Public and private sectors join in cyberattack simulation
“Many of the people that were participating didn't necessarily know right away who to talk to, who to call or how to collaborate in response to a cyberattack,” U.S. Rep. Jim Langevin, D-R.I., told SCMagazineUS.com Friday.
The event, called Cyber Strategic Inquiry (CSI'08), was a war game simulating simultaneous cyberattacks targeting the financial sector and critical infrastructures, and was hosted by Booz Allen Hamilton and the nonprofit Business Executives for National Security (BENS).
Some 230 participants, including government defense and security agency members, private companies and civic groups brainstormed ways to mitigate the attacks. Members from government included Langevin and Rep. Dutch Ruppersberger, D-Md.
The goals of the simulation were to create awareness and generate a shared vision of responsibilities in dealing with cybersecurity, in addition to identifying activities to facilitate collaboration among government, business, and civic organizations, according to literature about the event provided to SCMagazineUS.com by Booz Allen Hamilton.
It's telling, Langevin said, to see that members of the financial community didn't believe they had the legal authority to call their counterparts at another bank to learn if they were experiencing a similar type of threat.
“In the real world, it showed that the first reaction isn't to share information with competitors or the government, but to solve this problem internally and not let out information that could potentially be damaging to the company,” he said.
The government is just as guilty because it doesn't always share with the private sector – just like members of the private sector don't always share information with each other or the government, he said.
It's clear that users must create a mechanism to facilitate information sharing, Langevin said. He added that what needs to be created is an environment where entities can share information anonymously.
By running through the simulation of a cyberwar, one can learn about available resources and the capacities of what people can offer, Katherine McGuire, vice president of government relations for the Business Software Alliance, told SCMagazineUS.com Friday.
“The only way you can prepare properly is to have these types of dress rehearsals,” said McGuire, who did not attend the exercise.
Langevin said he would like to see events like this happen again.
“There's no one department or agency that's going to be the catch-all for cybersecurity," he said. "It's going to take everyone working together on it."