The CIA is conducting a secretive war game, dubbed “Silent Horizon,” this week to practice defending against an electronic assault on the same scale as the Sept. 11 terrorism attacks.
The three-day exercise, ending Thursday, was meant to test the ability of government and industry to respond to escalating Internet disruptions over many months, according to participants. They spoke on condition of anonymity because the CIA asked them not to disclose details of the sensitive exercise taking place in Charlottesville, Va., about two hours southwest of Washington.
The simulated attacks were carried out five years in the future by a fictional alliance of anti-American organizations, including anti-globalization hackers. The most serious damage was expected to be inflicted in the war game’s closing hours.
The national security simulation was significant because its premise — a devastating cyberattack that affects government and parts of the economy with the same magnitude as the Sept. 11, 2001, suicide hijackings — contravenes assurances by U.S. counterterrorism experts that such far-reaching effects from a cyberattack are highly unlikely. Previous government simulations have modeled damage from cyberattacks more narrowly.
“You hear less and less about the digital Pearl Harbor,” said Dennis McGrath, who helped run three similar war games for the Institute for Security Technology Studies at Dartmouth College. “What people call cyberterrorism, it’s just not at the top of the list.”
The CIA’s little-known Information Operations Center, which evaluates threats to U.S. computer systems from foreign governments, criminal organizations and hackers, was running the war game. About 75 people, mostly from the CIA, gathered in conference rooms and reacted to signs of mock computer attacks.
FBI chief's warning
The government remains most concerned about terrorists using explosions, radiation and biological threats. FBI Director Robert Mueller warned earlier this year that terrorists increasingly are recruiting computer scientists but said most hackers “do not have the resources or motivation to attack the U.S. critical information infrastructures.”
The government’s most recent intelligence assessment of future threats through the year 2020 said cyberattacks are expected, but terrorists “will continue to primarily employ conventional weapons.” Authorities have expressed concerns about terrorists combining physical attacks, such as bombings, with hacker attacks to disrupt communications or rescue efforts.
“One of the things the intelligence community was accused of was a lack of imagination,” said Dorothy Denning of the Naval Postgraduate School, an expert on Internet threats who was invited by the CIA to participate but declined. “You want to think about not just what you think may affect you but about scenarios that might seem unlikely.”
“Livewire,” an earlier cyberterrorism exercise for the Homeland Security Department and other federal agencies, concluded there were serious questions about government’s role during a cyberattack, depending on who was identified as the culprit — terrorists, a foreign government or bored teenagers.
It also questioned whether the U.S. government would be able to detect the early stages of such an attack without significant help from private technology companies.