“A network of hacktivists known as The Void today threatened to unleash, and I’m quoting here, ‘a global day of extreme action against U.S. interests and organizations, both private and government-related’.” From here, the cybersecurity nightmare begins because fictitious hacktivists from The Void have a zero day and have threatened to attack America’s critical infrastructure. Don’t panic. This is a test. This is only a test in a FEMA cybersecurity exercise. The scenario in the National Level Exercise (NLE) comes along with three videos where Jeanne Meserve, a previous real-life CNN Homeland Security reporter, plays a fictional reporter for VNN News Network who starts off with, “Our lead story in business today is a cybersecurity scare of potentially global proportions.”
We’ve heard a great deal about America’s infrastructure being vulnerable both before Flame and after the New York Times said the USA and Israel created Stuxnet and cyberattacked Iran. Every year the Federal Emergency Management Agency (FEMA), under the DHS umbrella, sponsors a NLE that is a “congressionally mandated preparedness exercises designed to educate and prepare participants for potential catastrophic events.” Usually those nightmare catastrophic scenarios include some horrific natural disasters that affect the entire USA like a tsunami and earthquake. This year, however, for the first time the recent FEMA NLE was cyber-centric focused.
America’s fictional cyberattack scenario gets much darker to equal a catastrophic cyber version of getting hit with a tsunami and earthquake. You can download the “National Level Exercise Self-directed Tabletop 2012 – Cyber” at FEMA. It includes a PowerPoint presentation, facilitator notes, the “script” of the cyber nightmare scenario and three “VNN” videos. I encourage you to watch all the videos and to see what you, your company, our nation would do in such a cybersecurity emergency situation. You might also consider the “hot wash” discussion.
From the Facilitator’s notes [PDF]:
Just to quickly pull it all together for everyone, we’ve been at this for about eight weeks now. It all started with a general threat warning issued by The Void, saying that they’d be attacking U.S. interests with ‘zero day’ attacks. Then, we at Worldwide Global, Inc. conducted a security audit that uncovered a terminated employee with system access. A week later, an employee found a USB drive in the parking garage and proceeded to use it. Unbeknownst to the employee, the USB drive was used by The Void to create a backdoor into our networks.
Things started to fall apart from here, as our employees started receiving and opening phishing emails from The Void; the database server crashed resulting in a slow network and slow productivity; several attempts to illegally transfer our money were made; and false invoices were distributed to a number of our global clients. And it didn’t stop there. To add insult to injury, the hackers sent an email indicating that the company’s network had been infiltrated and various components taken over; threatened to cripple the company’s network and expose proprietary company data unless they received $1 million; and, finally, brought our website down, crippling our ability to communicate with each other and our customers.
Thankfully, through close collaboration with law enforcement and security consultants, we were able to stop the attack, but not before it caused significant damage to our business, in the form of layoffs, profit losses, and our CEO’s resignation.
In the attack’s aftermath, we are revamping our policies and procedures to mitigate future attacks and losses.
Public Intelligence had said, “The exercise will occur amidst a growing climate of panic in Washington regarding the state of U.S. cybersecurity.” That climate includes former FBI cybersecurity guru Shawn Henry saying American is losing the cyberwar and China has hacked every major US company. Interestingly enough, the cyberattack NLE seemed to fall in line with a previous DHS warning that hacktivists may point, click, and destroy industrial control systems. The Wall Street Journal reported even the NSA has warned that “Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.” Perhaps you recall when New York City went dark from a simulated cyberattack on the power grid? This week, DHS demonstrated another cyberattack “to help sway lawmakers to pass a cyber bill.”
The FBI, intelligence agencies, law enforcement and defense contractors have been burned a few times by AntiSec, LulzSec or Anonymous hackers, but according to the NLE package, the fictitious attackers, companies and experts depicted in this FEMA scenario are not supposed to represent any real entity.
When President Obama participated in the 2012 NLE, he “hosted a Cabinet meeting to discuss with his leadership team the time-sensitive decisions that would have to be made if a significant cyber event affected critical infrastructure systems.” The press release also mentioned, “As President Obama said in his State of the Union address, we need Congress to pass legislation to secure the nation from the growing danger of cyber threats, while safeguarding the privacy and civil liberties of our citizens. The American people expect their government to ensure the cybersecurity of the critical infrastructure upon which so much of our national security, economic well-being, and daily lives depend.”
FEMA will use the “key learnings and outcomes” from NLE 2012 “to revise our nation’s cyber security plans.”