Foreign Policy Blogs

Liveblogging "Cyber Shockwave"

cybershockwaveI’m watching CNN’s coverage of the Cyber Shockwave simulated massive hack attack and will be attempting to liveblog my first event.

8:00 – Beer ready. Logged in to the blog. Let’s roll.

8:05 – Widespread uncertainty. Cellphones hacked. What’s going on?

Situation appears to be a breaking story of a cyber attack over America’s smartphones via a trojan horse malware program.

Michael Chertoff does not make a particularly credible National Security Advisor.

A video of China’s Red Army is displayed on compromised phones. Great example of how anything you see can not be trusted. Seeing the video because the PLA is proud of their work? Or because someone is diverting attention?

8:09 – Did “Secretary of State” Negroponte just mention that they were getting a bunch of information via their telegraph system?

8:10 – Commercial break. Had I been planning ahead I would have figured out a CNN special coverage drinking game. Next time, people.

8:13 – Big upsurge in identity theft. How do they know that identity theft is up within a 10 minute window?

8:13  – Chertoff asks about legal perspective. Can the feds quarantine people’s cellphones? They say no.

8:14 – The beer, by the way, is a Bell’s Two-Hearted. Excellent.

8:14 – Bureaucratic infighting. This is doubtless pretty valid for an actual crisis situation. Speaking of which, RIP, Al Haig.

8:15 – Discussions of Cybercommand. Can they deploy? Should the President declare that the US is under attack? Should the POTUS declare a major crisis, or avoid scaring people?

8:17 – This does not make very compelling TV.

8:18 – Commercial break. I hope to see the Old Spice ad live.

8:22 – Interesting that they’re picking cell phones as the attack vector. Somehow these are now attacking the world. The method is unclear; we haven’t heard a thing about what’s going on – but the phones may somehow be causing financial issues.

8:23 – And somehow shutting off the phones – ALL phones – will help things.

8:24 – The principles at the NSC say they have “only hours” in which to figure this out. Generally speaking, one of the big issues with cyber attacks is that they are basically instantaneous. Why things are going to play out “over hours” is unclear.

8:25 – Back to the PLA video. Is it because it’s from China? Is it from someone else trying to blame China? Is it China, putting their video up, knowing that because we assume it’s false attribution we will not blame China? Clearly, I can not chose the wine in front of you.

8:27 – Origins traced to Russian city of Iruktusk. I thought it was just a fictitious province in Risk.

8:28 – Roh-roh. The virus thing has synced from phones to computer. How? HOW!!!! Apparently the Intertubes are now clogged with the aftermath of the virus. Emails taking hours.

8:28 – People angry. Flights grounded. Trains grounded. Middle school students grounded.

8:29 – More commercials. Huh. Well, so far I find CyberShockwave shockingly disappointing. They don’t provide any plausible explanation for how this is all happening.

Here’s what we know:

  1. The virus was planted on smartphones via trojan horse software. Very plausible, even with the fascist Apple vetting process.

8:32 – Shoot, we’re back on. How does one liveblog a state of the union?

OK, now the grid is threatened. HOW?

8:34 – Realize they are about to lose a lot of communication channels. A good point – if something is really able to bring down a big swath of the Internet, then it becomes increasingly possible to handle command and control.

8:35 – OK, now they don’t know it’s coming from Russia. So they don’t want to counterattack – which is a valid point. Offense-as-best-defense doesn’t really matter when you don’t know who to hit.

8:36 – The AG says that the Prez has gone ahead without regard to the law in the past. So he should go ahead and do whatever he wants. Goody.

8:38 – The principles are wondering what’s going on around the world. Well, we still don’t know. Negroponte makes a good point – as they’re communicating with other countries, US officials are warning them not to try any funny business.

8:39 – CNN keeps flashing up things saying “This is a simulation.” Regrettably this is not nearly as scary as Martians invading.

8:43 – Wow, Toyota has an “I’m sorry our cars are killing you” add. This is an interesting example of the risks of a computerized world – if there’s a software bug in, say, your accelerator, you can have problems.

8:45 – Principles getting feisty. Wanna go on the counterattack. How far can they go? But who’s the real target? Self defense is clearly justifiable – but against who?

They talk about “other steps” rather than counter-attacking with cyberwarfare. If the US was genuinely convinced a serious attack was underway and they were certain of the origin, they’d retaliate with something a bit more significant.

8:45 – Still fumbling about attribution. Asking for Russian support on investigating these Russian servers. If there were actually genuine servers hanging out there someplace causing problems originating from certain networks, you can be sure as hell that that network – including all of Russia – would simply be cut off from the US.

