http://www.defenseone.com/technology/2014/05/were-saved-experts-show-how-fix-us-cybersecurity/83734/
By Patrick Tucker
Defense One
May 4, 2014
The date is April 4, 2015. A major cyberattack hits two generators in
Florida, knocking out power in the cities of Coral Springs and St.
Augustine, leading to multiple deaths and millions of dollars lost. One
month later, Congress has to get a bill to the president to fix the
vulnerability. But political gridlock, media histrionics and aggressive
lobbying from industry makes passage of a bill far from certain. With this
as their background, 350 members of the Truman National Security Project
ran a massive simulation on Saturday to see if the United States was
capable of passing legislation to fix the nation’s cyber vulnerabilities
in the aftermath of a national crisis.
In a few rooms at the Washington Plaza hotel, the simulation played out
dramatically over the course of four hours. The feel was Washington, D.C.,
at hyper-speed. Five minutes into the experiment, a poll revealed the
president’s approval rating falling to 35 percent, with the public
trusting Republicans more than Democrats to handle cybersecurity. Rumors
about the origin of the attack moved in whispers. Within ten minutes,
business interests sought full liability protection for American utility
companies and software providers. Players’ phones buzzed with push
notifications from dueling press releases, news reports and polls, adding
a realistic urgency to the action.
The exercise represented something of a first in size and scope for
legislative simulations, with players drawn from Hill staff, the
cybersecurity field, and the military. In theory, it showed that Congress
and the White House are capable of passing a cybersecurity bill with
mandatory standards for industry.
Matt Rhoades, director of the cyberspace and security program at Truman
and the designer of the experiment, described it as an acid test to reveal
the effectiveness of the White House’s recent Cybersecurity Framework,
released in February. The framework is a set of practices and guidelines
for utility companies, software designers and cybersecurity players to
protect the nation’s critical infrastructure from attack.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
