Ugh
I usually don't post much about my field as it's a technical field, and frankly, not that interesting (apparently) if you're not really in it, but this is the stupidest exercise I've seen in a while. Worse even about how hyped the damn thing was and how it was connected to the government (it was very loosely connected, some of the guys were ex-government people, other than that it was an outside think tank). It pisses me off even more that people believe this exercise shows anything.
Oh, and the main reason I'm bitching about this is that there's an article on slashdot about how the US is unprepared for cyberwarfare (I'd buy that) because of the results of this exercise (hell no).
The basic exercise went like this:
-A malwared March Madness app is downloaded onto a bunch of smart phones, that knock out the cell network. This, then, somehow knocks out the landlines, which seems... stupid really, it's like in TV shows where someone sends a virus through the electrical lines.
-The internet then goes down as well (something could probably jump from a smart phone to the internet, but bringing the entire internet down is a slightly more difficult task, unless you somehow damage the cables)
-There are explosions, and combined with the internet outage, brings down the East Coast's powergrid (the powergrid is remarkably fragile, and will be moreso if they do connect all of 'em together like was discussed. And really, you may as well have just cut out internet outage bullshit and just said that a remarkable number of SCADA systems controlling the electrical grid were hacked in a coordinated attack, and did it that way).
-Oh, and a hurricane hits the Gulf Coast, since that's caused by cyberwarfare.
The biggest problem with the exercise is that they're playing with a stacked deck. Of course if an agency can cause all of this then we're screwed, there's literally nothing that can be done, especially if we conveniently forget about the people who are supposed to be doing their jobs (the sys admins, the security specialists who work for the ISPs and the like), and the fact that they had no one of technical expertise speak during the event indicates this was just theatre, to convince people of the "right" point of view (in this case, the government needs expanded powers over private infrastructure).
Now, I haven't seen all the event, I've seen clips, but for me it seemed to be theatre, rather than a good look at what would actually happen. Things kept ramping up until it was pretty much impossible for the government to do anything. Even worse, the entire think stinks of people who were too busy watching crappy tv shows and movies that deal with internet viruses and the like, there were comments about how terrible it was that they weren't able to figure out who was behind the attack. No shit, that's work that typically takes more than a day, especially if you're busy going through the proper, legal channels.
I'm not saying that the US (or any other country really) is prepared, there are very dangerous things going on and huge weaknesses (hello SCADA), and these sorts of exercises can be good. But when you're creating a situation where there's no way to win, then it's just a waste of everyone's time.
Oh, and the main reason I'm bitching about this is that there's an article on slashdot about how the US is unprepared for cyberwarfare (I'd buy that) because of the results of this exercise (hell no).
The basic exercise went like this:
-A malwared March Madness app is downloaded onto a bunch of smart phones, that knock out the cell network. This, then, somehow knocks out the landlines, which seems... stupid really, it's like in TV shows where someone sends a virus through the electrical lines.
-The internet then goes down as well (something could probably jump from a smart phone to the internet, but bringing the entire internet down is a slightly more difficult task, unless you somehow damage the cables)
-There are explosions, and combined with the internet outage, brings down the East Coast's powergrid (the powergrid is remarkably fragile, and will be moreso if they do connect all of 'em together like was discussed. And really, you may as well have just cut out internet outage bullshit and just said that a remarkable number of SCADA systems controlling the electrical grid were hacked in a coordinated attack, and did it that way).
-Oh, and a hurricane hits the Gulf Coast, since that's caused by cyberwarfare.
The biggest problem with the exercise is that they're playing with a stacked deck. Of course if an agency can cause all of this then we're screwed, there's literally nothing that can be done, especially if we conveniently forget about the people who are supposed to be doing their jobs (the sys admins, the security specialists who work for the ISPs and the like), and the fact that they had no one of technical expertise speak during the event indicates this was just theatre, to convince people of the "right" point of view (in this case, the government needs expanded powers over private infrastructure).
Now, I haven't seen all the event, I've seen clips, but for me it seemed to be theatre, rather than a good look at what would actually happen. Things kept ramping up until it was pretty much impossible for the government to do anything. Even worse, the entire think stinks of people who were too busy watching crappy tv shows and movies that deal with internet viruses and the like, there were comments about how terrible it was that they weren't able to figure out who was behind the attack. No shit, that's work that typically takes more than a day, especially if you're busy going through the proper, legal channels.
I'm not saying that the US (or any other country really) is prepared, there are very dangerous things going on and huge weaknesses (hello SCADA), and these sorts of exercises can be good. But when you're creating a situation where there's no way to win, then it's just a waste of everyone's time.