Mock Cyber Attack Shows US Unpreparedness

An anonymous reader writes with word that the outcome of the large-scale cyberattack simulation promised a few days ago isn't too rosy. From the Help Net Security article: "During the simulated cyber attack that took place yesterday in Washington and was recorded by CNN, one thing became clear: the US are still not ready to deflect or mitigate such an attack to an extent that would not affect considerably the everyday life of its citizens. The ballroom of the Washington's Mandarin Oriental Hotel was for this event transformed into the White House Situation Room, complete with three video screens displaying maps of the country, simulated updates and broadcasts by 'GNN,' an imaginary television network 'covering' the crisis."

hmm

[Pojut]

simulated updates and broadcasts by 'GNN,' an imaginary television network 'covering' the crisis.

Gotham News Network?

Re:

[0racle]

Well, the town did need an enema.

Re:

[Obfuscant]

I'd say it's time for the US to stop relying on Shock and Awe Terrorism and be a good neighbour for a change, but that wouldn't be true.

That's right, it wouldn't be true. The US has been a good neighbor since it formed.

If you don't think so, the taxpayers here would surely appreciate you all returning the billions of dollars in foreign aid that we've been handing out for generations. It seems a mite hypocritical to complain about the lack of "neighborliness" of the US while holding your hands out for the

Re:

[TubeSteak]

If you don't think so, the taxpayers here would surely appreciate you all returning the billions of dollars in foreign aid that we've been handing out for generations. It seems a mite hypocritical to complain about the lack of "neighborliness" of the US while holding your hands out for the money and other aid we dish out.

US foreign aid dollars are mostly a quid-pro-quo or negotiating tool.
We certainly don't do it out of the goodness of our hearts.

Re:hmm

[Obfuscant]

US foreign aid dollars are mostly a quid-pro-quo or negotiating tool.

Yeah, because we get SO much back from our investments in third world countries. Mostly it's "stop attacking your neighbors and we'll give you more food and money", neither of which gets where it's supposed to go because the rulers are pocketing it.

We certainly don't do it out of the goodness of our hearts.

Considering that we don't have to do it at all, don't look the gift horse in the mouth. And then let's talk about the billions in private charity in addition to the billions in taxpayer provided charity, all of which is "goodness of our hearts."

Re:

[vegiVamp]

Sorry, I never saw (or needed) any of your charity, being in the EU. I do see you lot forcing security theatre on my air travel, trying to get to my private banking data with SWIFT exchanges (that fortunately got blocked off by the European Commison), and more such shenanigans. I'm not even mentioning you lot giving us McDonalds and KFC.

Get off your high horse, and stop thinking you're the mecenas that keeps the world alive.

Re:

[paeanblack]

Sorry, I never saw (or needed) any of your charity, being in the EU

One of the most defining national characteristics of the USA is our ability, for better or worse, to very quickly forget our own past...to move on without a collective guilt or remorse for past mistakes.

The fact that you, as a EU resident, can so quickly forget the massive amounts of charity funneled into Europe through the Marshall Plan only 60 years ago means that in your haste to disdain McDonalds and KFC, you've rejected one of the most

Re:

[vegiVamp]

Granted, my grandfather did see you lot. It's interesting to note, though, that had you not been afraid to get your feet wet until everyone's favourite austrian had Europe pretty much covered, the Marshall plan might not have been necessary at all.

Re:hmm

[e2d2]

Galaxy News Network, with Three Dog HOOOOWWWWWL.

Re:

[G2GAlone]

They said cyber-attack, not an apocalypse :-D

Re:

[camperdave]

They said cyber-attack, not an apocalypse :-D

Cyber - Cerber [wikipedia.org] Easy mistake to make.

Re:

[kipd]

Same thing to me!

Re:

[mhajicek]

What was that? Your signal was a bit weak...

Re:

[bsDaemon]

Or, a nod to some future Google cable news channel, referenced by NSA employees "in the know" when they were writing the scenario? Hmm...

Re:

[Anonymous Coward]

Google News Network? Yes, what about it?

Oups, you guys are from 2010... I said too much already.

Or worse

[twoallbeefpatties]

If they were being attacked by spammers and DDOSers, they might have been getting coverage from GNAA.

Re:

[grahamsaa]

Guerrilla News Network

I'm Not Worried

[RobotRunAmok]

Nobody who does anything remotely important or meaningful with computers would ever use the prefix "cyber" in any shape or form. It's clearly just some misdirection being carried out by a D.C. PR/Marketing firm retained by the DoD to keep the Chinese off-balance.

Re:

[rubycodez]

I'm a former CDC Cyber 170/875 and 175 programmer, you insensitive clod.

Re:

[stefanlasiewski]

If you think the use of the word 'cyber' is bad, check out this video promoting "Cyber ShockWave". It's produced by Bipartisan Policy Center, the organizers of the event.

The video is like something out of a bad action movie.

http://www.youtube.com/watch?v=8xpV5JjnEdE [youtube.com]

Oh - of course its not

[Monkeedude1212]

This way - the demonstration shows that they need to implement more "Security Features" that encroach upon the rights and freedoms of the average American.

Re:Oh - of course its not

[TheKidWho]

Or maybe they're actually not prepared for a cyberattack?

Nono, the man is trying to stick it to us obviously.

Re:Oh - of course its not

[BobMcD]

Why not both?

Re:Oh - of course its not

[Monkeedude1212]

There's a lot of things they aren't prepared for. They beef up airline security while neglecting the security of pipelines in Iraq and Iran. They worry about polution but don't stop the corporations from doing so.

I'm not saying that they aren't NOT prepared - just that this is going to be abused beyond all recognition. Like how they weren't prepared for a terrorist attack and now I can't bring more than a litre of liquids onto a plane. However - none of that stops guys from setting off bombs in their pants.

Re:

[FriendlyLurker]

Why do you hate America so much? [urbandictionary.com]

Think of the inter-tubes!

Re:

[vxice]

I thought it was much less than a liter that you could bring one. Wasnt it like 3oz. Also in the USA today they talked about a plan to deploy portable bomb detectors in the terminal to randomly screen passengers.

Re:

[Cimexus]

I fly to the US very regularly from my home country (Australia). The rule is that you can bring up to 1L total, but are limited to 100 mL for each ~individual item~.

So I can bring 10 separate 100 mL bottles of shampoo on, but I can't bring that same amount of shampoo on in a single 1L bottle. Basically, each item has to be = 100 mL, and all the items have to fit in a single 1L ziplock sandwich bag.

In the US they refer to it as the 3-1-1 rule, which is a wonderfully confusing mix of metric and imperial units

Re:

[Mashdar]

Rules don't stop people from setting off bombs in their pants. People stop people from setting off bombs in their pants.

Re:

[maxume]

Yeah, the U.S. really hasn't lived up to its commitment to secure Iranian energy infrastructure.

Re:

[RichardJenkins]

none of that stops guys from setting off bombs in their pants.

Guy at work does this all the time, it's disgusting. Oh, wait...

Re:Oh - of course its not

[bill_mcgonigle]

Or maybe they're actually not prepared for a cyberattack?

Or maybe it's not possible for the government to defend against a well-planned cyberattack without also giving the government the ability to shut off arbitrary Internet connections? And that would be bad, m'kay?

We have good network operators. They can handle this.

If the government really wants to help, why don't I ever hear any PSA's about turning on your software updates and not being conned by 'Click here to see kittens and get money' spam? Why don't they pay Microsoft to develop a yum/apt-like update mechanism for their OS (that 3rd parties can access)? The other articles said 80% of attacks last year are from people using old versions of Acrobat - that's a solved problem in computing.

Re:Oh - of course its not

[Arthur Grumbine]

I found this on floor after you left. Do you need it? ---> </i>

Re:Oh - of course its not

[Anonymous Coward]

I found this on the floor after you left. Do you need it? --> the

(Couldn't resist.)

Re:

[poetmatt]

you missed it. Not prepared for a previously announced cyberattack.

Re:

[drachenstern]

Obviously... Someone ask the GP if he donned his tinfoil hat...

I'm curious if we can get a play-by-play of what happened during the day, rather than just a report of after the fact. Surely it wouldn't help the bad guys that much, would it? I'm curious how they determined that they're unable to respond quickly or correctly enough. The article posted seems to indicate this was as much a think-game as it was an actual exercise.

