guys" get him the proper incentive or coersion?
3) Creative Social Engineering
Are they also be implementing policies to ensure that people are not plugging randomly dispersed usb drives with malware? The guy who delivers the mail, the fedex guy, the cleaning personnel, the cable guy, the Verizon guy. Those are valid strategies for everyday black hat hacking.
Now, that is a realistic scenario. Are they really prepared for that?
If I was planning a full-scale attack to the US infrastructures, the old methods would be the first choices.
I can imagine the following happening:
"Sir, when are they gonna start attacking us? We aren't getting any suspicious traffic"
"Ahem, you already have been hacked, training is over".
Re:Chinese Sub (Score:4, Insightful)
Except that article is all fluff and lacking any type of intelligence.
Those were regularly scheduled exercises which take place annually in the exact same spot every year. The FACT is, no one in the military was embarrassed. Period. Only the idiot reporters, who improperly frame it as an embarrassment, have been embarrassed.
This is reality. The Chinese, wishing to cause a publicity stunt, hoping that idiots, which are frequently referred to as reporters, will pick up on a stunt are report on it because one, they are idiots, and two, won't actually check fact their story. And so, the Chinese decide to quietly sit in the middle of nowhere waiting for the US military to come along; as they've done every year preceding for who knows how many years. Sure enough, just like every year before, the US Navy comes cruising along in the exact same area. The Chinese pop up and start cruising toward the highest value target available; a US aircraft carrier. Next, idiot reporter states the military is embarrassed because he's too stupid to realize they are not.
The simple truth is, unless they are able to break US military cryptography, which I very seriously doubt, or if they are planning on a preemptive strike whereby China disappears from the face of the Earth, this is in no way, shape, or form, representative of any type of military action possible by the Chinese.
The Chinese do not pose any credible threat to the US Navy in open waters. None. Not one bit. They do, however, pose a threat in regional, shallow waters, which is why the Navy is pushing so hard to improve their sonar capabilities in that environment.
To summarize, the only people embarrassed by the Chinese are idiot reporters and ignorant masses who believe it speaks to China's Naval capabilities. In reality, it was a completely non-news event and reports and people who ignorantly repeat such stories are nothing but sock puppets for the Chinese propaganda machine; which the US Military is now trying to play to obtain yet additional funding.
Re:Simulation of the results follows (Score:3, Insightful)
I predict that the results will be along the lines that there are some short comings in the responses but overall the results were good enough for most things. Those that conducted the test will be more then happy to assist the targeted agencies shoring up their weak points and improving training for exorbitant prices.
Did you even RTFS?
They've invited a bunch of "former administration and national security officials" to pretend to be Cabinet members at a simulation they've setup at a hotel.
This is a private company inviting private citizens to do some techno-LARPing.
Re:Neither the attack nor the response is realisti (Score:1, Insightful)