US Not Ready for Cyber Attack – No kidding

Dec. 30, 2008
December 19, Reuters – (National) U.S. not ready for cyber attack. The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on December 18 after participating in a two-day “cyberwar” simulation. The game involved 230 representatives of government defense and security agencies, private companies, and civil groups. It revealed flaws in leadership, planning, communications, and other issues, participants said.
December 19, Reuters – (National) U.S. not ready for cyber attack. The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on December 18 after participating in a two-day “cyberwar” simulation. The game involved 230 representatives of government defense and security agencies, private companies, and civil groups. It revealed flaws in leadership, planning, communications, and other issues, participants said. “There isn’t a response or a game plan,” said senior vice president of the Booz Allen Hamilton consulting service, which ran the simulation. “There isn’t really anybody in charge,” he told reporters afterward. Officials cited attacks by Russia sympathizers on Estonia and Georgia as examples of modern cyberwarfare, and said U.S. businesses and government offices have faced intrusions and attacks. Source: http://uk.reuters.com/article/technologyNewsMolt/idUKTRE4BI00520081219?sp=true I would like to point out an exercise we held in 2006 at the final KEMA Control System Cyber Security Conference. There were approximately 120 attendees from various industries and government organizations from all over the world representing a number of different critical industrial infrastructures. These were the cognizant technical people that had a vested interest in cyber security of critical infrastructures. They were broken up into 6 groups with each group having experts from IT security, control systems, government, IT and control system vendors, etc as participants. They were physically separated then given the same information concerning a possible cyber attack on their critical infrastructures. What was so interesting was the independent, yet common response from each group to each set of succeeding information. Basically, there was no consensus about what to do, who to contact, when to declare an emergency, when to isolate critical control system networks, etc.  As additional technical information came in about the actual event, there was still no consensus about what to do until critical systems were actually being affected.  Despite all of the tabletop exercises having been run to date, I believe this is typical of what would actually happen in a wide-spread cyber attack on the critical industrial infrastructures. Joe Weiss Beginning in January, I will be providing a monthly subscription newsletter. Stay tuned for more details.

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...