Tag

dod

Browsing

Military Times has an inside look at how the Pentagon is secretly preparing for cyber war through its Cyber Guard exercise:

The massive coordinated cyber attack began with rolling blackouts throughout the electrical grid stretching across the Midwest, leaving up to 10 million Americans’ homes without power and businesses unable to process credit and debit card purchases.

Then came the inexplicable malfunction at a large oil refinery in Port Arthur, Texas, which spewed an oil-slick five-miles wide along the gulf coast shoreline. The governors of Texas and Louisiana declared states of emergency. In southern California, the attack shut down several major ports by disabling hydraulic systems. Dozens of cargo ships were stranded off Los Angeles, unable to offload their stacks of truck-sized containers.

Attacks on the Defense Department’s networks threatened the systems that monitor North American airspace and the radars on which the U.S. military relies.

Total mayhem.

This fictitious scenario was laid out for nearly 1,000 military, government and private sector personnel here at this year’s Cyber Guard exercise, the nation’s largest test of its network defenses. Conducted over nine days in June, the event offered a disturbing look at the type of catastrophe that could unfold during what the government’s top officials call “cyber 9/11.”

DoD has a long way to go to adequately prepare to defend, and ultimately respond, to a major cyber attack consisting of these scenarios. Strategic hits to specific critical infrastructure areas would be catastrophic to the nation. These exercises are good practice, and help identify gaps in need of being shored up before an actual attack hits the country.

DoD announces “Hack the Pentagon” results and future cybersecurity plans:

The challenge – hosted by HackerOne, a Silicon Valley-based firm – was conducted on five public websites, which included defense.gov. It launched on April 18, and ran until May 12, with over 1,400 hackers, who completed registration and were invited to participate. Out of those who completed the registration, more than 250 submitted at least one vulnerability report. Among the contestants of the initiative, SECDEF gave an honorable mention to recent high-school graduate 18-year-old, David Dworkin and computer security researcher, Craig Arendt.

The purpose of the pilot program was to address the DoD’s defense in the digital world. “We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks,” says Secretary Carter. “What we didn’t fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference – hackers who want to help keep our people and nation safer.”

DoD should increase these bug bounty programs. Ultimately, allowing interested people to locate these types of vulnerability has two outcomes: it leads to increased DoD network strength, and allows white hat hacker types to refine their skills.