Cyber Shockwave
Total Page:16
File Type:pdf, Size:1020Kb
yber ShockWave CyberC ShockWave Simulation Report and Findings Table of ConTenTs 2 What is Cyber ShockWave? 3 Key Findings 6 A Cyber Security Timeline 8 Cyber Security Today 10 Participant Roles 11 Simulation Development 12 Segment 1: March Madness 14 Segment 2: Lights Out 16 Conclusion abouT The biparTisan poliCy CenTer In 2007, former U.S. Senate Majority Leaders Howard Baker, Tom Daschle, Bob Dole, and George Mitchell formed the Bipartisan Policy Center (BPC) to develop and promote solutions that can attract the public support and political momentum to achieve real progress. Currently, the BPC focuses on health care, energy, national and homeland security, transportation, science and economic policy. For more information, please visit our website: www.bipartisanpolicy.org. Bipartisan Policy Center 1 What Is Cyber ShockWave? Key Findings On February 16, 2010, a bipartisan group of former senior administration Cyber ShockWave was designed to reflect the most current and realistic and national security officials participated in a simulated cyber attack on the challenges our nation faces in defending itself from a serious cyber event. Simulation participants concluded that the United States’ United States—Cyber ShockWave. The simulation, which was moderated by networks, critical infrastructure and citizens are vulnerable to cyber Wolf Blitzer and broadcast as a special on CNN, provided an unprecedented attacks and that there are several key issue areas that policymakers look at how the government would respond to a large-scale cyber crisis need to address to defend against and respond to such attacks. affecting much of the nation. A project of the Bipartisan Policy Center—with support and guidance from General Dynamics Advanced Information Systems, Georgetown University, PayPal, SMobile Systems, Southern Company and Symantec—Cyber ShockWave had participants play the roles of Cabinet members reacting in real time to an unfolding cyber attack and advising the President on an appropriate response. Cyber ShockWave highlighted how critical an issue cyber security has become for our nation. While protecting sensitive and personal data remains a priority, the proliferation of computers across ever-greater spheres of our personal lives and their growing role in running our critical infrastructure means a serious cyber event could have a debilitating effect on this country. Unfortunately, as Cyber ShockWave demonstrated, our current government policies are not adequate to responding to a large-scale cyber attack. Cyber security, both preventing attacks and preparing our government to respond to them, must be considered a national security priority. Michael Chertoff Former Secretary of Homeland Security Government Organization Legal Authority International Protocols Public Education & Awareness ++ Cyber security must consist of more than protecting mil- ++ The U.S. needs well-established legal authorities for ++ There are few international norms or regulations for ++ A national educational campaign is needed to inform itary, government or personal data and networks from dealing with a cyber crisis that dovetail with a broad na- what can and cannot be done in cyberspace. The citizens of their role in securing U.S. cyberspace. intrusion. It is a national security issue that must address tional understanding of what constitutes a “reasonable United States should consider whether an interna- We are all responsible for national cyber secu- defense and preparation, response and restoration as expectation of privacy” under such circumstances. tional legal regime governing cyberspace, parallel rity; irresponsible individual behavior imperils the the attack happens, and attribution afterwards. to those that exist for the maritime, air and land do- entire network. ++ Without statutory authorities for responding to and mains, would be useful. ++ The United States government—including the White preventing cyber attacks, including the seizure or ++ Requiring updated virus and malware protection for House Cyber Coordinator—currently lacks clearly quarantine of private data, devices or networks, the ++ A particular difficulty in formulating responses to any device attempting to connect to U.S. networks— defined roles and responsibilities for maintaining President may be left with only those authorities cyber attacks is the problem of attribution—iden- as is already required on government networks— common situational awareness of emerging critical derived from the Communications Act of 1934 (as tifying the responsible parties. The United States should be considered. operational developments in cyber space. amended by the Telecommunications Act of 1996) or needs mechanisms for holding entities respon- the Constitution, including war powers. sible for cyber events and a declaratory cyber de- ++ Our nation needs an effective decision-making frame- terrence policy, possibly invoking the potential of work below the cabinet level, especially between the ++ Up to 85 percent of U.S. networks are privately owned, kinetic retaliation. Department of Homeland Security and Department of but there is no mechanism for government cyber de- Defense, for coordinating the government’s response fenders to effectively collaborate with the private sec- to and recovery from a devastating cyber event. tor to leverage their expertise, to share knowledge and situational awareness with them, or to bring their ca- We are at a point when we’re talking about “cyber attack”, “cyber capabilities”, and “cyber ++ Current policy, legal and organizational constraints pabilities to bear during a response to a cyber attack. threat”, in something roughly analogous to the position we faced in 1945 when we first drive the government to a limiting and insufficient bi- encountered nuclear weapons and we didn’t know much about them. We need to think nary response: (1) the traditional domestic-focused law enforcement approach or (2) the desire to neutralize very imaginatively, creatively, and unconventionally about how we deal with the threat. the attack under international laws of armed conflict. John McLaughlin, Cyber shoCkWave Director of naTional inTelligenCe 4 Cyber ShockWave Simulation Report Bipartisan Policy Center 5 A Cyber Security Timeline Though the first incidences of hacking and computer viruses occurred as early as 40 years ago, the number and severity of cyber attacks and threats has grown steadily over the last decade. 1963 1971 1983 1988 2000 2003 2007 2008 2009 2010 The first recorded ref- ARPANet experiences its The movie “WarGames,” Michael Calce (aka Mafi- Russian hackers launch Chinese hackers steal data from erence to hackers in first computer virus called featuring a computer aBoy) attacks and disables attacks against Estonian Google and 30 other major U.S. the computer sense is the Creeper virus, written by intrusion into NORAD, is Yahoo!, Amazon, CNN, Dell, websites including Parliament, and international companies. made in MIT’s student programmer Bob Thomas. The released. and E*TRADE. In response, government ministries, newspaper, the tech. program copied itself to the the President calls for an banks, newspapers and remote system where the mes- emergency Cyber Security broadcasters. U.S. and South Korean govern- sage, “I’m the creeper, catch me Summit. The estimated total ment, financial and media web- if you can!” was displayed. The loss due to the attacks was sites are attacked, apparently by The Robert Morris Worm is the first program Reaper was written to $1.2 billion. North Korea. delete the virus. malicious worm on the Internet costing between $10-100 million in As Russia initiated military opera- Attacks targeting Twitter and damage according to the GAO. tions in Georgia, Russian hackers Facebook succeed in taking both brought down almost all Georgian sites offline for several hours. The Slammer worm brings down government websites. 75,000 servers, shutting down Albert Gonzalez is arrested for Bank of America ATMs, Continental the theft of more than 170 million Airlines’ ticketing systems, and credit and debit card numbers over Seattle’s 911 network. the course of four years. 6 Cyber ShockWave Simulation Report Bipartisan Policy Center 7 Predicted Mobile Data Traffic Active Facebook Users Cyber Security Today (Terabytes per Month) 3.6 Million 1.5 Billion Internet connectivity has transformed how we do business, whether as individual 2 Million 800 Million consumers, national governments, or global companies. It has also expanded our 1 Million 400 Million vulnerability well beyond our physical reach, necessitating strong cooperation between connected organizations and individuals. Governments cannot secure public services without cooperation from private businesses and citizens. Businesses 2009 2010 2011 2012 2013 2014 Dec ‘04 Dec ‘06 Dec ‘08 Dec ‘10 Dec ‘11 cannot drive a robust economy without the legal and economic incentives to make Government Organization Federal government’s networks. This is a 24-hour, wise security investments and cooperate broadly on shared security efforts. DHS coordinated watch and warning center whose Currently, a variety of mechanisms are used to share mission is to improve national efforts to address The Internet And Cyber Crime ++ As a result, cyber crime has grown just as quickly. It is threat activity information. Several sources of this in- threats and incidents affecting the nation’s criti- estimated that identity theft and other forms of online formation are freely available on the Internet or through cal information