More Must Be Done to Prepare US for Cyber Attack

More Must Be Done to Prepare US for Cyber Attack - top government contractors - best government contracting eventThe United States has experienced a widespread cyber attack, infecting telecommunications and other IT structures throughout the U.S. infrastructure. The attacks have left the U.S. telecom and IT infrastructure virtually disabled throughout the country.

While this is fortunately just a war game, the results are equally scary. Today, the Bipartisan Policy Center hosted a mock cyber attack called Cyber ShockWave, which simulated a meeting with the National Security Council (with Michael Chertoff playing the head of the NSC) and how it would look to respond to an ongoing attack.

The event featured a number of former U.S. government officials who played the part of senior members of the NSC. The exercise sought to examine how the NSC would react to a major cyber attack in real time.

The war game was set in 2011, with the United States coming off a series of natural disasters. An application used in smart phones turns out to have malware installed and leads to a cascading effect on the telecom networks. Later in the exercise, portions of the power grid are taken down through IED attacks.

An electronic trading system is also eventually knocked offline, the telecom sector shuts down and the Internet becomes virtually unusable. Also, power throughout much of the Eastern seaboard is also disrupted. With the electronic trading system offline, a mere 8 hours could cost the US around $9 million.

The event highlighted some of the significant difficulties in dealing with attacks coming through cyberspace. Some of the major issues include attribution and a host of legal implications.

Attribution is commonly perceived as a principle issue with regards to attacks in cyberspace. In cyberspace, it is much easier for individuals or governments to carry out attacks and use misdirection to make the attack appear to emanate from another area. At the end of the exercise, John Negroponte, a former U.S. diplomat playing the role of Secretary of State, said “attribution was one of the hardest issues to deal with.“

During the exercise, a server hosting the attack appeared to be based in Russia. However, the developer of the malware program was actually in the Sudan. Ultimately, the source of the attack remained unclear during the event.

The policy implications of responding to a cyber attack could potentially cause a significant and cascading problem. If the US were to reach out into a foreign country to shut down a server that is causing the attack, what happens when a “˜hacktivist' using US servers conducts a cyber attack against China or Russia? Would they too then have the authorization or justification to respond by shutting down a US server?

The exercise also grappled with the role the military can and should play in the event of any cyber attack. A number of participants advocated for the DoD to actually take the lead role in defending not only the networks but also other aspects of the critical infrastructure. Fran Townsend, former Assistant to President George W. Bush and serving in the exercise as the Secretary of Homeland Security, advocated for ceding her authority to the DoD and supporting them in a “˜homeland defense' model rather than homeland security.

Another point raised during the evolution was that the private sector is not standing idly by watching these attacks occur and doing nothing. The private sector is also looking to combat the attacks against their networks.

“We are going to have to have a war hardened sector,“ said Jamie Gorelick, former member of the 9/11 Commission.

The mock NSC even discussed potentially nationalizing power companies and service providers if they failed to act in the national interest.

Ultimately, in the several hours that the war game lasted, the United States was increasingly beset by attack with little knowledge of who perpetrated it. The exercise revealed the complexities that U.S. policy makers would face in the event of an attack.

Several suggestions for policy makers moving forward is to establish firm guidelines and practices before an attack occurs along with developing sound doctrinal definitions of what constitutes an act of cyberwar and was is considered a legally justifiable response.

You may also be interested in...

GSA Eyes “˜On-Ramp' Solicitation for OASIS Small Business IDIQ's Six Subpools - top government contractors - best government contracting event

GSA Eyes “˜On-Ramp' Solicitation for OASIS Small Business IDIQ's Six Subpools

The General Services Administration has announced plans to issue a solicitation as an on-ramp for the six subpools of the One Acquisition Solution for Integrated Services Small Business contract vehicle. GSA's Federal Acquisition Service said in a presolicitation notice published Friday that it expects to award 30 contracts for subpool 1, 20 contracts for subpool 3 and eight each for subpools 2, 4, 5B and 6 of the OASIS SB indefinite-delivery/indefinite-quantity contract.

SSL to Design Methane Emission Detection Satellite; Richard White Quoted - top government contractors - best government contracting event

SSL to Design Methane Emission Detection Satellite; Richard White Quoted

Maxar Technologies' SSL subsidiary has received a contract from Environmental Defense Fund to design and define requirements for a small satellite designed to detect and monitor methane emissions from oil and gas facilities worldwide. MethaneSAT is a small form-factor satellite that will work to provide high-resolution images to help detect and measure low- and high-emission sources in regions that constitute more than 80 percent of global production of oil and gas per week, Maxar said Thursday

Booz Allen's Sarah St. Clair on Lessons Learned From HR Tech Upgrade Project - top government contractors - best government contracting event

Booz Allen's Sarah St. Clair on Lessons Learned From HR Tech Upgrade Project

Sarah St. Clair, vice president responsible for human resource services at Booz Allen Hamilton, told Diginomica in an interview published Tuesday about the company's experiences and efforts to address challenges associated with upgrading its HR technology system. St. Clair discussed Booz Allen's move to execute the Workday project to manage recruitment operations and mentioned some of the actions the company made to mitigate negative impacts associated with project implementation.