I should think actual panic would induce the cell-networks and governors (amongst ot

Re:

[Monkeedude1212]

Obviously... Someone ask the GP if he donned his tinfoil hat...

Don't be ridiculous, thats to keep the aliens out of my head. The government uses the fillings in my teeth as a radio transmitter for my thoughts.I lined my ski mask with Lead.

I should think actual panic would induce the cell-networks and governors (amongst other groups) to actually concede the control they may not otherwise concede, especially when it's a wargame and the parties involved aren't the real parties.

Yeah - After actually reading the article, it seems like it isn't to suggest that we aren't technically secure - more that the structure of power isn't secure. However, I'm sure in an actual scenario, people would concede control, and if not, other people might step over their bounds if they understood it as a real emergency. If the a

Re:

[drachenstern]

I tend to think of it not as "if an attack were imminent" but rather "if the country was being seiged or invaded". We're constantly under threat of imminent attacks of all sorts, this is why we have standing army, police and others. But I know what you mean.

As for the fillings, that only works for them if you have lead fillings, no? ;)

Re:

[mcgrew]

Or maybe they're actually not prepared for a cyberattack?

They never saw Die Hard IV? Sheesh...

Re:

[rtb61]

The best defence against cyber attack from the internet, if it doesn't need to be connected to the internet then don't bloody connect it. Next up, if it is only marginally more expensive and a little inconvenient if it isn't connected to the internet, the don't bloody connect it.

Modern day logic is parallel networks, internal secure and wired with it's own interactive devices and completely separate external wireless or wired network (dependent upon existing EMR loads within the working environment bette

Re:

[elrous0]

Of course, it was organized by a bunch of Bush neocons. But its primary purpose was to make Obama look weak on security, so every moron in America will piss their pants in fear and check "R" on the ballot in the next election.

Admin password

[Deflagro]

Did they change the admin password on the NT boxes they use yet? Doesn't the gov't have an I/T czar or something now? Good job sir.

Re:

[AP31R0N]

The opposite of progress would be regress.

The con means 'with' or 'together'. Not against.

Cute joke though, bro.

Hey what do you know!

[Anonymous Coward]

Another reason to take more of our civil liberties in the name of 'national security'

Meh, more likely..

[msimm]

More likely big, pointless hardware and software purchases. If you know anyone who works in government the words marginally competent might be a flattering way to describe their business processes. As the professional IT person in my family I find myself regularly horrified by civilian-army family members describing their IT departments (and generally working environment). Did you know ex-military applicants take priority over more qualified non ex-military applicants? And that's not even touching on the ra

Why.

[SlashDev]

.. would the U.S. Government release results of an attack simulation is beyond me....

Re:

[megamerican]

So when they launch a false flag attack on the internet in order to shut it down and censor it they can have a report and say, "See, we told you!"

Re:

[phantomfive]

I used to think there were two groups of paranoid-insane people in the US, those who believe that 'they' were manipulating people in high places to confirm that Obama was born in the US, and those who believe that 'they' were behind the 9/11 attack.

Now I think there is only one group of insane-paranoid people, the ones who believe in 'they.'

Re:

[Chyeld]

They want you to think that, yes they do.

Re:

[phantomfive]

Yeah, but these people aren't faceless, they aren't nameless. The president of the CIA has a name, the leader of the republican party has a name, the members of the PNAC are publicly known, and they made their goals clear. There is no hidden Moriarty pulling the strings of the criminal world. Even the leaders of historical secret criminal organizations that actually existed, were known long before they've been convicted, the Mafia, Al Capone, the Zetas. The leader of the Mossad is public information. T

Re:

[moreati]

There is no hidden Moriarty pulling the strings of the criminal world.

Yes, I agree with this man

Re:

[Unoti]

Flip it around then. Do you actually believe that the government of the US does the will of its citizens? Really?

Believing that is at least as near-sighted and weak in critical thinking as believing that there are powerful forces at work behind the public faces of the government. The government does the will of rich lobby groups, and the consent of the people is bought through marketing, secrecy, and deception.

Re:

[phantomfive]

Rich lobbyist groups are citizens too.

I mean, it's tautological that powerful people have more power, but it's not like this stuff is hidden. Lobbyists have to register, you can find out who they are, and if they are able to get their way because the rest of the people aren't paying attention, then whose fault is that? The US government does the will of the people to the degree that the people pay attention.

Re:

[mypalmike]

Why.... would the U.S. Government release results of an attack simulation is beyond me....

The U.S. government was not involved. The "simulated attack" was essentially a play put on by a non-profit organization, the "Bipartisan Policy Center".

Re:

[elrous0]

the "Bipartisan Policy Center".

...or as it's better known "The Republican Party."

Re:Why.

[characterZer0]

"All warfare is based on deception."

-Sun Tzu

Re:

[Lord Ender]

Politics is the reason. It's hard to get funding (for something like increased IT spending) without politics.

Duh!

[RyanFenton]

Security is almost by definition an illusion - by making information accessible to someone, you make it potentially available to anyone. Completely enforcing security ideals to a logical extreme would result in complete paralysis, depleting enormous resources along the way (see: the cold war). If you want to keep anything secret, you have to limit its use, and limit the amount of things you keep secret - otherwise the cost of maintaining that secret status becomes prohibitive and unrealistic.

It's the same thing with 'virtual borders' as it is with real borders - you can't keep eyes, or even cameras, or even CPU cycles going on all potential borders. It just won't work - you have to observe effects and target responses, use honeypots and similar tactics, and marshal your resources to minimize the effects of breaches. Better yet, improve relations and economies on both sides of the border, and make such breaches meaningless while still enforcing your limited security goals - you'll be serving all your underlying motivations at the same time.

Then again - security always seems to be a 'temporary' thing, that happens to almost always be escalating. Don't you love your family enough to own the latest and greatest killing machine? Inside most real life monsters lies the desire for securing safety for one's interests - with the lines of priorities drawn right through the property/face of someone else. That's not something we're likely to be getting over anytime soon, conflicting interests, and aggressive 'defense'.

Ryan Fenton

Re:

[Monkeedude1212]

Better yet, improve relations and economies on both sides of the border, and make such breaches meaningless while still enforcing your limited security goals - you'll be serving all your underlying motivations at the same time

Truer words have never been spoken. Instead of treating everyone like an enemy, try making everyone a friend.

Re:

[Mashdar]

One. Time. Pad. [wikipedia.org] Seriously, though. That's truly secure. Unless you catch the guy with the other pad before he burns it.

Re:

[Gitcho]

Better yet, improve relations and economies on both sides of the border

i think he's right ... you know, I wonder how much security we would need if we did things like practice what we preach, swallow our pride every now and then, admin we screwed up when we do? Bad example: (not that Canada is the model country by any stretch) part of the reason we don't *need* a huge military force is because lots of countries *like* us.

Re:

[SlashDev]

"by making information accessible to someone, you make it potentially available to anyone" Anyone who has the equipment to access that information that is. The Internet was invented by DARPA and eventually given to mass population. The government needs to have their own private secure network that is only accessible with proprietary equipment and software.

Re:

[hey!]

Not to dispute your observations, which I agree with but you can say *anything* is an illusion if you choose a sufficiently constrained definition of it.

What you are talking about is the "all or nothing" model of security, where security is regarded as a property a system either has or does not have. Any system that a determined adversary can undermine is "not secure", and of course a determined adversary (one willing and able to engage in black bag jobs and human intelligence operations) is capable of pen

Re:

[_Sprocket_]

Security is almost by definition an illusion - by making information accessible to someone, you make it potentially available to anyone. Completely enforcing security ideals to a logical extreme would result in complete paralysis, depleting enormous resources along the way (see: the cold war). If you want to keep anything secret, you have to limit its use, and limit the amount of things you keep secret - otherwise the cost of maintaining that secret status becomes prohibitive and unrealistic.

...

Then again - security always seems to be a 'temporary' thing, that happens to almost always be escalating. Don't you love your family enough to own the latest and greatest killing machine? Inside most real life monsters lies the desire for securing safety for one's interests - with the lines of priorities drawn right through the property/face of someone else. That's not something we're likely to be getting over anytime soon, conflicting interests, and aggressive 'defense'.

