On April 19, 2007, the Congressional Subcommittee on Emerging Threats, Cybersecurity, Science and Technology, part of the Homeland Security Subcommittee, learned that systems at the Departments of Commerce and State were hacked in 2006. The Chief Information Office at the Department of Homeland Security, Scott Charbo, may lose his job as a result of "844 security-related incidents" that occurred at the DHS in 2005 and 2006 [Source: News.com]. Those incidents include classified e-mails sent over unsecured networks, personal computers used on government networks, installation of unapproved software, leaks of classified data and problems with viruses and unsecured firewalls. The DHS also received a "D" grade on its annual computer security report card, though that was up from the failing grades it received from 2003 through 2006. (The entire federal government scored a C-minus, up from a D-plus the year before.)
Because of these and other failures, the government is responding. The DHS now has an Assistant Secretary for Cyber Security and Telecommunications, Greg Garcia. In early February 2006, the U.S. government, along with 115 partners in five countries, conducted a set of cyber war games known as Cyber Storm. This large-scale simulation included major corporations, government agencies and security organizations. Cyber Storm served as a test of what would happen in the event of cyber attacks against important government, business and private Web sites. The faux attacks caused blackouts in 10 states, infected commercial software with viruses and caused important online banking networks to fail. The exercise dealt with defending against and responding to the attacks as well as managing misinformation that might be spread by the attackers themselves. Cyber Storm II is scheduled to occur sometime in 2008. Meanwhile, at Barksdale Air Force Base in Louisiana, 25,000 members of the military work on electronic warfare, network security and defending the country's Internet infrastructure.
In the event the U.S. is ever faced with a massive cyber attack, intelligence agencies, the Department of Defense, the military and the unit at Barksdale Air Force Base would likely be among the so-called "first responders." The US-CERT, the United States Computer Emergency Readiness team, would also play a major role. US-CERT was established in 2003 and is charged with protecting Internet infrastructure and defending against cyber attacks.
Next, we'll look at the possibility of a cyber attack in the United States.