Cyber Terror Drills

Cyber Terror Drills 
Name: Silent Horizon 
Date: May 2005
Agency: CIA

Title: CIA: Take That, Cyberterrorism!
May 25, 2005
Source: Wired 

Abstract: The CIA is conducting a war game this week to simulate an unprecedented, Sept. 11-like electronic assault against the United States. The three-day exercise, known as "Silent Horizon," is meant to test the ability of government and industry to respond to escalating internet disruptions over many months, according to participants.

They spoke on condition of anonymity because the CIA asked them not to disclose details of the sensitive exercise taking place in Charlottesville, Virginia, about two hours southwest of Washington.

The simulated attacks were carried out five years in the future by a fictional new alliance of anti-American organizations that included anti-globalization hackers. The most serious damage was expected to be inflicted in the closing hours of the war game Thursday.

The national security simulation was significant because its premise -- a devastating cyberattack that affects government and parts of the economy on the scale of the 2001 suicide hijackings -- contradicts assurances by U.S. counterterrorism experts that such effects from a cyberattack are highly unlikely.

"You hear less and less about the digital Pearl Harbor," said Dennis McGrath, who has helped run three similar exercises for the Institute for Security Technology Studies at Dartmouth College. "What people call cyberterrorism, it's just not at the top of the list."

The CIA's little-known Information Operations Center, which evaluates threats to U.S. computer systems from foreign governments, criminal organizations and hackers, was running the war game. About 75 people, mostly from the CIA, along with other current and former U.S. officials, gathered in conference rooms and pretended to react to signs of mock computer attacks.

The government remains most concerned about terrorists using explosions, radiation and biological threats. FBI Director Robert Mueller warned earlier this year that terrorists increasingly are recruiting computer scientists but said most hackers "do not have the resources or motivation to attack the U.S. critical information infrastructures."

The government's most recent intelligence assessment of future threats through the year 2020 said cyberattacks are expected but terrorists "will continue to primarily employ conventional weapons." Authorities have expressed concerns about terrorists combining physical attacks such as bombings with hacker attacks to disrupt rescue efforts, known as hybrid or "swarming" attacks.

"One of the things the intelligence community was accused of was a lack of imagination," said Dorothy Denning of the Naval Postgraduate School, an expert on internet threats who was invited by the CIA to participate but declined. "You want to think about not just what you think may affect you but about scenarios that might seem unlikely."

An earlier cyberterrorism exercise called "Livewire" for the Homeland Security Department and other federal agencies concluded there were serious questions over government's role during a cyberattack depending on who was identified as the culprit -- terrorists, a foreign government or bored teenagers.

It also questioned whether the U.S. government would be able to detect the early stages of such an attack without significant help from private technology companies (Wired, 2005).  

Cyber Terror Drills 
Name: Cyber Storm 
Date: February 2006 
Agency: DHS

DHS Reports On Anarchist Cyberterror Drill
September 13, 2006
Source: UPI

AbstractThe Department of Homeland Security Wednesday released the results of its first exercise simulating a major cyber-terror attack on the United States.

The exercise, staged in February and dubbed "Cyber Storm," simulated an attack by a loose coalition of well-financed anti-globalization and anarchist "hacktivists" from many different countries, says the department's report.

The attackers "aimed to make political statements and protest actions by government and industry" by penetrating "trusted cyber systems" like public health and driver licensing databases.

"The attackers focused on maximizing economic harm and fomenting general distrust of big business and government by disrupting services and misleading news media and other information outlets," says the report, adding that the scenario "was neither a forecast of any particular threats ... currently existing nor an expression of any specific concerns."

Rather, it was designed "to test communications, policies and procedures in response to various (kinds of) cyber attacks and to identify where further planning and process improvements are needed," the department said in a statement.

Over 110 state local and federal government agencies and private corporations took part in the exercise, staged at the headquarters of the U.S. Secret Service on a specially established computer network to avoid impacting the real Internet.

The biggest weakness the exercise revealed was the limited ability of participants to correlate "multiple incidents across multiple  infrastructures and between the public and private sectors," says the report.

While the response was "generally effective" in addressing single attacks, and "to some extent" multiple ones, "most incidents were treated as individual and discrete events. Players were challenged when attempting to develop an integrated situational awareness picture and cohesive impact assessment across sectors and attack vectors" (UPI, 2006)

Cyber Terror Drills 
Name: Strong Angel III
Date: August 2006
Agency: U.S. Department of Defense, etc. 