The problem is the mis-perception that security is a final goal or destination; that one becomes "secure". The reality is that security is a process. Key parts of that process is identifying threats, determining the level of risk attributed to a threat, determining which threats can be mitigated, and then doing so. The trouble is that we generally aren't very good at this. We don't always continually look for threats. We have a hard time identifying real risk. And in doing so, we often either ignore r

Re:Duh!

[Lord Ender]

Holy bad analogies, batman!

I know slashdot loves bad analogies, but this you the cake. IT security is most certainly not an illusion. It is very real. With no IT security, an kid halfway around the world could steal your data and sabotage your business on a whim. With well-funded, well-implemented, and fully-staffed IT security programs, it would take a dedicated, big-budget espionage operation to ruin you. And even then, such things would likely be detected and contained.

If you call that difference illusionary, you've got vision problems.

I don't quite understand 'how' this was simulated

[zero_out]

After reading the article, I'm still not sure how this was simulated. Was it basically a situation where a bunch of agency heads sat around, were given a scenario, and asked 'what would you do'? Was this a test of department decision making, or an actual test of doing something? I'm just having a hard time understanding the 'format' of this simulation.

Re:

[Monkeedude1212]

Nothing really technical was simulated. You've got the right idea. A bunch of people sat down, each were sat down and told their duties and the scenario. Ready set go, collect the end result.

creepy

[Sprouticus]

The thinking that came out of this was creepy. giving the feds the ability to shut down cell phone network autonomously? Giving them the right to nationalize the national gaurd? I dont think so.

They cant be serious.

The only decent quesitons in the article was

1) How do you respond if the servers are foreign soil.
2) How likely is it to happen

the big one they failed to ask is

1) How the hell does a piece of malware jump from cell phones to cell NETWORK hardware to the internet?

Re:

[bsDaemon]

the department of defense can already take control over the national guard if necessary, though typically they are under the authority of the governor and attny general of their home state. There are a bunch of Guard units in Iraq right now, for instance. The cell phone network thing is a tad bit troubling though, yes.

Re:

[Sprouticus]

Can they do this without permission from the governer though. Unless I miread the article (Im new here) they are 'concerned' that a govener may not give them such permission.

Re:

[Ohrion]

I agree and had the same thoughts. I'm going to assume this malware was flooding the cell network, much like the Melissa virus years ago "crippled" networks.

Led by Negroponte and Chertoff? Pass the salt.

[bughunter]

While I don't disagree that we could do more in the area of computer security, one needs to look closely at the affiliations of the people running this "exercise."

They're both loyal Neocon insiders. John Negroponte [wikipedia.org] is the former Bush Director of National Intelligence. Michael Chertoff [wikipedia.org] is the former Director of Homeland Security, and co-author of the Patriot Act. And both of these positions were just the last in a string of appointments by Bush/Cheney.

And as career neoconservatives, they've been at the forefront of fearmongering and prevarication in order to lead the US to war and erode civil liberties. These are not opinions, these are well-documented facts [google.com].

The neocons are a one trick circus; this is just their newest pony. If you've been paying attention the past nine years, how can you possibly doubt that this is anything else?

Re:Led by Negroponte and Chertoff? Pass the salt.

[bughunter]

Ugh. And Michael Hayden [wikipedia.org]. Bush's chief wiretapper.

Please. These people are among the threats we need security from.

Re:

[bertoelcon]

You group up with some people you know and all camp out in one house for mutual defense.

Re:Led by Negroponte and Chertoff? Pass the salt.

[hoggoth]

> You are going to need security from the MS13 punk who lives down the street from you when the power grid has been down 1-2 days.

On August 14, 2003 the power grid was down for 1-2 days. I didn't see any punks looting or attacking. But my neighborhood did come out of their houses for once and everyone got to meet each other. The kids got to know each other and had a great time playing instead of hiding inside from the big bad world. We made lasting friends and the neighborhood has been better for it in the years since that.

Stop fear mongering.

