[iwar] [fc:Cyberterrorism.Drill.Set]

From: Fred Cohen (fc@all.net)
Date: 2002-07-26 07:52:14
Next message: Fred Cohen: "[iwar] [fc:Senate.creates.first.responder.tech.team]"
Previous message: Rob Rosenberger: "RE: [iwar] Al Qaeda cyber alarm sounded (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200207261452.g6QEqEU30942@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Fri, 26 Jul 2002 07:52:14 -0700 (PDT)
Subject: [iwar] [fc:Cyberterrorism.Drill.Set]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Cyberterrorism Drill Set
Date:  Tuesday, 23 July 2002
<a href="http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8564">http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8564>

Source:  Federal Computer Week

Story:  Operation Dark Screen to help government, industry prepare for
attacks.

Federal, state and local government officials are partnering with
representatives from the private sector and the utilities community in a
cyberterrorism exercise designed to identify the links between them in
defending ? and responding to ? a cyberattack.

Operation Dark Screen, the brainchild of Rep. Ciro Rodriguez (D-Texas),
is a three-phased exercise that will help all the players involved
better understand their roles in preparing for, recovering from and
protecting the nation's critical infrastructure during a cyberattack.

"A lot of people think about chemical, biological and nuclear attacks,
but very few people think about the cyber," Rodriguez said. "Anyone who
is going to hit us, it's going to be a combination of those."

For example, hackers might infiltrate the computer systems that control
San Antonio's power grid to attempt shutting off electricity across the
city. Officials from the Air Intelligence Agency (AIA) at Lackland Air
Force Base, Texas, after tracking the hackers' movements, would notify
the local utility company, as well as federal, state and local law
enforcement officials, who would apprehend the criminals.

That's how the scenario should play out ? and what Dark Screen will test
? but today, a lack of information sharing and response procedures among
the levels of government and the private sector could mean a victory for
terrorists.

Collaboration is necessary, security experts say, because the private
sector controls 85 percent of the nation's critical infrastructure,
which includes telecommunications, transportation and essential
government services.

A spokesperson for AIA, one of the Dark Screen participants, said the
agency has taken part in numerous military intrusion exercises, but this
is the first time it is participating in a civilian-led exercise
involving so many different groups.

AIA is serving as an adviser to the civilian and community participants
because agency officials feel their participation "will help to improve
the security of the complex infrastructures in the San Antonio area,"
the spokesperson said. "As a community partner and major user of at-risk
utilities, it is to the [AIA's] advantage to assist in helping to
preclude cyberattacks on these valuable assets."

Lessons to be Learned

Dark Screen's first phase, scheduled for September, will be a tabletop
exercise in which a still-to-be-determined cyberattack will be played
out and all participants will respond, said Gregory White, technical
director of the Center for Infrastructure Assurance and Security at the
University of Texas at San Antonio, which is leading the planning and
execution of Dark Screen.

AIA has assumed a leadership role in bringing together various
stakeholders, including representatives from the city, the county, the
Army, the Air Force, the state attorney general's office, the FBI, the
private sector and many others.

The second phase of Dark Screen will focus on applying the lessons
learned from the tabletop exercise, and the third phase, to take place
next May, will be a live exercise using actual attempts to penetrate
networks, White said. He added that the final phase is "greatly to be
defined," but will involve "testing notification and alert chains."

"We can do it on paper, but by bringing everybody together at one time,
we can see who is prepared to do that," White said. "What we do here is
applicable across the nation."

John Pike, director of the nonprofit organization GlobalSecurity. org,
said the exercise was a welcome break from tradition.

The usual all-talk-and-no-action stance on cyberattacks is "rather
strange, given the number of emergency response exercises that are
conducted to anticipate other problems, such as hazardous materials
spills or nuclear accidents," he said. He added that actual exercises
are needed to "rehearse response measures."

The Defense Department frequently conducts exercises in which it pays
companies to penetrate their systems, but Dark Screen will "help
identify the interdependencies and linkages between the different
sectors," White said.

San Antonio officials plan to "review and modify" their infrastructure
security measures based on the Dark Screen findings, said Mike Miller,
the city's emergency management coordinator.

"We hope to identify quick fixes and implement those quickly, as well as
look at long-term issues that will take more time and resources to
implement," said Miller, who is also assistant chief of the city's fire
department. "The most important thing that we hope to get out of the
exercise is securing San Antonio's infrastructure to maintain all
aspects of the quality of life for our community. We also will share our
experiences with other communities to help them be better prepared."

Inside and Out

The City Public Service (CPS), the utility provider for 560,000 electric
and 302,000 gas customers in San Antonio, hopes to improve not only its
internal mechanisms, but also its external communications through Dark
Screen, according to Charles Lenz, manager of CPS' technology services.

Lenz said that his group would like "a more integrated and formal
internal approach to dealing with cyber incidents, as well as increased
communication with external sectors regarding cybersecurity issues." He
added that the lessons learned "will be evaluated internally and, where
warranted, additional resources and/or processes acquired or defined."

Lenz and Miller both said the only event that comes close to what all of
these organizations are attempting to do with Dark Screen was the Year
2000 rollover. "Y2K was the last time we did this type of an event, with
a tabletop before the actual Y2K event," Miller said.

Rodriguez said the idea for Dark Screen was hatched over a year ago,
after the collision between a U.S. EP-3 spy plane and a Chinese fighter
jet in which the Chinese pilot was killed.

That incident set off a series of activities by U.S. and Chinese
hackers, and lawmakers received reports that cyberattacks against the
Energy Department and DOD increased during that time, he said. "Every
time there's an international crisis, the hits are a little higher."

Rodriguez said the need for a cyber military exercise was evident back
then, before the Sept. 11 terrorist attacks. Right after the attacks,
when phones were useless and one of the few means of communication was
by using wireless handheld devices, the need to identify how the nation
would respond to a full-scale cyberattack became critical.

"We really need to see what we can do," because what if the 911
emergency phone service goes down or financial institutions are hit,
Rodriguez said. "I recognize that participating in this exercise may
raise concerns about the privacy of individuals, proprietary business
information, classified information and existing vulnerabilities, and
these issues will be fully examined and addressed in the planning stage"
(see box).

Currently, all Dark Screen participants are paying their own way, which
hasn't cost much in the planning stages, but Rodriguez said he has asked
DOD for $500,000 to pay for next year's live exercise.

Meanwhile, the lobbying efforts continue. Rodriguez said he had a
meeting July 11 with John Tritak, director of the Critical
Infrastructure Assurance Office, and that Tritak would be hosting a town
hall meeting on cyberterrorism in San Antonio in September, either right
before or after the first phase of Dark Screen. Tritak could not be
reached for comment.

***

This is a test

Officials from the public and private sectors plan to conduct a series
of exercises in which they will coordinate their responses to
cyberattacks.

Operation Dark Screen has three phases:

1. A tabletop exercise for public and private officials to play out a
scenario in which critical systems come under attack.

2. Applying lessons learned from the tabletop exercise.

3. A live exercise, which will include attempts to penetrate networks.

Copyright 2002 Federal Computer Week

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Will You Find True Love?
Will You Meet the One?
Free Love Reading by phone!
http://us.click.yahoo.com/7dY7FD/R_ZEAA/Ey.GAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:Senate.creates.first.responder.tech.team]"
Previous message: Rob Rosenberger: "RE: [iwar] Al Qaeda cyber alarm sounded (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT