WASHINGTON — The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on Thursday after participating in a two-day “cyberwar” simulation.
The game involved 230 representatives of government defense and security agencies, private companies and civil groups. It revealed flaws in leadership, planning, communications and other issues, participants said.
The exercise comes almost a year after President George W. Bush launched a cybersecurity initiative which officials said has helped shore up U.S. computer defenses but still falls short.
“There isn’t a response or a game plan,” said senior vice president Mark Gerencser of the Booz Allen Hamilton consulting service, which ran the simulation. “There isn’t really anybody in charge,” he told reporters afterward.
Democratic U.S. Rep. James Langevin of Rhode Island, who chairs the homeland security subcommittee on cybersecurity, said: “We’re way behind where we need to be now.”
Dire consequences of a successful attack could include failure of banking or national electrical systems, he said.
“This is equivalent in my mind to before September 11 … we were awakened to the threat on the morning after September 11.”
Officials cited attacks by Russia sympathizers on Estonia and Georgia as examples of modern cyberwarfare, and said U.S. businesses and government offices have faced intrusions and attacks.
Billions of dollars must be spent by both government and industry to improve security, said U.S. Rep. Dutch Ruppersberger of Maryland, the Democratic chairman of the intelligence subcommittee on technical intelligence.
The war game simulated a dramatic surge in computer attacks at a time of economic vulnerability, and required participants to find ways to mitigate the attacks — using real-life knowledge of tactics and procedures where they work.
It was the broadest such exercise in terms of representation across government agencies and industrial sectors, officials said.
Homeland Security Secretary Michael Chertoff, addressing the participants at the end of the exercise, predicted cyberattacks will become a routine warfare tactic to degrade command systems before a traditional attack. That is in addition to threats posed by criminal or terrorist attackers.
International law and military doctrines need to be updated to deal with computer attacks, Chertoff said.
“We know that if someone shoots missiles at us, they’re going to get a certain kind of response. What happens if it comes over the Internet?,” he said.
Chertoff and Gerencser expressed caution over suggestions earlier this month calling for the appointment of a White House “cybersecurity czar” to oversee efforts. But Ruppersberger disagreed. One person was needed to take charge of efforts and to secure the president’s ear, he said.
Ruppersberger said people close to president-elect Barack Obama’s transition team have convinced him that Obama understands the importance of bolstering cybersecurity.