Re:

[Anubis IV]

Seriously. I was in south Florida when Hurricane Andrew hit back in the early '90s, and while my family was fortunate not to have been in the direct path of the storm, we knew people whose houses were gone or whose electricity was out for weeks. To this day, I remember one of those people telling me about how wonderful it was to be out of electricity for so long since they it really helped the entire neighborhood bond together in a way that they never would have otherwise.

Similarly, my family was living

Re:

[hoggoth]

From Wikipedia:

"Power outage

The ice storm left more than 700,000 people without power in and near the Appalachians, including 630,000 customers in Georgia, 358,000 in South Carolina, 328,000 in North Carolina and 13,000 in Virginia. It took over a week to restore power. Several emergency shelters also were opened.[5][6] Electricity was not restored in many places until 20 December 2005, by which time one death was blamed on the outage.[7]"

Yeah, sounds like mass murder rampaging across the nation. Not.

Re:

[hoggoth]

You first, my dear Gaston.

Re:

[toastar]

What did i do with that mod point?

Re:

[Ohrion]

Yes seriously, the mods could spend all their points in this slashdot article very quickly.

Re:

[elrous0]

I wish I could mod you to +6. This "exercise" was nothing but a partisan attempt to embarrass the Obama Administration, scare the American people, dupe the press, and justify a bunch of heavy-handed neocon anti-civil-liberty measures. Its outcome from forgone before the day even began.

Re:

[ibsteve2u]

I agree; my initial impression upon reading the list of participants was that it was a neocon reunion.

Besides, they're sorta-kinda fibbing (ok, they're lying).

If we did get the U.S. of A. sufficiently hardened - to include all internet users in the nation ('cuz who knows what super-secret intelligence a g'ment worker would put on his or her home system), then three things would happen:

1. People who think like the participants in this exercise would demand that everybody have a "backdoor" so the g'ment can s

Not Too Rosy

[AP31R0N]

That's good. If it was too rosy that would be a bad thing. Just like we don't want pizza that is too hot or too cold.

Authoritarian Theater

[Bob9113]

Regarding a possible shutdown of the cell phone and Internet service to prevent a cascading effect, the group found out that federal agencies actually don't have the authority to do so, and that companies providing these services might be unwilling to do it when asked.

Another thing that might prove to be an issue is the Governors' reluctancy to put their power in the hands of the federal government, which would possibly lead to a nationalization of the National Guard.

Federal Times reports that "Attorney general" Gorelick mused on the idea of introducing laws that would allow the government to seize broader power for the time it takes to suppress a nation-wide cyber attack.

A simple two step plan for advancing authoritarianism:

1. Scare People
2. Seize More Power

What, precisely, would lead us to believe that the Federal government is sufficiently adept at cyber-security to improve upon the staged outcome of this theatrical "attack"? I want better cyber-security and think it is important, much like health care. I do not, however, believe that our government has the skills, the lack of corruption, the honor, or the honesty to do it well. Much like health care.

Tell me, fear-mongers, what you are going to do to solve the problem. Not just a thousand pages of blather within which to hide giveaways to key lobbying groups. Real solutions that the information science and economics communities can scrutinize. If you cannot provide that, you are just asking for power. You are taking liberty with a vapid hint that maybe it will help security. Nay, not even that -- you are taking liberty by shouting fire in a crowded theater.

Bullshit. Start by presenting the solution. Shove your fear-mongering up your ass.

And as for you CNN: You should be ashamed for being their puppet. Sacrificing your journalistic integrity at the alter of the exclusive. What will your pretty shock-graphic story title say? How about: "Cyberwar: Public at Peril"

Re:

[zero0ne]

If CNN didn't get the exclusive, you can guarantee that some other puppet media company would have.

If it wasn't exclusive, I am guessing (maybe hoping is a better word?) there would be a few reporters asking the same questions you are.

Re:

[dachshund]

I do not, however, believe that our government has the skills, the lack of corruption, the honor, or the honesty to do it well. Much like health care.

Just to clarify, the government isn't proposing to offer health care--- it's proposing to mandate people to buy insurance policies from private insurers, who will in turn be limited in who they can reject. There will also be some subsidies involved.

Cyber security, on the other hand, requires the government to do a lot more than write a check.

