Booz Allen “Cyber-War” Simulation Gives Leaders Taste of Real Thing

Cyber attack simulation demonstrated the need for a new way of thinking about cyber security that focuses on a megacommunity approach.

A massive cyber attack on America spreads through government and industry, taking down telecommunications and damaging financial Web sites. Air travel is disrupted, and passengers are stranded at airports across the country.

Leaders of government, business and public institutions need to collaborate, but communication breaks down amid mutual distrust. And the crisis worsens…

That scenario played out in Washington during a first-of-its-kind “cyber attack” simulation designed and executed by Booz Allen Hamilton in partnership with Business Executives for National Security (BENS), which sponsored the event.

“The No. 1 insight was, we need to talk to each other,” says Andy Singer, a Booz Allen principal. The December event, Cyber Strategic Inquiry 2008, vividly demonstrated the need for a new way of thinking about cyber security that focuses on a “megacommunity™” approach, he says. In a megacommunity, government, business and civil society collaborate, rather than compete, to advance shared vital interests.

Andy Singer

More than 230 senior government officials, business executives, members of academia and others took part in the simulation. They formed teams representing various government agencies, industry sectors and the public, and were asked to respond to the cyber attack. The exercise immersed the participants in the scenario, and simulated what might happen.

Booz Allen, which has been in the forefront of thought leadership on cyber security, conducted the simulation to help find ways leaders can work together to protect the country from cyber threats. Many experts increasingly fear that terrorists, organized criminals, hackers and even nation-states have an ever-increasing ability to launch cyber attacks that could harm national security, the financial system, and public and private infrastructures.

In a keynote speech at the exercise, Michael Chertoff, secretary of the Department of Homeland Security, warned that cyber threats to America are growing, and he called for a new model of collaboration between government, business and the public.

Singer says the simulation “really captured the imagination” of those who took part. “Rather than being just a symposium or a conference, it ended up being a learning event,” he says. “It was a rare occasion that gave the participants a moment where they could really think things through.”

A key challenge, he says, was to create a very believable scenario, one that would require the leaders to make the same kinds of decisions they would face had the cyber attack been real. Participants said afterward they gained invaluable knowledge.

“People walked away saying, ‘I’m empowered to do something about this, and there are people I can work with,’ ” says Singer.  That was one of the goals of Cyber Strategic Inquiry 2008, he says. “It takes it out of the textbooks and articles and makes people experience it. It takes us from believing to knowing.”

The simulation created a “playbook” that points the way for government, business and civil society to unite against cyber threats, he says. “The findings themselves won’t be groundbreakers, but putting them together provides a coherency and comprehensiveness.”

Says Singer, “It’s not about solving the problem. It’s about what needs to be solved, and what are some of the possibilities to solve it.”

story posted January 27, 2009

Additional Information

• Listen to a January 30, 2009, Federal News Radio interview with Senior Vice President Mark Gerencser about a two-day cyber attack simulation held in Washington, DC.