[ISN] Government simulates national attack on computers, banks, utilities

From: InfoSec News (isn@private)
Date: Tue Nov 25 2003 - 00:06:42 PST

  • Next message: InfoSec News: "[ISN] VA has new security program"

    http://www.guardian.co.uk/uslatest/story/0,1282,-3427322,00.html
    
    By TED BRIDIS
    AP Technology Writer
    November 25, 2003 
    
    WASHINGTON (AP) - The Homeland Security Department's first simulation
    of a terrorist attack on computer, banking and utility systems exposed
    problems with the ways victimized industries communicated vital
    information during the crisis, the government's new cybersecurity
    chief said Monday.
    
    Experts inside government and the Institute for Security Technology
    Studies at Dartmouth College are still formally evaluating results of
    the so-called ``Livewire'' exercise, carried out over five days late
    in October. It simulated physical and computer attacks on banks, power
    companies and the oil and gas industry, among others.
    
    ``There were some gaps,'' said Amit Yoran, the newly hired chief of
    the agency's National Cyber-Security Division. ``The information flow
    between various sectors was not as smooth as we would perhaps have
    liked.'' He assessed government's performance as ``certainly a B+,
    better than my personal expectations.''
    
    Yoran said mock attacks during the exercise tried to broadly disrupt
    services and communications across major industrial sectors, enough to
    make consumers to lose economic confidence. It modeled bombings at
    communications facilities outside Washington and cyberattacks aimed at
    companies and other networks.
    
    Even before the Sept. 11, 2001, terror attacks, the government
    organized its cyber-protection efforts around early-warning centers
    operated separately by banks, water utilities, technology companies
    and the electric industry.
    
    But critics have long pointed to problems with the ways that these
    centers exchange information with each other, making it far more
    difficult for banks to describe their internal problems with a power
    utility than with other financial institutions that also may be under
    attack.
    
    Yoran said that in some cases, the exercise exposed problems as simple
    as uncertainty about which companies and industries can be contacted
    in the middle of the night with urgent information about an ongoing
    attack; most mock failures occurred during the day.
    
    In some cases, victim companies weren't told explicitly about an
    attack; organizers might send them clues, such as e-mails purportedly
    from customers who mysteriously couldn't access their bank accounts.
    
    Yoran said the exercise affirmed that troublesome interdependencies
    exist throughout the nation's most important systems. A broad power
    outage could also bring down key telephone or computer networks,
    disrupting repair efforts.
    
    Homeland Security officials said it was the first large-scale exercise
    carried out with the agency. Officials at the National Security
    Council and departments of Defense and Treasury also were involved.
    
    -- 
    
    On the Net: 
    Homeland Security Department: http://www.dhs.gov/ 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Nov 25 2003 - 03:05:31 PST