Re:

[Bob9113]

Refactoring a job needing Brooks' infinite asymptote of manpower into doable parts still leaves a set of tasks that only Boeing or IBM or EDS or Microsoft or Uncle Sam can do.

Network security is that sort of huge, huge mess. And thanks to exponential growth on existing infrastructure predicated on designs that are insecure, it is worsening, not improving.

Compare and contrast the network security capabilities of great, big, coherent Microsoft with those of tiny, fragmented, Linux and BSD.

Big does not always

Did anyone with technical knowledge participate?

[grandpa-geek]

Looking at the list of participants, they seem to be all policy/political types. Was anyone with technical knowledge involved? My observation of the policy/political types is that their knowledge is so sketchy, vague, and reasoned by analogy (e.g., "collection of tubes") that they can't be depended on for anything technically accurate or definitive.

This event looks like it might have been hype for the purpose of motivating funding.

This is actually very comforting

[phantomfive]

If you look at the simulated attack they used:

the faux attack began with malware masquerading as a free March Madness application for smartphones. Once activated, it spread fast and first incapacitated cellphone networks, then landlines, the Internet, and finally - aided by mock bombs exploding in a couple of gas pipelines and power stations and a hurricane hitting the Gulf Coast - brought the entire East Coast electrical power grid to its knees. Air traffic was thrown into disorder and commerce came to a standstill.

Ignoring the practical difficulty of bringing down a cellphone network AND the entire internet with a free March Madness smartphone application, notice that for an internet to have any real effect, they needed to include bombs exploding gas pipelines and power stations.......and a hurricane.

In other words, if you bomb things in the US it can cause problems. Seriously, we have thousands of miles of unprotected power lines across the country......some well plac

Re:This is actually very comforting

[vlm]

some well placed bombs could knock the power out for a lot of people really quickly.

The interesting thing is that bombs don't do "much" to power lines. A "sooper soaker" three man sling shot, a couple dozen lengths of chain, and a substation, now you're talking. Transmission towers and cutting torches don't mix very well either.

I have this jewish friend, real jewish like cousins in Israel type of jewish. Anyway, he explains that real terrorists do about a hundred attacks against structures for every time they hit people. Broken glass, molotov fires, graffiti, cut wires, etc. Thats because you never know when a person will whip out an uzi and fight back (well, actually, in the gun control areas in the us, you know they're sitting ducks), but aside from darwin award winners, structures never fight back. Thats how I've always known the "terror threat" in the US is bogus, because no one ever hits our structures.

Now, if we were sitting in the dark, with no water or sewers, no radio or TV, no gas stations, no natural gas, all shop windows broken, all forests on fire, then I'd believe we are under a real terrorist threat... But when its just Reichstag fire acts followed immediately by passage of enabling legislation, followed within a couple years of invasion of multiple innocent countries...

Re:

[account_deleted]

Comment removed based on user account deletion

TERROR !

[CmdrGravy]

Yeah, ramp up that TERROR, turn the dial to PANIC !

Are you scared yet citizen ? Are you ...

Mock cyber attack == Real media circus

[drinkypoo]

This was not a mock cyber attack, but in fact it was a media event hosted by the U.S. government.

