By Debra Donston-Miller, Published July 11, 2013
Digital Defense of Government Agencies
During a targeted cyber attack, government agencies go dark. Mission-critical data is inaccessible. Personal information of millions of U.S. citizens is exposed. Communications are cut off. The White House is literally and figuratively in the dark. It’s like something out of a summer movie blockbuster, but could it happen in real life?
It’s not so far-fetched.
A report prepared by the Defense Science Board for the Pentagon and other government and defense organizations found that today’s cyber threat is insidious, “enabling adversaries to access vast new channels of intelligence about critical U.S. enablers (operational and technical; military and industrial) that can threaten our national and economic security.”
If the United States is ever under full-scale cyber attack, the report goes on to state, the weapons of what could very well be mass destruction might include denial-of-service attacks, infrastructure corruption, data corruption and supply chain interruptions, among many other things.
This could result in U.S. guns, missiles and bombs being redirected; supplies not making it to their intended destinations; or intelligence being corrupted. In addition, says the report, “commanders may rapidly lose trust in the information and ability to control U.S. systems and forces. Once lost, that trust is very difficult to regain.”
The report warned that the Pentagon is unprepared to stave off a full-scale cyber attack of the magnitude described here, but the U.S. government is not just sitting around waiting for such an attack to happen.
For example, the Department of Homeland Security’s Cyber Storm exercises are designed to strengthen cyber preparedness in the public and private sectors. According to the Department of Homeland Security website, participants in the biennial Cyber Storm exercises, a program mandated by Congress:
- Examine organizations’ capability to prepare for, protect from and respond to cyber attacks’ potential effects.
- Exercise strategic decision making and inter-agency coordination of incident response(s) in accordance with national-level policy and procedures.
- Validate information sharing relationships and communications paths for collecting and disseminating cyber incident situational awareness, response and recovery information.
- Examine means and processes through which to share sensitive information across boundaries and sectors without compromising proprietary or national security interests.
The latest Cyber Storm exercises—Cyber Storm IV Defense Science Board for the Pentagontook place from 2011-12, and focused on the Department of Homeland Security’s role during a cyber event. The goal was to enhance the United States’ ability to respond to a cyber attack by both applying current best practices and by looking at what works, what doesn’t and how we can strengthen the overall security posture of public and private agencies.
There are many other programs that the U.S. government is putting into place to stay ahead of ever-more-sophisticated cyber security threats. Unfortunately there are also many bad actors and nation-states that may be looking for an opportunity to bring down government systems. There are no easy answers Defense Science Board for the Pentagon or fixes Defense Science Board for the Pentagon but security success will likely depend on a partnership between public and private entities.