Title: ESS to Participate In Strong Angel III Integrated Disaster Response Demonstration
Date: August 14, 2006
Source: Free Library 

 ESS today announced its participation in Strong Angel III, a collaborative demonstration of civil and military cooperation and communication capabilities put together by a partnership of private companies, government agencies, humanitarian and relief agencies and universities. Hosted by San Diego State University and taking place in San Diego August 21-26, Strong Angel III will field test effective means of delivering life-saving humanitarian relief and rapidly deployable communications systems in the wake of major disasters. 

The core site for Strong Angel III will be the operations center at the San Diego Fire Department Fire Rescue Training Facility site, located at the former Naval Training Center near downtown San Diego. San Diego State University's Visualization Center will be a secondary location. 

The Strong Angel III demonstration simulates the impact on information sharing in a real-world disaster. The demonstration will assume the context of a worldwide pandemic caused by a highly contagious virus, which is further complicated by a wave of cyber-attacks inflicted by terrorists that cripple critical local infrastructure and systems. Strong Angel III team members will conduct field trials and demonstrations of solutions that address 49 specific humanitarian relief challenges -- both technical and social -- that have not yet been adequately overcome in real disaster relief efforts. 

"In the wake of major incidents like the 9/11 terrorist attacks, Hurricane Katrina and the tsunami in Southeast Asia, it is more important than ever to have an integrated response when disaster strikes," said Eric Rasmussen, MD, director of Strong Angel III and professor at San Diego State University. "The level of public-and private-sector engagement in Strong Angel III is at a remarkable level, underscoring the significance of the task at hand and the commitment of everyone involved to work together to maximize preparedness and coordination efforts." 

Some of the demonstrations will include developing solutions for redundant power, adaptive communications, austere network communications, mobile workers, cross-organizational collaboration, mesh networking, satellite services, ephemeral workgroups, geospatial information systems, rapid assessment techniques, shared situational awareness, cyber-security, alerting tools, community informatics, machine-based translation for multi-lingual communication, and social network development. 

Strong Angel III sponsors include Google, Cisco Systems, CommsFirst, Microsoft, Save the Children, Sprint Nextel, the Naval Postgraduate School, and the U.S. Department of Defense. 

Strong Angel III is the third in a series of demonstrations that have taken place since 2000. The first two Strong Angel demonstrations were held in 2000 and 2004 in Hawaii associated with the joint Naval exercises called RIMPAC. Strong Angel III will issue a lessons-learned document on its website as soon as possible after conclusion of the demonstration (Free Library, 2006).

Cyber Terror Drills 
Name: Cyber Storm III
Date: September 2010
Agency: DHS 

 U.S. Launches A Drill To Test International Cybersecurity
 September 29, 2010
Source: CNN

Abstract: It's only a drill and no computers will be harmed in testing now underway to check whether governments, private industry, and other computer infrastructure could handle a major cyberspace attack.

The drill, called "Cyberstorm III," is staged as a worldwide event and "is beyond the capability of any one government agency to respond to," said Phillip Reitinger, a deputy undersecretary in the Department of Homeland Security, the sponsoring agency.

Security experts spent more than a year developing nearly 2,000 elements that resemble symptoms of a hostile electronic attack, arriving via the internet or through the spread of malicious computer programming. 

The attempted takedown began Tuesday.

By Wednesday, hundreds of these elements, called "injects," had been distributed to information technology players who must respond and mitigate what confronts their systems.

In a briefing for reporters, Reitinger explained that a top goal of the exercise is to examine whether those affected by a cyberattack can communicate with each other and coordinate among themselves to minimize damage and perhaps block the spread of an attack.

Australia, Canada, Germany, Japan, France and the United Kingdom are among international participants in the exercise, at a time cyberattacks are increasingly launched from outside a targeted country.

Visiting a computer world equivalent of a war room, reporters Wednesday were allowed to observe about a hundred security experts as they originated the simulated elements of a cyberattack.

"These are the folks behind the curtain, pulling the strings, to actually make the exercise work," said Brett Lambo, the director of the Cyber Exercise Program, part of Homeland Security's National Cyber Security Division.

Looking at a flatscreen monitor that nearly covered an entire wall in the room, he pointed to a grid of color-coded boxes with alpha-numeric identifiers. "You can see who it went to, what was the expected player action, and what was the actual player action," he said.

Lambo declined to further describe the simulated attack now underway, saying disclosure might spoil some of the game. Participants, as part of the drill, are provided access to replica news outlets, describing impact the public could notice from a cyber-attack, as if one were really underway (CNN, 2010).

Cyber Terror Drills 
Name: "Cyber Europe 2010"
Date: February 20-21, 2011
Agencies: ENISA (European Network and Information Security Agency plus 27 EU member states plus Iceland, Norway and Switzerland

Title: EU Carries Out First Cyberwarfare Simulation
November 5, 2010
Computer World

States across Europe have today carried out the region’s first ever cyber-attack ‘desk simulation’ designed to find weak spots in the way government organisations might behave if faced with the real thing.

Cyber Europe 2010 involves public-sector security organisations in the 27 EU member states plus Iceland, Norway and Switzerland in stress testing an imaginary scenario in which country after country faces growing disruption to its Internet infrastructure.

The thinking is that by involving government security agencies including national computer security incident response teams across Europe, it will test how countries interact with one another and whether key staff know who to contact in partner agencies in the event of problems.

Given the number of countries involved, it will also look at possible lurking language barriers and work out whether certain countries’ security response resources would cope in the event that channels such as the phone network are disrupted.

If it sounds grand, organisers ENISA (European Network and Information Security Agency) stressed that the scale and scope of the exercise was limited compared to high-profile exercises elsewhere in the world such as the US Department of Homeland Security’s recent Cyber Storm III.

The exercise was restricted to public agencies and would not involve private sector companies responsible for critical infrastructure, nor directly set out to test technical response and recovery.

One ENISA representative even described Cyber Europe II as having a “budget in the hundreds of Euros,” in an attempt to downplay its ambitions [this figure has been clarified as 100,000 Euros - Ed].

However, compared to US cyber-simulations, a European equivalent was always going to need a more limited first step to more advanced eventsin the future. Unlike the US, the EU and partner countries must grapple with co-ordinating around 30 different nations, each with its own cyber-security hierarchy.

The numbers involved in the exercise were put at 50 people in the Athens-based control centre plus another 80 around the continent in 70 organisations.

"This exercise to test Europe's preparedness against cyber threats is an important first step towards working together to combat potential online threats to essential infrastructure and ensuring citizens and businesses feel safe and secure online," said Neelie Kroes, formerly the EU Competition Commissioner but now vice president of the European Commission for the Digital Agenda.

Unofficially, the UK is seen as a lynchpin in EU cybersecurity efforts, which helps explain why on the day of the simulation Kroes visited the country’s Cyber Security Operations Centre (CSOC) with Security Minister, Baroness Pauline Neville-Jones.

The EU remains some way behind the US at conducting these sorts of simulations. Cyber Storm III, held at the end of September, was a large-scale technical test. This followed on from Cyber Storm II in April 2008, which is probably the most direct parallel to today's EU exercise.

ENISA will offer an initial report on Cyber Europe 2010 today, 5 November, with a more detailed analysis early next year (Computer World, 2010).

Cyber Terror Drills 
Name: Cyber Shockwave 
Date: February 20-21, 2011
Agency: DHS 

 CNN Broadcasts Major Cyber War Game Propaganda
 February 20, 2011
Source: Infowars 

AbstractCNN rolled out a slick propaganda presentation this evening. It is called “Cyber Shockwave” and it posits a cyber attack on the United States. 

CNN will air a two-hour production, We Were Warned: Cyber Shockwave, based upon exclusive television access to a national security cyber “war game” scenario. The simulated event was developed by The Bipartisan Policy Center and will debut Saturday, Feb. 20 and Sunday, Feb. 21 at 8pm, 11pm and 2am ET on CNN. The scenario was created by Fmr. CIA Director, General Michael Hayden (ret.) as well as the co-chairs of the 9/11 Commission, Fmr. Rep. Lee Hamilton (D-IN) and Fmr. Gov. Thomas Kean (R-NJ).

YouTube Video

The simulation includes the usual government insiders acting as government officials (no acting required — they are all former government officials) who have gathered in the “situation room” to confront a cyber attack shutting down telecommunications and the power grid on the east coast.

Additional participants who served various roles for the scenario are: Fmr. U.S. Secretary of Homeland Security Michael Chertoff, Fmr. Director of National Intelligence John Negroponte, Fmr. White House Homeland Security Advisor and CNN contributor Fran Townsend, Fmr. Director of Central Intelligence John McLaughlin, Fmr. U.S. Senator Bennett Johnston, Jr. (D-LA), Fmr. National Economic Council Director Stephen Friedman, Fmr. U.S. Deputy Attorney General Jamie Gorelick, Fmr. White House Press Secretary Joe Lockhart, Fmr. National Security Agency General Counsel Stewart Baker, and Gen. Charles Wald, USAF (Ret.), former Deputy Commander of the United States European Command.

How should the government deal with the threat? Federalize the National Guard to deal with unruly mobs freaking out over the loss of electricity. Nationalize utility companies so the NSA and the government get electricity. The participants also recommended new powers be granted to the president. Not surprisingly, they declared the president has the authority to take unprecedented action against the states and the private sector under the Constitution.

CNN and the participants agreed the slick propaganda presentation is aimed at the American people. will post video of the simulation when it becomes available.

Earlier in the week, a new computer virus infected almost 75,000 computers worldwide — including 10 U.S. government agencies — collecting login credentials from online financial, social networking sites and email systems and reporting back to hackers, according to the New York Daily News. The FBI, Department of State and Department of Homeland Security were notified. The attacks are attributed to “criminal hackers.”

On February 4, the House overwhelmingly passed The Cybersecurity Enhancement Act (H.R. 4061), a bill that requires the Obama administration to conduct an agency-by-agency assessment of cybersecurity workforce skills and establishes a scholarship program for undergraduate and graduate students who agree to work as cybersecurity specialists for the government after graduation, according to The New York Times. The bill represents yet another intrusion into the private sector by the Obama administration and Congress.

Rep. Michael McCaul, a Texas Democrat, says he is optimistic about the bill’s chances in the Senate. “When you’re talking about science and technology and national security,” said McCaul, “those are elements we should all be able to work together (on); Democrat, Republican, and that’s what we saw on the House floor,” McCaul told Homeland Seucirity Newswire (Infowars, 2011)

Cyber Terror Drills 
Name: Cyber Atlantic 2011
Date: November 3, 2011
Agency: United States & European Union

Title: EU And U.S. Hold Joint Cybersecurity Drill
 November 4, 2011
 Homeland Security News Wire

Abstract: On Thursday, the United States and the European Union held their first joint cybersecurity exercise in Brussels, Belgium.

The exercise, dubbed “Cyber Atlantic 2011,” was aimed at strengthening efforts to protect international critical infrastructures.

In particular the table-top exercise tested the ability of the two parties to defend against an attack based on advanced persistent threats as well as a staged attack on supervisory control and data acquisition systems (SCADA) in electric utilities.

These two issues have emerged as some of the most serious threats to critical infrastructure, especially attacks on SCADA systems, the consequences of which were clearly demonstrated with the Stuxnet virus when it caused physical damage to Iran’s Bushehr nuclear facility after infecting its control systems.

Meanwhile on numerous occasions hackers have proven their ability to infiltrate sensitive government and corporate networks, extract information, and publish classified information using advanced persistent threats.

More than twenty EU member states participated in the drill along with the European Commission, which helped direct efforts.

The exercise comes as the result of an EU- U.S. summit held last year in Lisbon that resulted in a joint commitment to cybersecurity. Following the meeting, the two parties held Cyber Europe 2010, a “stress test” exercise,” which the most recent drill drew upon.

“The involvement of the Commission, EU Member States and, of course, the US, in today’s exercise shows the high level of commitment we have to ensuring that we protect our digital infrastructures for the benefit of all citizens,” said Professor Udo Helmbrecht, the executive director of ENISA, which supports EU member states in organizing cybersecurity exercises and creating national cyberdefense plans (Homeland Security News Wire, 2011)

Cyber Terror Drills 
 Marketwide Exercise
Date: November 22, 2011
 Financial Services Authority, Bank of England 

Title: War Game Tests City Resilience To Cyberattack
Date: November 21, 2011
Financial Times

Abstract: What would happen to the City if it were hit by a cyberattack in the middle of the Olympics?

On Tuesday, thousands of people at 87 of London’s biggest banks, exchanges and other institutions are going to try to find out.

Led by the Financial Services Authority, they will be engaging in a war game that envisions two simultaneous problems: widespread travel disruptions and a major cyberattack. Starting at 8am, the FSA will send out bulletins explaining what has gone wrong and teams at each institution will try to respond. The scenarios could include a complete shutdown of the London Underground to the failure of the network of cash machines or a combination of the two.

Some banks have put as many as 70 people on alert, while smaller institutions are devoting only a handful to the FSA’s sixth “marketwide exercise”. The last two exercises, in 2006 and 2009, focused on a flu pandemic and severe weather disruptions respectively. This year’s version is tentatively pegged to market conditions on August 3, 2012, smack in the middle of London’s hosting of the Olympic games.

The FSA said: “The marketwide exercise is carried out to assess and improve the resilience of the financial services sector, during a major operational disruption and is an important part of planning for major disruptions. There are no ‘passes’ or ‘fails’ – the exercise is about firms assessing their business continuity systems and updating them where necessary and the authorities identifying areas for further attention.”

The FSA war games, which are run jointly with the Bank of England and the Treasury, are among the largest of any financial sector in the world, with more than 5,000 participants in 2008. They are designed to test business continuity plans at British financial institutions as well as the London outposts of large global firms.

While recent FSA war games focus on external disruptions, UK regulators have also run separate exercises looking at financial market woes. A 2004 version envisioned the withdrawal of foreign funding from banks like Northern Rock, a scenario that came uncomfortably close to predicting real events three years later.

The firms’ performances on the day and responses to a series of questionnaires over the next two weeks will be compiled into a report in January that will summarise the results and suggest changes that can be made to improve resilience. Previous war games have led to efforts to improve remote access for key bank employees as well as the gathering of more information on employee routes to work so firms have a better sense of who the absentees are likely to be (Financial Times, 2011)

Title: Communications Ministry Opts Out Of Cyber Attack Drill
Date: January 20, 2012

The Communications Ministry said Thursday that it will not participate in an upcoming drill simulating a large-scale cyber attack on Israel.

The drill, dubbed "Lights Out," was planned before the recent cyber attack on Israel. The drill is orchestrated by the Counter Terror Bureau (CTB) and the National Cyber Command (NCC).

NCC sources told Ynet that the Cyber Command expected all government bureaus to participate in the exercise and was vexed by the Communications Ministry's – perhaps the one ministry whose participation is vital to the drill – decision to the contrary.

The Communications Ministry said its personnel "lack the necessary expertise" to take part in the drill.

National Security Advisor Maj.-Gen. (Res.) Yaakov Amidror reportedly sent an angry letter to the Communications Ministry: "The ministry's director-general informed us that you will not be participating in the drill since you 'don't deal with emergencies.' I ask that you do, for a change, deal with emergencies and make participating in the drill your first act to that effect," he wrote.

"It is implausible that such an important ministry does not concern itself with emergency (readiness). Such obliviousness in the State of Israel equals burying one's head in the sand and is an invitation for disaster."

The Communications Ministry rejected the criticism: "Despite the fact that this is a very important issue, we lack the necessary expertise and personnel to effectively take part in the exercise. The future designated department whose formation we recommended will have a team of cyber specialists" (YnetNews, 2012)

Cyber Terror Drills 

 "Lights Out"
Date: January 25, 2012
 National Cyber Command (NCC) and the Counter Terror Bureau (CTB)

Title: NCC Holds First Cyber Terror Drill
Date: January 25, 2012

Israel will be holding its first official cyber emergency drill, starting Wednesday. The drill, dubbed "Lights Out," will span several days and aims to test readiness and contingencies vis-à-vis a wide-spread, multisource cyber terror attack on Israel's vital infrastructure systems.

The drill is orchestrated by National Cyber Command (NCC) and the Counter Terror Bureau (CTB), and according to Ynet's sources, it was planned prior to the recent strings of cyber attackson Israeli websites.

"Lights Out" will simulate a virtual assault on strategic infrastructure, in a manner which – were they to actually happen – could paralyze crucial systems to the point of effecting the public's day-to-day life.

The CTB explained that the drill is part of the routine readiness exercise scheduled for various official bodies year-round.

Security sources stressed that strategic systems, like those operated by 
Israel Electric Corp and the Water Authority for example, enjoy a high level of encryption and protection and are monitored by the Shin Bet against threats.

Meanwhile, the Communications Ministry said last week that it will not participate in the drill, citing its personnel lacked "the necessary expertise."In December, the interim report probing the mysterious October crash of various government systems, including some operated by the IDF, Mossad and Shin Bet, concluded that the systems were probably shut down as a result of an act of cyber terror.

"The premise must be that this was an attack, trying to 'test the system," a source privy to the investigation said (YnetNews, 2012)

Cyber Terror Drills 
Date: March 8, 2012
 DHS, FBI, White House

Title: Mock Cyber Attack On New York Used By Obama To Pitch Senate Bill
Date: March 8, 2012

The Obama administration simulated a cyber attack on New York City’s power supply in a Senate demonstration aimed at winning support for legislation to boost the nation’s computer defenses.

Senators from both parties gathered behind closed doors in the U.S. Capitol yesterday for the classified briefing attended by Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller and other administration officials.

Internet-service providers including AT&T Inc. and Comcast Corp. opposed new cybersecurity regulations at a House hearing. The companies said they prefer measures to improve voluntary sharing of information about cyber threats. 

The mock attack on the city during a summer heat wave was “very compelling,” said Senator Susan Collins, a Maine Republican who is co-sponsoring a cybersecurity bill supported by President Barack Obama. “It illustrated the problem and why legislation is desperately needed,” she said as she left the briefing.

U.S. lawmakers are debating cybersecurity legislation following assaults last year on companies including New York- based Citigroup Inc. (C), the third-largest U.S. bank by assets, and Bethesda, Maryland-based Lockheed Martin Corp. (LMT), the world’s largest defense company.

The attacks have increased concern that computer networks operated by U.S. banks, power grids and telecommunications companies may be vulnerable to hacking or viruses that may cause loss of life or inflict widespread economic harm.

The Obama administration is backing a Senate measure introduced on Feb. 14 by Collins and Senator Joe Lieberman, a Connecticut independent, that would direct the Homeland Security Department to set cybersecurity regulations for companies deemed critical to U.S. national and economic security.

Competing Bill
A competing Senate bill from eight Republicans including John McCain of Arizona and Kay Bailey Hutchison of Texas would avoid new rules while promoting information sharing through incentives such as protection from lawsuits. Representative Mary Bono Mack, a California Republican, is preparing to introduce similar legislation in the House.

Senator Roy Blunt, a Missouri Republican, called yesterday’s demonstration “helpful because it got a whole bunch of senators thinking about the same thing at the same time.” He said the exercise didn’t sway him to support either of the Senate bills.

After the briefing, Hutchison cited similarities in the two Senate measures while criticizing the “big new bureaucracy and regulatory scheme” in the Obama-backed legislation.

The simulated attack “was intended to provide all senators with an appreciation for new legislative authorities that could help the U.S. government prevent and more quickly respond to cyber attacks,” Caitlin Hayden, a White House spokeswoman, said in an e-mail after the briefing.

‘Disastrous’ Effects
A cyber attack leaving New York without power for a prolonged time could have “disastrous” effects, potentially severing communications, crashing life-saving medical equipment and destroying networks that run financial institutions, according to Lawrence Ponemon, chairman of the Ponemon Institute LLC, a research firm based in Traverse City, Michigan.

“I would project that you would have literally thousands of people dying,” Ponemon said in an interview. “A cyber attack on electrical grids that was sustained for three to four weeks would be like returning to the dark ages.”

A blackout that swept parts of North America in August 2003 left 50 million people in the dark for as long as four days. Hackers could cause blackouts “on the order of nine to 18 months” by disabling critical systems such as transformers, said Joe Weiss, managing director of Applied Control Solutions LLC, a Cupertino, California-based security consulting company.

“The dollars are incalculable,” Weiss said. The 2003 event, triggered when a power line touched tree branches in Ohio, caused losses of as much as $10 billion, according to a study by the U.S. and Canadian governments.

Internet Providers Object
Internet-service providers, including AT&T Inc. (T) and Comcast Corp. (CMCSA), opposed new cybersecurity regulations at a House hearing yesterday. The companies said they prefer measures to improve voluntary sharing of information about cyberthreats.

Government-imposed rules could impede innovation, the Internet providers said in testimony to a House Energy and Commerce subcommittee.

“Such requirements could have an unintended stifling effect on making real cybersecurity improvements,” Edward Amoroso, chief security officer for Dallas-based AT&T, said in testimony at the hearing. “Cyber adversaries are dynamic and increasingly sophisticated, and do not operate under a laboriously defined set of rules or processes.”

