Simulated bioterror attack tests federal response
Fictional terrorists attempted to launch a biological attack on a fictional U.S. embassy Tuesday. But real-life technology companies helped thwart the invasion by linking their real-life communications networks, as officials from the Pentagon, the FBI, the CIA, the State Department and other federal agencies watched and took notes.
"These guys are really very computer literate, and they have the capability to launch major attacks on our communications infrastructure," George Webber, a contractor with Getronics Government Solutions, said of terrorist organizations like Al Qaeda. Getronics sponsored the seminar, which was designed to help companies and government agencies develop ways to protect their critical infrastructures against cyberattack.
Getronics, which provides the Defense Department and many other agencies with information security services, staged an elaborate simulation of how terrorists could use widely available technology to attack U.S. interests, and demonstrated how existing products and services could prevent such an attack.
The attack scenario involved a fictional virus called "gemstone," which a terrorist cell had released as an initial attack on the defensive military unit protecting the U.S. embassy in the fictional country of Timbuktu.
Reading from scripts and using several interconnected laptop computers, Getronics employees posing as military officials promptly notified Mount Granite, a fictional Defense installment in the United States. Using products such as General Dynamics' "Intrusion Vision" and Raytheon's "Silent Runner," Mount Granite officials tracked communications patterns and determined that the gemstone virus was linked to cryptic messages about "carat dust."
Mount Granite then used a secure e-mail network to contact the fictional equivalent of the FBI, which had intelligence indicating that "carat dust" was a biotoxin.
The FBI then contacted the fictional Centers for Disease Control and Prevention to determine vaccine availability and sent the fictional State Department a secure message to notify embassy officials. The FBI also set up a secure Web server "community of interest" to enable the various agencies to track the gemstone attack.
Thwarting the attacks required the agencies to share real-time information, which often proves complicated for real-life agencies because of barriers erected among agencies for security purposes. Agencies also use various authentication techniques, which must be synchronized in order for secure communications to be transmitted successfully.
For example, agencies use a variety of public key infrastructure (PKI) technologies for encrypting confidential messages. Webber said the interoperability of PKIs is crucial to bridging communications gaps among the agencies fighting terrorism. But he added that finding the right way to tie those PKI infrastructures together is a "big operational issue" facing the agencies.
The simulation successfully bridged those gaps and culminated in a "happy ending" when FBI field agents stopped the terrorist attack. But Webber warned that without such coordination, federal agencies remain at risk.
"The tragedy on Sept. 11 brought home how vulnerable we are right here in the United States," he said.