Report: The Cyber ShockWave event and its aftermath

The Cyber ShockWave and its aftermath. (IMG: S. Ragan)

When it comes to the protection of the nation’s infrastructure, the government is lacking in several areas. While it has the ability to act offensively, if it knows who the enemy is, the trick is to collect enough information and retaliate without violating domestic and foreign policy and law.

The Tech Herald was in Washington D.C. on Tuesday to witness the mock Cyber ShockWave event. Here’s what we walked away with:

What happened?

Cyber ShockWave started with a vulnerability in the operating systems used by various smartphones. Thanks to a malicious application, celebrating the NCAA’s March Madness, Spyware was loaded onto smartphones that included a keylogger and data intercept component. The application was then used to funnel millions of dollars to banks overseas. From there, the data and money-snatching application morphs, and the malicious application turns the infected devices into bots and adds them to a telecommunications botnet.

The bots start to download videos showing 'The Red Army'. The downloads and resulting spread of the video subsequently flood the data networks of major carriers, and slow them to a crawl before crippling them altogether. After that, the Malware on the smartphones starts to replicate, thanks to sync programs linking information from the phone to a computer. Once the computers are infected, the ISPs face the same issue the telecoms faced. In the end, both communications systems are crippled.

If this wasn’t enough, weather patterns resulting in a heat wave and hurricanes stress the electrical system. This is where things go south, on a major scale. A hurricane wrecks the petroleum refining and natural gas processing centers, and a stressed electrical grid is hurt more by Improvised Explosive Devices (IEDs) and what is assumed to be a Malware attack on the Secure Trade power trading platform.

Both incidents are deemed critical, and the former top U.S. officials debated how to respond for most of the event. The problem is that by the end of the debates, during both sessions, there were no real answers.

Behold the confusion that is Cyber ShockWave

Can we nationalize the U.S. power system? Should the National Guard be called out? The FBI reports that it has traced the services used in the March Madness application to Russia -- is retaliation called for? Two IEDs were detonated in two different power facilities, is it terrorism? According to GNN (the news source for media information during the event), there was a cyber component to the electrical outage, later assumed to be related to patches on the Secure Trade software. Was this the work of an insider? These were the topics of note, and the confusion only led to more questions and few answers.

The downside to the ShockWave, as it were, is that there were just too many levels of attack at the same time. The Cyber ShockWave exercise was to create a possible attack scenario, but not one that is total chaos. However, by adding the botnet side to the telecom attack, and throwing in natural disasters as well as potential terrorism on and offline, they added too much to the 'Perfect Storm' they kept referring to it as.

The malicious application causing harm to telecom and ISP networks is one scenario that is highly likely, as more and more applications make it to market and more and more people switch to smartphones. The odds of this happening at the same time that the power grid is attacked, and a hurricane kills off oil and gas production, is simply too high to compute.

The point of it all

The main point to take away from Cyber ShockWave, at least how we see it, is that there needs to be a solid level of cooperation inside the government first, and then also between the government and the private sector. There is no 'I' in team and, when it comes to protecting the assets within the backbone of the Internet, both private and government entities have a lot to look after.

One interesting point came up when debating the Russian server -- the one the FBI said was linked to the telecom attacks. Why doesn’t the government simply shut it down? The reason is that doing so could be considered an act of war. No one knows, because there is no policy or precedence regarding such an action.

The mirror side to this would be the question, what if the Russian server was a jumping point to a server in the U.S.? If so, can we then shut it down? What would be the reasoning? While killing a server in a foreign country could be perceived as an act of aggression, doing so on our own soil could be a violation of various laws, unless a state of emergency is ordered. Once that happens, according to the panel, the U.S. President has a good deal of leeway.

There are few limits to what the government can do in response to a threat to national security. Those limits that do exist are enforced by policy and U.S. law. What this means is that, while there were several ideas passed around, many of them were without precedence, so couldn’t be acted on.

For example there was a patch for the smartphones, one that would fix the Malware issue. Yet, only 50 percent of consumers applied it. To prevent further attacks to the telecommunications system, you can ask the people to stop using phones, or simply force them to stop using them by turning them off remotely. If the issue was forced, and the government did something to turn the phones off, then there would be serious consequences to deal with later.

In the end, the Bipartisan Policy Center, which put Cyber ShockWave together, had hoped the gaps existing within the law and government policy relating to cybercrime and cyberattacks would be exposed. It got its wish, as gaps in both areas were exposed; but when it comes to balance between the private and government sectors and security, it takes more than policy to make it work.

It would have added a ton of weight to the exercise if there was some sort of consultation with energy companies or telecom representatives. They were absent during the mock attacks, and their absence was felt when you consider that by the time the President was 'briefed', there was no solid plan of action as to how to deal with and recover from the incidents.

There were some smart and skilled people on the panel. Yet, the scripting made the panel come over as clueless when considering the reach, intelligence, and overall capabilities of foreign attackers. The current cyber capacities of the various international terrorist groups were left completely off the table.

Overall, the Cyber ShockWave event was more media hype than actual intelligence and insight. We had hoped to see some of the political heavyweights on the panel act with their full capacity and experience, but they either couldn’t or opted not to. If anything, the federal employees who attended learned that managing IT in the public world, and dealing with threats there, is nothing like attempting the same feat within the federal government.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Awesome Stuff Made Out Of Car Parts

An awesome picture has started doing the rounds showing a bathroom with sinks made out of car tires and faucets created from gas pumps. It’s the ideal bathroom for any discerning car nut. That got us thinking — what other stuff is there made out of car parts and car paraphernalia. Here are some of the coolest […]

Range Rover Evoque Convertible Confirmed

Land Rover has officially confirmed that the Range Rover Evoque Convertible will go on sale in 2016. The company released some publicity photos showing a prototype of the Evoque Convertible driving through train tunnels under construction in London. The company says use of the Crossrail tunnels let them test the convertible in privacy. A Land […]

Mercedes-AMG GT3 Racing Car to Debut at Geneva Motor Show

The company says the standard Mercedes-AMG GT already provides the ideal base for the race model, with low centre of gravity, good weight distribution and wide track width.The driver sits on a carbon-fibre seat pan and is protected by a roll-over cage made from high-tensile steel.The engine cover, doors, front wing, sidewalls, side skirts, diffuser, […]

Lamborghini Aventador Wallpaper

Lamborghini Aventador wallpaper for your desktop or mobile device. The Aventador LP 700–4  has a 6.5 liter V12 that will go 0–60 mph in  2.9 seconds and take you all the way to 220mph and maybe beyond.Each image links to a page with multiple sizes of wallpaper you can download.

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]