Security experts wrestle with cyberattack scenario

A group of ex-government officials tries to respond to a massive smartphone attack

Imagine a scenario in which a downloadable application turns smartphones into network-clogging bots, causing U.S. mobile-phone networks to fail, and eventually spreads to the wired Internet.

Then imagine, as U.S. White House officials debated how to handle that situation, the energy grid in the eastern U.S. begins to fail. A group of national security and cybersecurity experts wrestled with those scenarios Tuesday, during the Cyber ShockWave exercise hosted by the Bipartisan Policy Center, a Washington, D.C., policy think tank.

The scenario started small, with a downloadable application infecting smartphones. But the number of infected phones grew, and the malware started attacking the wired Internet as smartphone users synched their phones with their computers. The malware began sending huge video files across the Internet, crippling both mobile networks and the wired Internet.

A group of security experts, acting as U.S. cabinet members and presidential advisers, debated for hours about how to handle the situation, with some participants arguing the U.S. president should declare the attack an act of war and mobilize the U.S. military. Former U.S. Secretary of Homeland Security Michael Chertoff, playing the role of U.S. national security adviser in the scenario, asked whether the president has the authority to order mobile-phone networks be shut down or to turn off service to infected phones.

"We don't have the authority in this country to quarantine cell phones," answered former U.S. Deputy Attorney General Jamie Gorelick, playing the role of attorney general. "We're in uncharted territory right now."

Stewart Baker, a former assistant secretary for cybersecurity policy at the U.S. Department of Homeland Security, wondered why the president doesn't have that authority. If a person with a deadly and communicable disease were at a major sporting event, U.S. authorities would have the ability to remove the person, said Baker, playing the part of U.S. cybersecurity coordinator.

"I think we can find legal justification for what we want to do," said Baker, now a visiting fellow at the Center for Strategic and International Studies. "[Telecom] is a regulated industry. We can take those legal authorities and tell them what they need to do to get this worm out of the system. We've got to find the authority."

Acting as the DHS secretary, Frances Townsend, former chairwoman of the U.S. Homeland Security Council, suggested the president ask people not to use their mobile phones as a way to prevent the malware from spreading.

But former presidential spokesman Joe Lockhart questioned if that would work. People would continue to use their mobile phones, even after the president asked them not to.

During the discussion, participants learned that the hypothetical malware originated from a group of servers in Russia. Retired Air Force General Chuck Wald, acting as the secretary of defense, assured the other members of the national security team that the U.S. had the offensive capability to shut down those servers, but other participants questioned whether Russia would see that as an act of war.

The U.S. doesn't have a well-developed policy for responding to major cyberattacks, Wald said.

While the group was debating how to respond to the cyberattacks, the electrical grid in the eastern U.S. began shutting down. In what appeared to be an attack coordinated with the smartphone malware, pipe bombs exploded at two energy facilities in the U.S., causing a major gas pipeline to shut down. A heat wave contributed to problems of electrical blackouts.

As blackouts began to cover much of the Northeast and several large Midwestern cities, participants began talking about mobilizing the National Guard and active-duty military members to protect electrical generating facilities and to prevent civil unrest.

Townsend suggested the military help deliver diesel fuel to hospitals in areas where there were blackouts. Hospitals have backup generators that run on diesel, but the generators only can run for six to 12 hours without additional fuel, she said. "People, after about 12 hours, are going to start dying in hospitals," she said.

At that point, Lockhart suggested the president has to assume the worst -- that the cyberattack and the electrical grid shutdown were related and not the end of the problems. "We have to assume [the perpetrators] have the ability to attack again at some other place," he said.

Organizers of Cyber ShockWave said they hoped the scenario would help U.S. policymakers better understand how to deal with cyberattacks.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyberattacksUSA governmentsecurity

More about etwork

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts