Cyber Shockwave

Published: 2010-02-20
Last Updated: 2010-02-21 00:24:41 UTC
by Marcus Sachs (Version: 1)
17 comment(s)

At 8 pm EST (0100 UTC) on February 20th and 21st CNN will air a program called "Cyber Shockwave" which was filmed last Tuesday in Washington, D.C.  I was invited to be in the studio audience during the taping of the program.  I am frankly disappointed with the way it turned out.  First, the scenario used as a backdrop is not realistic.  The presumption is that a smartphone application is used to crash large portions of the nation's cellular phone system, which then leads to outages in the POTS (plain old telephone system) networks, which leads to loss of air traffic control, disruptions at the New York Stock Exchange, and massive power outages.  As most of our readers know, such a cascading effect across multiple networks and systems is not likely.  Not saying it's impossible, just not likely.  The second issue is the fact that the people playing the role of National Security Council members failed to recognize the role of the private sector until well into the second hour.  The government does not own or operate the communications infrastructure in the United States.  To leave the private sector out of the conversation is a massive oversight.  To be fair, the panel does recognize that the private sector has a role, but it comes after a long deliberation about how helpful the government should be.

My fear is that the average viewer will come away from this program convinced that the scenario is real (after all, why would CNN show something that is not real?) and that only the government can help lead us into a world of peaceful coexistence in cyberspace.  As most (hopefully all) of our readers know, cyberspace is very complex and security comes not from just the private sector or just the government but jointly, with each party playing a very important role.

I invite you to watch the program then post your comments or thoughts below using the COMMENT feature.

ps - watch the two maps, the one of the cell phone outages and the one of the electric grid failures.  The cell phone maps show "green" where there is 100% operation, including areas of the country where there is no coverage at all.  The electric power map is actually a map of the highway system.  Watch the highways go dark later in the simulation.  I've never seen highways go dark during a power failure (unless it's at night.)

Marcus Sachs
Director, SANS Internet Storm Center

Keywords:
17 comment(s)

Comments

This is absolutely nuts! They are talking about nationalizing power companies, completely federalizing the national guard despot protests from state governments, rationing fuel supplies...

The person that is "playing" the attorney general is saying, "Hey! We can't throw the constitution out the window because of a national emergency! We cannot just seize private sector assets at a whim of the president!" The person playing the secretary of energy basically says "Well why not?!" And the National Security Adviser wants to take actions to make sure that the government has absolute power to do what ever it deems necessary in any situation no matter what!!


Are you kidding me?!


Wake up America! The people in the government are going to install themselves into a position where the citizens will have NO RIGHTS AT ALL in any type of emergency!

Watching this was so disturbing I have to post again. Make sure you get everyone you know to watch this. This is the most scary thing I have seen since the actual 9/11 attacks. And its an exercise!

People in the public sector had better get their rear ends in gear and prepare to defend themselves from a hostile government take over in an emergency...

These "Officials" are talking about forcing ISP's to be responsible for making sure that anyone connecting to the internet has anti virus and anti malware! This will jack the price of internet services through the roof! I don't even want to imagine what that would take to enforce!

I love all the talk about the immediate need for legislation out of everyone involved in this. They are saying the legal issues are "murky"... what is murky about the constitution?!
Watching this was so disturbing I have to post again. Make sure you get everyone you know to watch this. This is the most scary thing I have seen since the actual 9/11 attacks. And its an exercise!

People in the public sector had better get their rear ends in gear and prepare to defend themselves from a hostile government take over in an emergency...

These "Officials" are talking about forcing ISP's to be responsible for making sure that anyone connecting to the internet has anti virus and anti malware! This will jack the price of internet services through the roof! I don't even want to imagine what that would take to enforce!

I love all the talk about the immediate need for legislation out of everyone involved in this. They are saying the legal issues are "murky"... what is murky about the constitution?!
these people are way too far up in the gov't to really understand the issue. terrorists don't have the resources to assert a coordinated attack on this vector, and have far more to gain from driving planes into buildings. other entities need the internet highly available so they can continue to perform data ex-filtration of classified and unclassified intellectual property at a loss of billions of dollars to US citizens and corporations. then there are the organizations which make very large profits from their pornography and gambling operations. hell, they'd pull out a can of whoop ass on anyone if they did anything to disrupt their operations. this is fud (fear, uncertainty and doubt) being advocated at the federal level because the general public "gets it" at this level. try explaining the complexities of a data ex-filtration exercise and how it impacts jobs and innovation in the US and watch everyone's eyes glaze over. as the general public stands in awe, pondering the lights going out the floodgates remain open while the very last shred of american ingenuity is flotsam to be skimmed by business persons worldwide.
After watching this, I do have to admit that it seems that the people in this simulation are out of touch with reality. Joe Lockhart especially. He wanted to send troops into another country and national some of the energy sector. Mr. Joe Lockhart, please stay away from my freedoms. I would say that the simulation was ridiculous, highly unlikely, and seemed more of a great way to scare people into hugging their government. I am just grateful that Jamie Gorelick was there to keep some of these participants in line. In the end, I would almost say that it would have been better that the simulation not have been done. These leaders, not all of them, are embarrassing.
The issue of patches, updates and using anti-malware products: the government and private sector are the major entities using outdated browsers, older operating systems in order to keep using legacy applications and delaying implementation of patches because it might break other applications on their network. Also, the idea that the private sector would be able to guarantee their software is 'hack proof' is unrealistic.
Don't forget that in 1918 the government DID take over the national telegraph system by declaration of the President and vocal approval by the Congress. The lasted for the duration of World War I. The government has a precedent.
I think they should be congratulated for even attempting to try to work this scenario out. Instead of slamming them for their chosen scenario, lets acknowledge their attempt.

If there was a catastrophic failure, people would be demanding their government to assist and rebuild -- sorta like the financial crisis. I'm sure American citizens recognize that the military performs 'exercises' for certain scenarios and we never get to see or witness these. I think it took some pretty big balls to demonstrate what a response to this threat might be.

Just my thoughts.
So they get worked up over a private sector occurence enough to want to put boots in russia over a server, nationalize utilities, and federalize the national guard against the wishes of the govenors, and shut down all phone communication demanding justification of case by case reactivation. to be clear a fictional e-fone app crashes all cell service of bt&t and it affects the internet and pots? then the power grid? this show was high on buzzword content and little else. this demonstrated that not only do our top brass have no idea what they're doin, they don't know what they're even talking about. this scenario was a bad die hard 4 rip off.
If you look at the organization responsible for actually putting on this "production" on :
http://www.bipartisanpolicy.org/events/cyber2010

they claim Bi-Partisanship. Not sure I completely believe that, because MOST of the big names were recent Bush Administration folks. Review the source of the information, and I think you might find that while the basis for the exercise might seem to be good, there are probably ulterior motives (it seems we may be getting back to Fear, Uncertainty, and Doubt). Although this is CNN, it almost smells of Cheney/Carl Rove and the "GOP is the only ones who can keep the country safe" sort of thing.

Diary Archives