The CIA is conducting a war game this week to simulate an unprecedented, Sept. 11-like electronic assault against the United States.
The three-day exercise, known as “Silent Horizon,” is meant to test the ability of government and industry to respond to escalating Internet disruptions over many months, according to participants.
They spoke on condition of anonymity because the CIA asked them not to disclose details of the sensitive exercise taking place in Charlottesville, Va., about two hours southwest of Washington.
The simulated attacks were carried out five years in the future by a fictional new alliance of anti-American organizations that included anti-globalization hackers. The most serious damage was expected to be inflicted in the closing hours of the war game Thursday.
The national security simulation was significant because its premise – a devastating cyberattack that affects government and parts of the economy on the scale of the 2001 suicide hijackings – contradicts assurances by U.S. counterterrorism experts that such effects from a cyberattack are highly unlikely.
“You hear less and less about the digital Pearl Harbor,” said Dennis McGrath, who has helped run three similar exercises for the Institute for Security Technology Studies at Dartmouth College. “What people call cyberterrorism, it’s just not at the top of the list.”
The CIA’s little-known Information Operations Center, which evaluates threats to U.S. computer systems from foreign governments, criminal organizations and hackers, was running the war game. About 75 people, mostly from the CIA, along with other current and former U.S. officials, gathered in conference rooms and pretended to react to signs of mock computer attacks.
The government remains most concerned about terrorists using explosions, radiation and biological threats. FBI Director Robert Mueller warned earlier this year that terrorists increasingly are recruiting computer scientists but said most hackers “do not have the resources or motivation to attack the U.S. critical information infrastructures.”
The government’s most recent intelligence assessment of future threats through the year 2020 said cyberattacks are expected but terrorists “will continue to primarily employ conventional weapons.” Authorities have expressed concerns about terrorists combining physical attacks such as bombings with hacker attacks to disrupt rescue efforts, known as hybrid or “swarming” attacks.
“One of the things the intelligence community was accused of was a lack of imagination,” said Dorothy Denning of the Naval Postgraduate School, an expert on Internet threats who was invited by the CIA to participate but declined. “You want to think about not just what you think may affect you but about scenarios that might seem unlikely.”
An earlier cyberterrorism exercise called “Livewire” for the Homeland Security Department and other federal agencies concluded there were serious questions over government’s role during a cyberattack depending on who was identified as the culprit – terrorists, a foreign government or bored teenagers.
It also questioned whether the U.S. government would be able to detect the early stages of such an attack without significant help from private technology companies.