U.S. government conducts mock disaster drill

"Definitely a challenging scenario," said Scott C. Algeier, who runs a cyber-defense group for leading technology companies, the Information Technology Information Sharing and Analysis Center.

For the participants — including government officials from the United States, England, Canada, Australia and New Zealand and executives from leading technology and transportation companies — the mock disasters came fast and furious: Hacker break-ins at an airline; stolen commercial software blueprints; problems with satellite navigation systems; trouble with police radios in Montana; school closures in Washington, Miami and New York; computer failures at border checkpoints.

The incidents were divided among categories: computer attacks, physical attacks or psychological operations.

"We want to stress these players," said Jeffrey Wright, the former Cyber Storm director for the Homeland Security Department. "None of the players took 100 percent of the correct, right actions. If they had, we wouldn't have done our job as planners."

How did they do? Reviews were mixed. Companies and governments worked successfully in some cases.

But key players didn't understand the role of the premier U.S. organization responsible for fending off major cyber attacks, called the National Cyber Response Coordination Group, and it didn't have enough technical experts.

The sheer number of mock attacks complicated defensive efforts.

The little-known Cyber Response group, headed by the departments of Justice and Homeland Security, represents the largest U.S. government departments — including law enforcement and intelligence agencies — and is the principal organization for responding to cyber attacks and recovering from them.

The exercise had no impact on the real Internet. Officials said they were careful to simulate attacks using only isolated computers, working from basement offices at the Secret Service's headquarters in downtown Washington.

However, the government's files hint at a tantalizing mystery: In the middle of the war game, someone quietly attacked the very computers used to conduct the exercise. Perplexed organizers traced the incident to overzealous players and sent everyone an urgent e-mail marked "IMPORTANT!" reminding them not to probe or attack the game computers.

"Any time you get a group of (information technology) experts together, there's always a desire, 'Let's show them what we can do,'" said George Foresman, a former senior Homeland Security official who oversaw Cyber Storm. "Whether its intent was embarrassment or a prank, we had to temper the enthusiasm of the players."

MORE FROM SECURITY

Security Section Front

Was Palin's SSN published on the Web? Facebook to test N.J.'s Web safety icon French issue call to storm 'electronic Bastille' A new way to 'spy' on neighbors? 'Net ad targeting may lose to privacy concerns Phone companies plan backups for Gustav Tips for staying connected in disasters iPhone security flaw exposes private data A new way to avoid bogus Web sites 'Forgot your password?' may be weakest link Security Section Front   Add Security headlines to your news reader: