Simulation: what if digital WMDs attack America?

"An economic extinction-level event"
August 11, 2012

(Credit: stock image)

What would happen if terrorists or an enemy nation got their hands on digital weapons of mass disruption — like Stuxnet, Flame, or the newly reported Gauss — and used them to attack America?

How would it impact our economy, our banking system, our transportation system? How would IT organizations respond? Could we, in fact, defend ourselves?

“Those were questions I recently set out to answer,” reports David Gewirtz for ZDNet Government. Over the course of three months, working with The Economist, he recruited an all-star team consisting of Roger Cressey, (former Director for Trans-national Threats on the National Security Council and Chief of Staff to the President’s Critical Infrastructure Protection Board), Richard Clarke (former Special Advisor to the President on cybersecurity), Robert Rodriguez (former U.S. Secret Service Presidential protection supervisor and Homeland Security advisor), crisis PR expert Brenda Christensen, and leading virus-threat expert Phil Owens.

They conducted a comprehensive simulation of such an attack, presented on June 6 at the Idea Economy: Information 2012 Summit in San Francisco.

The simulation began with three isolated events, three breakdowns in our transportation system. It then went deeper, looking at what would happen if an enemy could disrupt our overall transportation systems (specifically targeting older hardware and software), and how that could undermine trust and citizen confidence. The simulation then layered on additional threats. Next came a distributed denial of service attack against transportation Web sites and banks. Then came a coordinated cyberespionage attack, exploring what would happen if a worm could tunnel into our banking clearinghouse systems.

“There’s nothing that would stop a major attack today… If there is a significant attack, we lack any ability to deal with it, not because we don’t have the technology, but because we lack the political willpower, and because decisions have not been made to deal with it.” — Richard Clarke, former Special Advisor to the President on cybersecurity