Cyber ShockWave

Last updated
Cover of The National Strategy to Secure Cyberspace US-cyberspace-strategy-cover-Feb2003.jpg
Cover of The National Strategy to Secure Cyberspace

Cyber ShockWave, similar to the Cyber Storm Exercise, was a 4-hour wargame conducted in February 2010 by the Bipartisan Policy Center, an American think tank based in Washington, D.C. [1] Former high-ranking Cabinet and National Security Officials role played a cabinet level response to a cyberwarfare scenario. [2] [3] [4] Portions of the exercise were later broadcast on CNN. [5]

Contents

Background

Cyberwarfare has become a major threat to the United States. [6] There is current debate over whether cyberwarfare constitutes actual war or a rhetorical and less threatening concept instead. Control of the Internet has long been an issue of Internet security and electronic privacy. [6] [7]

"CNN broadcasting where Cyber Shockwave simulation was aired" CNN Center newsroom1.jpg
"CNN broadcasting where Cyber Shockwave simulation was aired"

The Cyber Shockwave simulation game was developed in partnership with General Dynamics Advanced Information Systems, SMobile Systems, Southern Company and Georgetown University. [8] It was created by former CIA Director General Michael Hayden and conducted by the Bipartisan Policy Center to give a glimpse of what would happen during a cyber attack and gauged whether or not the United States was prepared for it. Security agents and lawmakers played roles in the fabricated attacks. The participants did not know the scenario in advance which helped to maintain the reality of a surprise attack. If a real attack were to happen it would come without notice and lawmakers and government agencies would have to re-act immediately in a timely manner. [9]

To prepare for a possible attack, members of The White House, Cabinet Members and National Security Agencies plan to advise President Barack Obama on possible plans of actions. [10]

Participants and roles

The list of attendees included: [8] [11]

  1. Michael Chertoff, former Secretary of Homeland Security, as National Security Advisor
  2. Fran Townsend, former White House Homeland Security Advisor, as Secretary of Homeland Security
  3. J. Bennett Johnston, former Senator (D-LA), as Secretary of Energy
  4. John Negroponte, former United States Deputy Secretary of State, as Secretary of State
  5. Jamie Gorelick, former Deputy Attorney General, as Attorney General
  6. Joe Lockhart, former White House Press Secretary, as Counselor to the President,
  7. John E. McLaughlin, former Acting Director of Central Intelligence, as Director of National Intelligence
  8. Stephen Friedman, former Director of the National Economic Council, as Secretary of Treasury
  9. Stewart Baker, National Security Agency General Counsel, as Cyber Coordinator
  10. Charles Wald, former Deputy Commander of U.S. European Command, as Secretary of Defense

Simulation attack

One of the simulation attacks that was presented was a malware program planted into phones during a popular basketball game. This attack caused a disruption spanning over many mobile phones across the United States. The spyware planted on the smartphones were used through a key logger and data intercepts to funnel funds to banks overseas. Several bots appear downloading videos that shows 'The Red Army'. [12] When someone receives the spyware, it is sent to the person's contact and the contacts will open it, spreading the malicious virus everywhere. [4]

In addition, the cyber attack reportedly sparked a series of crises and provisions including: [4]

Results

The results of the Cyber ShockWave war game showed that the United States is unprepared for a cyber attack. The results highlighted the immediate dangers that are threatening the country. Finally, the game demonstrates there would be huge financial repercussions to a cyber attack. [4] [9]

The simulation revealed that the response speed is crucial during a cyber attack and that the planning deficiency in which the United States exhibited during the game can be extremely costly. [13] The simulation also showed that the fast speed of an attack leaves little time to better understand certain things such as the essence of the attack, provided it were to happen, or proper recovery methods. [13] Former Clinton press secretary Joe Lockhart added that the simulation Shockwave may cause a panic among people, but that was in fact a good thing. [4]

According to former Secretary of Homeland Security Michael Chertoff, the United States lacks in several key aspects of Cyber security: [14]

See also

Related Research Articles

<span class="mw-page-title-main">United States Department of Homeland Security</span> United States federal department

The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terrorism, border security, immigration and customs, cyber security, and disaster prevention and management.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

<span class="mw-page-title-main">Michael Chertoff</span> American government official (born 1953)

Michael Chertoff is an American attorney who was the second United States Secretary of Homeland Security to serve under President George W. Bush. Chertoff also served for one additional day under President Barack Obama. He was the co-author of the USA PATRIOT Act. Chertoff previously served as a United States circuit judge of the United States Court of Appeals for the Third Circuit, as a federal prosecutor, and as Assistant U.S. Attorney General. He succeeded Tom Ridge as U.S. Secretary of Homeland Security on February 15, 2005.

The Oil Shockwave event was a policy wargaming scenario created by the joint effort of several energy policy think tanks, the National Commission on Energy Policy and Securing America's Future Energy. It outlined a series of hypothetical international events taking place in December 2005, all related to world supply and demand of petroleum. Participants in the scenario role-played Presidential Cabinet officials, who were asked to discuss and respond to the events. The hypothetical events included civil unrest in OPEC country Nigeria, and coordinated terrorist attacks on ports in Saudi Arabia and Alaska. In the original simulation, the participants had all previously held jobs closely related to their roles in the exercise.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

The Russian Business Network is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of MPack and an alleged operator of the now defunct Storm botnet.

The Cyber Storm exercise is a biennial simulated exercise overseen by the United States Department of Homeland Security that took place February 6 through February 10, 2006 with the purpose of testing the nation's defenses against digital espionage. The simulation was targeted primarily at American security organizations but officials from the United Kingdom, Canada, Australia and New Zealand participated as well.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

<span class="mw-page-title-main">United States Cyber Command</span> Unified combatant command of the United States Armed Forces responsible for cyber operations

United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise which focus on securing cyberspace.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

<span class="mw-page-title-main">Tailored Access Operations</span> Unit of the U.S. National Security Agency

The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.

A Master of Science in Cyber Security is a type of postgraduate academic master's degree awarded by universities in many countries. This degree is typically studied for in cyber security. What is offered by many institutions is actually called a Master in Strategic Cyber Operations and Information Management (SCOIM) which is commonly understood to be a Master in Cybersecurity. This degree is offered by at least some universities in their Professional Studies program so that it can be accomplished while students are employed - in other words it allows for "distance learning" or online attendance. Requirements for the Professional Studies program include: 3.0 or better undergrad GPA, professional recommendations letters and an essay.

Presidential Policy Directive 20 (PPD-20), provides a framework for U.S. cybersecurity by establishing principles and processes. Signed by President Barack Obama in October 2012, this directive supersedes National Security Presidential Directive NSPD-38. Integrating cyber tools with those of national security, the directive complements NSPD-54/Homeland Security Presidential Directive HSPD-23.

<span class="mw-page-title-main">Michael S. Rogers</span> U.S. Navy admiral and intelligence official (born 1959)

Michael S. Rogers is a retired four-star admiral of the United States Navy. Rogers served as the second commander of the United States Cyber Command (USCYBERCOM) from April 2014 to May 2018 while concurrently serving as the 17th director of the National Security Agency (NSA) and as chief of the Central Security Service (CSS). During his tenure, he helped transform and elevate U.S. Cyber Command into a unified combatant command. Rogers relinquished command to General Paul M. Nakasone on May 4, 2018 and retired from the Navy a few weeks later on June 1, 2018.

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.

<span class="mw-page-title-main">Partnership for a Secure America</span>

Partnership for a Secure America (PSA) is a nonprofit organization in Washington, D.C. that seeks to promote bipartisan solutions to today's critical national security and foreign policy issues. Created by former Congressman Lee H. Hamilton and former Senator Warren Rudman (R-NH) in 2005, the Partnership for a Secure America works with leading Democrats and Republicans to rebuild the bipartisan center in American national security and foreign policy.

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

The Transatlantic Commission on Election Integrity is a bi-partisan initiative by leading figures in politics, tech, media and business from Europe and the US with the aim of addressing the question of foreign interference in elections.

<span class="mw-page-title-main">Russo-Ukrainian cyberwarfare</span> Informatic component of the confrontation between Russia and Ukraine

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

References

  1. "Cyber ShockWave". Bipartisan Policy Center. Archived from the original on 2010-03-02. Retrieved 2010-02-24.
  2. Ali, Sarmad (February 16, 2010), "Washington Group Tests Security in 'Cyber ShockWave'", Digits (The Washington Post), retrieved 2010-02-24
  3. Ragan, Steve (February 16, 2010), "Report: The Cyber ShockWave event and its aftermath", The Tech Herald, archived from the original on July 22, 2011, retrieved 2010-02-24
  4. 1 2 3 4 5 Nakashima, Ellen (2010-02-17). "War game reveals U.S. lacks cyber-crisis skills". The Washington Post . Retrieved 2010-10-28.
  5. Christiaan008, CNN Cyber Shockwave: We were warned 1/9, archived from the original on 2021-12-15, retrieved 2019-01-11{{citation}}: CS1 maint: numeric names: authors list (link)
  6. 1 2 NPR staff, (June-16, 2010), "Has The Cyberwar Threat Been Exaggerated?". NPR . Retrieved 2010-10-03.
  7. "Who Will Control the Internet?". Foreign Affairs . Retrieved 2010-10-30.
  8. 1 2 "Cyber ShockWave Hits Washington". PR Newswire . Retrieved 2010-10-28.
  9. 1 2 "Cyber ShockWave Shows U.S. Unprepared For Cyber Threats". Bipartisan Policy Center. Archived from the original on 2013-07-19. Retrieved 2010-10-03.
  10. "Coming to a Networked Device Near You: Cyberwar!". Kings of War. Archived from the original on 2010-02-22. Retrieved 2010-10-16.
  11. "Cyber ShockWave Participants". Bipartisan Policy Center . Retrieved 2010-02-24.
  12. "Report: The Cyber ShockWave event and its aftermath". The Tech Herald. Archived from the original on 2011-07-22. Retrieved 2010-10-28.
  13. 1 2 "Reaction to Cyber Shockwave". Tao Security. Retrieved 2010-10-16.
  14. "War game reveals U.S. lacks cyber-crisis skills". Government Computer News. Retrieved 2010-10-28.