8:50 – Analogizing nuclear war and counterattacking a computer server. I don’t think they’re quite comparable.

8:52 – Implementor of Trojaned software is from Sudan. And the Russians deny any involvement – and that their servers are not involved.

8:53 – This whole scenario seems to be  a great example of how no one understands cyberwarfare. Including the fake principals involved.

8:54 – Weird. They’re concerned with getting a snatch team into Sudan to jump and kidnap the suspect to see his computer. Meanwhile, of course, apparently the world is melting around our ears – and they want to send someone to Khartoum to get computers?

Oh great. A bunch of the Eastern Seaboard is offline.

8:57 – Boy, a lot of Cialis commercials. Yawn. This is pretty dull.

Why is the power grid going down? How does it have anything to do with the smart phones? Why, if there is an attack vector on the power grid, does it have anything to do Area Man’s cellphones? If it’s accessible from the Internet, why not go direct there? If it’s a spearphishing attack on a VIP in the energy sector, that doesn’t mean hitting everyone.

9:00 – Damn, DC is out of power. I guess I’ll have to sign off.

Oh wait, Wolf Blitzer just reminded me that this is fake.

OK, in FakeLand the White House is out of power. I’m sure they don’t have a backup power generator for their anti-aircraft missile batteries.

9:05 – Catching up on my other favorite blogs. This is getting dull as the principals are babbling about the state of the power grid. The trading systems are offline – but why? Did the hackers have something that jumped into the stock exchanges? How? We don’t know.

9:07 – Commercial analysis. This CyberShockwave is classic CyberFearmongering. Things that have computers attached are being taken offline with Dire Results. Not very plausible to me.

9:10 – Fortunately since this is a two-hour window they actually are forced to move along quickly – which is pretty valid for an actual hack. If the Bad Guys(tm) had figured out how to jump from cellphones to the stock exchanges and the power grid, it’d be done in milliseconds, not over a period of hours.

Cyber is tough. You don’t have time to watch the troops pouring in. It just happens, boom. If you’re lucky, you find out about it afterwards.

9:14 – Federalizing the National Guard. Not sure why.

9:15 – Well put, Sec. of Energy. The physical infrastucture is not damaged. It’ll be back up in a couple days. It happens. Unless the Red Army is coming across the border at the same time that the power goes down, it’s a nuisance, not the end of the world.

9:20 – These guys ain’t actors. They are having trouble keeping a straight face sometimes.

9:23 – Oooh! Does the President have the power to nationalize the power companies? Hells no!

9:25 – Of course, generally the private sector doesn’t mind playing along if they are asked about something touching on national security.

Haha, fake Attorney General! I beat you to the Truman Steel Seizure reference.

9:30 – Commercials. Well, the general confusion of policymakers seems valid. Weaknesses in the power grid seem valid. Inability to attribute seems valid. Confusion about what the Prez should say seems valid.

9:32 – WTF is the national guard going to do? Apparently policymakers think they will defend against some sort of outside attack.

9:35 – Wow, CNN’s search page will not find results for Cyber Shockwave. Self-aggrandizement fail.

9:37 – Discussing issues of requiring security of personal systems – an obligation to protect one’s own computer – versus whether authoritarians around the world will pounce on such regulation as a sign that governments should stop the Freedom to Connect.

9:43 – Tuning out. Dull.

9:45 – Hmm, that’s interesting. OK. So app providers and ISPs are legally responsible for confirming their stuff is safe. Good luck with that.

9:46 – OK, so this is cyberterror. I’m not too scared.

9:47 – Nat’l Security Advisor’s takeaway:

  1. This is a long-term problem that will be with us for a long time. True.
  2. There is no real difference between overseas and domestic attacks – and that it is difficult to fit with in the US policing vs. warfighting capability. True.
  3. The Prez should do whatever is needed and that then later Congress will rubber-stamp. Erm, true, but very scary.

9:48 – OK, they’re done. Thank God.

9:49 – Commercials! Pristiq can cause increased risk of suicide. Antidepressant Fail.

9:53 – Commentary!

The principals still don’t know who caused it. They think it’s not likely to be a nation-state – because the US would massively retaliate if we caught them. Absolutely true. Unfortunately, in an era of all kinds of patriotic hackers and criminals, plausible deniability is easy.

Wolf Blitzer is wondering if Al Qaeda has the ability to do something like this. Hrm.

OK, they’re not saying anything useful. Good night, moon.