U.S. cyberattack drill exposes unsettling vulnerabilities
overwhelm the administration’s proposed cyber defenses.
It began with the March Madness college basketball postseason tournament application, but then an unidentified insider apparently sabotaged the software patch, making the problem far worse.
As the war game unfolded, the attack was traced to computer servers in Russia, and then to an unnamed individual in Sudan. For reasons never explained, homemade bombs exploded by electric power stations and gas pipelines in Tennessee and Kentucky.
Also, a monster Category 4 hurricane slammed into the Gulf Coast.
Michael Chertoff, who played the national security advisor in the exercise, had some relevant experience to draw on. He headed DHS when Hurricane Katrina struck in 2005. “We need to know how to deal with this,” Chertoff declared at the start of the session. “The biggest danger,” he added, “is if we’re ineffective.”
The event was sponsored by the Bipartisan Policy Center, a Washington-based group headed by Thomas H. Kean and Lee H. Hamilton, who co-chaired the 9/11 Commission. The scenario was developed by Georgetown University and several companies, including PayPal. The session will be aired later on CNN.
None of the panelists knew the scenario in advance. Chertoff moderated the debate as others flanked him at tables that formed a V. An audience of industry executives, current and former government officials, and think tank experts watched and occasionally chortled as the group struggled to respond.
Drogin writes that the panel sometimes learned the latest developments from fake TV bulletins that appeared on giant screens behind them. Sometimes they did not. One broadcast noted that the Federal Aviation Administration had grounded all planes. More than twenty minutes later, the supposed presidential advisors were still discussing whether to do just that.
The former officials all gave a spirited performance.
- Stewart Baker, former general counsel of the National Security Agency, said the White House should shut down cellphone networks even if no law specifically allowed it. “We will be criticized if we don’t do everything we can,” said Baker, who played national cyber coordinator. “We can straighten out the [legal] authorities over time.”
- Chertoff later asked if the military could help. “I don’t want to seem like a legal Nervous Nellie,” he said.
- Jamie Gorelick, who was a member of the 9/11 Commission, suggested that intelligence agents kidnap the alleged perpetrator, if necessary, to bring him to justice. “We have authority to do renditions,” she said. “Can’t you just mug him and take the stuff?” Baker asked.
- Frances Fragos Townsend, who served as counter-terrorism advisor in the George W. Bush White House, called for rationing of gasoline and other crucial supplies if necessary.
- Charles F. Wald, a retired Air Force general who played Defense secretary, called for military retaliation if another government were involved in the attack. “I think through our offensive cyber capability we could take some significant action,” he said.
- John D. Negroponte, who spent most of his career as a diplomat before becoming the first director of national intelligence, urged a diplomatic approach. “We’ve got to sit down with these people,” he said.
- Stephen Friedman, who served as director of the National Economic Council under President Bush, declared the attack “a massive blow to the solar plexus of the economy.” “I’m not hearing any answers here as to how to fix this,” he added.
- John McLaughlin, who was deputy director of the CIA during the run-up to the 2003 invasion of Iraq, suggested maximizing use of intelligence assets — and perhaps nationalizing electric power companies. “We can turn the [National Security Agency] loose on this problem, and gather tons and tons of information, gigabytes beyond imagination,” he promised.
In the end, no grand plan emerged, but the group did agree to advise the president to federalize the National Guard, even if governors objected, and deploy the troops — perhaps backed by the U.S. military — to guard power lines and prevent unrest.