What would happen if an unfriendly nation tried to take down the power grid, or the air traffic control system, or blow up a chemical plant with a cyberattack?
How would government agencies respond to such a threat?
That kind of war-gaming has been playing out this week in a windowless conference room at the Secret Service headquarters in Washington, D.C., in an exercise officials call “Cyber Storm VI.”
The biannual drill, run by the Department of Homeland Security, involves more than 1,000 participants (or “players”) around the globe, including federal, state and local law enforcement authorities, and other government agencies.
Jeanette Manfra, the assistant secretary for cybersecurity and communications at DHS says the U.S. faces “increasingly severe and significant cyber incidents affecting the public and the private sector.” The Cyber Storm exercise, she says, provides “a safe opportunity to simulate discovery of and response to a large-scale, coordinated cyberattack.”
She says no actual systems are attacked during the exercise, and most of the participants “play” from their normal work locations. She said players are not trying to solve technical issues relating to an attack, but rather to work on the steps they take to collaborate with each other.
It’s not clear what the exact nature is of the threat the players are facing. Not wanting to publicly give the game away, Manfra would say only that the scenario this year involves critical manufacturing, transportation and IT and communications sectors.
“The fundamental part of it is exercising a common thing that everybody depends upon,” Manfra says. Adding a threat to that particular component, she says, “would cause problems globally.”
Amid findings that Russian hackers interfered in the 2016 elections and concerns about this year’s midterms, electoral systems are being tested as well, with some of the states taking part.
And as Facebook founder and CEO Mark Zuckerberg testified before lawmakers about breaches of personal data on his site, this year Cyber Storm also includes simulated news web pages and social media sites. Manfra says no news organizations are actually taking part in the exercise.
Manfra says players will get “injects,” which she said might be in the form of an email, a phone call or a simulated post on social media or a simulated news article. The events will move the scenario forward and escalate to the point “where we are dealing with a significant national issue,” she says.
The primary focus of the drill for DHS, which has been designated the lead federal agency dealing with cyberthreats, is “how well do we work with other organizations, with the private sector,” and with other federal and global agencies, Manfra says.
The goal is to “push participants out of their comfort zone,” she says, and present them with a scenario that they feel they cannot respond to effectively unless they reach out to others.
Those taking part in Cyber Storm are watched by controllers and evaluators, and the exercise will be followed by an initial debriefing after the event.