Government simulates national attack on computers, banks, utilities

[InfoSec News <isn () c4i org>]

http://www.guardian.co.uk/uslatest/story/0,1282,-3427322,00.html

By TED BRIDIS
AP Technology Writer
November 25, 2003 

WASHINGTON (AP) - The Homeland Security Department's first simulation
of a terrorist attack on computer, banking and utility systems exposed
problems with the ways victimized industries communicated vital
information during the crisis, the government's new cybersecurity
chief said Monday.

Experts inside government and the Institute for Security Technology
Studies at Dartmouth College are still formally evaluating results of
the so-called ``Livewire'' exercise, carried out over five days late
in October. It simulated physical and computer attacks on banks, power
companies and the oil and gas industry, among others.

``There were some gaps,'' said Amit Yoran, the newly hired chief of
the agency's National Cyber-Security Division. ``The information flow
between various sectors was not as smooth as we would perhaps have
liked.'' He assessed government's performance as ``certainly a B+,
better than my personal expectations.''

Yoran said mock attacks during the exercise tried to broadly disrupt
services and communications across major industrial sectors, enough to
make consumers to lose economic confidence. It modeled bombings at
communications facilities outside Washington and cyberattacks aimed at
companies and other networks.

Even before the Sept. 11, 2001, terror attacks, the government
organized its cyber-protection efforts around early-warning centers
operated separately by banks, water utilities, technology companies
and the electric industry.

But critics have long pointed to problems with the ways that these
centers exchange information with each other, making it far more
difficult for banks to describe their internal problems with a power
utility than with other financial institutions that also may be under
attack.

Yoran said that in some cases, the exercise exposed problems as simple
as uncertainty about which companies and industries can be contacted
in the middle of the night with urgent information about an ongoing
attack; most mock failures occurred during the day.

In some cases, victim companies weren't told explicitly about an
attack; organizers might send them clues, such as e-mails purportedly
from customers who mysteriously couldn't access their bank accounts.

Yoran said the exercise affirmed that troublesome interdependencies
exist throughout the nation's most important systems. A broad power
outage could also bring down key telephone or computer networks,
disrupting repair efforts.

Homeland Security officials said it was the first large-scale exercise
carried out with the agency. Officials at the National Security
Council and departments of Defense and Treasury also were involved.

-- 

On the Net: 
Homeland Security Department: http://www.dhs.gov/ 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.