1. "The entire scenario was thought up by Michael Hayden, the former CIA Director" — 'nuff said.
2. "A bevy of former top US officials were given various roles to play" — note that none of these people were the actual officials playing themselves. Thus this "test" proves nothing.
3. "a free March Madness application for smartphones. Once activated, it spread fast and first incapacitated cellphone networks, then landlines" — You shut off the cellphone networks and this problem ends. And given how crap they are, they'll probably go down by themselves before they actually take out the land lines. Further, military communications (including governmental backups) are not dependent on either.
4. "aided by mock bombs exploding in a couple of gas pipelines and power stations" — What does this sentence even mean? Mock bombs exploding does nothing except make smoke and a noise. Mock bomb attacks on these items takes this out of the realm of a "cyber" attack.
5. "When the servers serving the malware were "discovered" to be located in Russia, "National Security Advisor" Chertoff immediately began inquiring about the possibility of shutting them down and the implications of such an action." — But since there's only a few choke points for traffic to enter the country, this is a stupid and deliberately provocative question to ask. Anyone suggesting doing this in the event of an actual attack should be eliminated from the chain of command for incompetence immediately.
6. "Regarding a possible shutdown of the cell phone and Internet service to prevent a cascading effect, the group found out that federal agencies actually don't have the authority to do so," — So what? That's what declaring a state of emergency is for. Then they "magically" get the authority for the duration of the emergency.
7. "Another thing that might prove to be an issue is the Governors' reluctancy to put their power in the hands of the federal government, which would possibly lead to a nationalization of the National Guard." — If the federal government doesn't have any power, how would that help anyway? To create a larger clusterfuck? Also, what does this sentence mean? Which power? Which part of the federal government?
8. "Federal Times reports that "Attorney general" Gorelick mused on the idea of introducing laws that would allow the government to seize broader power for the time it takes to suppress a nation-wide cyber attack." — But since no such laws were needed, the true purpose of this exercise was revealed.
9. "When the "exercise" came to an end, the likelihood of such a scenario was discussed. "Secretary of State" Negroponte declared that the attack seemed very plausible to him." — Because otherwise the whole thing would be revealed as either a direct manipulation or a big jerkoff waste of time, and we can't have either of those things coming out, can we?
10. "Will a real cyber attack of these proportions be required to wake the government up? Probably. In the meantime, war games such as these can start the ball rolling into the right direction." — And apparently that direction is towards greater fascism.

Seriously, this is the prelude to new legislation that will in practice be used to justify terminating all kinds of service to clamp down on free speech, in the name of prevention of terrorism. And if you try to discuss it, you'll just lose your connection to the internet. When will we wake up and build a mesh network permitting an end-run around the Powers That Be?

Re:

[Areyoukiddingme]

When will we wake up and build a mesh network permitting an end-run around the Powers That Be?

Unfortunately, only when the majority of the population has been forced off of the Internet by those Powers That Be.

Mesh networks require a minimum density to function, variable depending on the specific radio communication scheme. Regardless of the hardware, they only work when a lot of people near each other want them, and when the mesh can be tied into the rest of the world. So even more unfortunately, even wh

Re:

[Areyoukiddingme]

Probably because it's software-only and notably less secure than Tor (albeit faster). The post you replied to is asking about hardware and software, not software over the same hardware we have now (that this ridiculous publicity stunt was obviously trying to find excuses to acquire authority over).

not cyber attack

[bugi]

That was a "simulation" of an attack that just happened to have "cyber" elements.

Blissful Ignorance

[Newer Guy]

The United States lives in clueless blissful ignorance of things such as this. We don't care either-all we want are things to be 'taken care of for us'. Bill Maher said something on Larry King last night that really hit home. He stated that the average American is completely clueless-but does know when their leaders aren't leading (as Obama has been doing the past few months-he reminds me more of a college professor then our President).

Re:

[boxwood]

Maybe the US is unleadable. If a liberal says something then conservatives automatically declare it to be completely wrong and goes against American values. If a conservative says anything, liberals declare it to be completely wrong and suspect that its part of some hidden agenda to bring about fascism.

How do you lead a country like this? You suggest improving healthcare and you have people arming themselves and willing to fight to the death against the evil socialist government. WTF? People in the US pick

Re:

[cenc]

Don't forget that the executive branch has in recent years taken to stopping cases going up the chain of appeal so that at least the judicial branch might function. Congress has cut off the funding for the judicial branches at both the federal and state levels, while the attorney generals would rather not fight any case that might lead to a definitive ruling against what the executive branch wants to do.

So the U.S. has three of its four branches completely clipped. You ask what is the forth branch? The Fed

Re:

[jeffmeden]

But Which CNN was it? Ted Turner's? Rupert Murdoch's? Bill Gates'ss? How will I know the appropriate de-spin to apply to turn the report back into reasonable information?

Re:

[cenc]

Yea, I was just thinking the plot sucks so bad I would not even pay to see the movie.

A real "cyber" whatever that gets the United States will likly be very very slow. So slow no one will bother setting up a command post. It will happen over days, weeks, months, and possibly years. It will cripple our ability to communicate by clogging computers and networks all around the World. In fact, it will kind of look like, well, spam.