Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] Secret cyber-terror test is now revealed,

Das war eine Stabsübung, wie sie auch in Deutschland schon mehrfach mit
Hilfe der IABG durchgeführt wurde. Man testet dabei nicht die
technischen Aspekte, sondern die Reaktionen der Behördenmitarbeiter:
"What is known about the test conducted in Robstown is that employees
at the exercise were given no warning about the simulation, and no clear
indications as to what might be causing the mock power outage, Fabro
They were given a series of false data sets about the company's
delivery system, real and fictional news about international, national
local events, and asked to respond."


Secret cyber-terror test is now revealed
State paid firm for fake attack on power grid

By Janell Ross 
Corpus Christi Caller Times
January 20, 2004

A mock cyber-terrorist attack temporarily took over the flow of
in a large section of northwest Nueces County late last year but only
public this month. 

Tension between the public's right to know and the shared
interest in national security has taken local meaning in the days since
simulation was revealed by the private company that was paid by the
Department of Information Resources to conduct the test. 
On Sept. 16, 2003, those involved in the drill pretended that traffic
along with power in large retail facilities and homes on either side of
Farm-to-Market Road 624 were out. There were no lines down, no storms in
area and the Robstown offices of the company that delivers power to much
the area, the Nueces Electric Cooperative, had not been physically
or invaded. 

How should electric cooperative, state and federal officials react to

That was the problem more than 30 Nueces Electric employees faced during
test, said Mel Mireles, director of enterprise operations for the
of Information Resources. 

That is also the question that Mireles and other officials involved in
September simulation have declined to answer publicly. A report
the vulnerabilities and strengths in the software system and employee
network that controls Nueces Electric Cooperative's power delivery grid
be released to the company some time this month, Mireles said. 

The results of the test will not be made public because of the detailed
information that it will contain about the way that the company's
employees and equipment work. 

"I think we can have quite a debate about whether the public is safer
things are secret," said Charles Davis, the executive director of the
Freedom of Information Center at the University of Missouri School of

Davis said that documents much like this one are being withheld from the
public with increasing regularity. The post-Sept. 11 hope is that
will make the country safer and make its critical infrastructure less
vulnerable to sabotage or terrorism, Davis said. 

Disclosing specific lessons learned during the September exercise,
suggestions to the company about how to reduce the system's
vulnerability to
cyber attack, and changes the company needs to make would only increase
power grid's vulnerability, said Mark Fabro, chief security scientist
Virginia-based American Management Systems. 

"For all intents and purposes, this was like a war game," Fabro said. 

The Texas Department of Information Resources paid American Management
Systems $57,000 to design and conduct the Robstown simulation as a part
its efforts to identify vulnerabilities in the state's critical
infrastructure systems such as water, power, banking and transportation. 

"This was a detailed exercise dealing with highly sensitive information
about a part of the country's critical infrastructure," Fabro said.
are some things that cannot be revealed because of national security
concerns. But I assure you that these exercises are tremendously useful
tools. Tests allow us to evaluate vulnerabilities in a controlled

Although the test was paid for with public funds, the Department of
Information Resources' decision not to make the simulation results
may be covered under an exemption to the state's freedom of information
that passed the Texas Legislature in May 2003. 

The Legislature passed a homeland security bill that includes Freedom of
Information exemptions for a number of documents including information
regarding the assembly of weapons, encryption codesand documents
the technical details of vulnerabilities to critical infrastructure. The
exemptions apply only to information that is collected or maintained by
for a governmental entity for the purpose of preventing, detecting,
responding to, or investigating an act of terrorism. 

Davis said that the effectiveness of homeland security provisions that
restrict access to information is in the details. 

"The sort of instinctive response after Sept. 11 was 'close it and we
be safer,' " Davis said. "And there may be some cases where secrecy is
necessary. But we need also to be having conversations about the value

What is known about the test conducted in Robstown is that employees
at the exercise were given no warning about the simulation, and no clear
indications as to what might be causing the mock power outage, Fabro
They were given a series of false data sets about the company's
delivery system, real and fictional news about international, national
local events, and asked to respond. The exercise stretched over eight
and simulated the effects of a cyber-based attack. 

The Department of Information Resources commissioned the test because of
large role computer systems, software, the Internet and satellites play
controlling everything from the flow of water into homes to the ability
purchase gas at the pump without ever going inside a store, Mireles

"Convenience allows us to overlook how much technology really controls,"
Mireles said. "In truth, you can have guards, all kinds of security and
alarms at physical facilities. But, without cyber-protection, these
remain vulnerable." 

Robstown was selected for the test after an American Management Systems
analysis showed that the city had the type of physical facilities needed
a high-tech fire drill but lacked some of the infrastructure safeguards
in place in larger cities after Sept. 11. 

Fabro said that power or other system failures in one small city or area
could easily lead to the sort of cascading power failure that occurred
the northeastern United States in August. 

Nueces Electric Cooperative delivers power generated by the South Texas
Electric Cooperative to about 9,000 residential and commercial customers
eight South Texas counties. The electric cooperative's power delivery
network is part of a nationwide power grid. 

David Cotz, a director of research and development at the Institute for
Security Technology Studies at Dartmouth College, said the threat of
terrorism or infrastructure system sabotage is difficult to quantify but
does exist. 

In addition to the potential for system sabotage, the possibility of
equipment failure and human operator error make tests like the one
in Robstown more and more necessary, Cotz said. 

"The average person probably doesn't need to be worried about it," Cotz
said. "But it is essential that people who work in critical
begin to prepare themselves for the possibility." 

Companies of all kinds, particularly those involved in industries that
Department of Homeland Defense has earmarked critical infrastructure,
increasingly concerned about system and information security, Chris
said. O'Connor is the director of corporate security strategies for IBM. 

Davis said that in order for people to feel truly protected by events
as the September test, people need some sense of where the company's
stood and what sort of rating or assessment the company's system
from the Texas Department of Information Resources after the test. 

As it stands, only personal concern, professionalism and desire to
the company drives employees and officials of private companies to
vulnerabilities, Davis said. Public scrutiny can and should also play a
in homeland defense. 

This view of anti-terrorism activity is somewhat unpopular and leads
people to challenge his patriotism, Davis said. 

"It is the obligation of citizens to check on government and make sure
it is
effective," Davis said. "That is the job of a real patriot. There may be
legitimate need for some secrecy here. But blind deference to
imperils us all." 

Contact Janell Ross at 886-3758 or rossj -!
- caller -

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.