AT&T is the second-largest U.S. wireless carrier. Philadelphia-based Comcast, the leading U.S. cable provider, and Monroe, Louisiana-based CenturyLink Inc. (CTL) expressed similar views in their prepared testimony.

Senate Majority Leader Harry Reid, a Nevada Democrat, has said he wants to bring the Lieberman-Collins bill to the chamber’s floor for a vote as soon as possible, though he hasn’t given a date. The measure is co-sponsored by Democrats Jay Rockefeller of West Virginia andDianne Feinstein of California.

The Lieberman-Collins bill is S. 2105 and the McCain bill is S. 2151 (Bloomberg, 2012).

Title: Wall Street Goes To War With Hackers In Quantum Dawn 2 Simulation
Date: June 13, 2013

Abstract: Quantum Dawn 2 is coming to Wall Street.

No, it’s not a video game or a bad zombie movie; it’s a simulated cyber attack to prepare banks, brokerages and exchanges for what has become an ever-bigger risk to their earnings and operations.

Organized by the trade group SIFMA, Quantum Dawn 2  will take place on June 28 – a summer Friday that, with any luck, will be a relatively quiet day in the real markets.The drill involves not just big Wall Street firms like Citigroup and Bank of America, but the Department of Homeland Security, the Treasury Department, the Federal Reserve, the Securities and Exchange Commission, according to SIFMA officials.

“We go through a pretty rigorous scenario where we look at multiple threats being thrown out at the U.S. equity markets,” said Karl Schimmeck, vice president of financial services operations at SIFMA.

During the exercise, which runs from 9 a.m. to 2:30 p.m. in New York, participants will receive blasts of vague and confusing information about what appears to be a hacker attack on fake trading and information platforms that are not plugged into actual markets. The participants may see “latency,” or unusual slowness, in trading, or viruses trying to invade the systems. They will also have to call one another to figure out what’s going on.

Then the Quantum Dawn drill will pause to allow executives to make decisions: should they slow down trading? Use different routing mechanisms to exchanges to get orders filled but avoid threats? When the process begins again, it will fast forward in “warp speed” to a new situation later in the day where conditions have worsened or changed.

“Our SIFMA command center at some point will run an escalation process,” said Schimmeck, an ex-Marine. “Our members will say, ‘We think we see a threat out there, this is something multiple firms are dealing with.’ We will facilitate a conference call where we share what we know, have our regulators participate and see if we can understand a threat, deal with a threat and then do a shared analysis so that no one is working on their own.”

It’s a rare situation, he said, in which fierce rivals are not trying to get a competitive edge – they’re trying to help one another survive.

About 40 firms will participate in the operation, having paid fees of $1,000, $5,000 or $10,000 depending on the size of their revenue. Each firm must send three executives: one from business continuity, one from information security, another from operations whose job is to keep trading, settlement and clearance running during market crises. A firm called Cyber Strategies, which works with the Department of Homeland Security on cyber threats, will receive the fees for overseeing the exercise.

As Quantum Dawn 2’s name indicates, this isn’t the first time that Wall Street firms have done this kind of drill. In November 2011, SIFMA organized the first Quantum Dawn, which was perhaps an even more interesting simulation.

“For Quantum Dawn 1, there was a cyber attack coordinated with armed gunmen running around Lower Manhattan, trying to gain entry to the exchanges and really just try to blow things up,” said Schimmeck.

In that operation, participants were all in one central location at a conference table, comparing notes and making decisions as they learned about various threats. In Quantum Dawn 2, they will all be stationed at their own offices, communicating with one another through emails and phone calls as they do in real life. A SIFMA marketing document says this drill will try to instill “greater ‘uncertainty’ and ‘fog of war’ for all players.”

These drills have become more important for Wall Street as financial firms have faced more frequent and sophisticated attacks on their networks.  A couple of months ago, the FBI gave security clearances to dozens of bank executives to inform them about organized attacks against their systems.

Some attacks are evident, like distributed denial of service, or DDoS attacks, that shut down bank web sites or otherwise disrupt their operations. But even more nefarious are hidden bugs that hackers try to install into banks’ proprietary systems without them knowing, said Schimmeck. The hackers then lay in wait for vulnerable moments – like a natural disaster or market disruption – to attack.

One mystery about Quantum Dawn remains: who came up with the name, and what does it mean? Schimmeck, who joined SIFMA from Goldman Sachs after the project’s inception, said he gets asked all the time but has no idea (Reuters, 2013).