After seeing the havoc raised by hackers last summer, in which they hit the PlayStation Network along with a variety of other targets, one thing became perfectly clear: the damage that hackers can do if sufficiently motivated in that direction can be immense. But the White House wanted to find out just how much damage they could do under the right circumstances, so they set up a simulated cyber attack to find out for themselves.
And the answer to the question, sadly, is we don't know, but likely a lot. The scenario itself was classified, so barring a Wikileaks-style release, we'll likely never know just how bad the damage was. Of course, given the fact that we know the circumstances under which the attack was launched, we have some idea. And given that Jay Rockefeller, the senator from West Virginia, declared the simulation “convincing”, we have a pretty good idea of just what happened.
The simulation itself called for a full cyber attack to be launched against New York City's power grid in the hottest part of summer. Given those conditions, it's not hard to see why Rockefeller went on to say that the simulation showed the dangers inherent in a lack of security in key systems can be.
After all, if you want to show the damage that a cyber attack can do, you don't shut down the power in Grover's Corners on a lovely spring day, ensuring that the town's lone stoplight doesn't work and all the milk in Effie's Diner spoils. Oh no, you kill refrigerators and air conditioning and water supplies on the hottest day of the year in one of America's biggest metropolitan areas. You kill the stock exchange, thousands of businesses, large chunks of media, and that's before the implications of the wider regional power grid come into play. The implications of such an attack, even knowing as little as we know, are staggering.
Considering that, at last report, the Senate is currently considering two different cyber security bills –one where cyber security standards for private companies are regulated by federal authorities and another where the government has no control over the standards – it does raise the possibility that someone wanted to put a scare into someone else. After all, the simulation in question went right for the metaphorical jugular and showed pretty much the worst-case scenario, so some might question the timing involved here.
Still though, the concept of a cyber attack, whether it's on your own computers, or computers that you use every day via a third party like the power grid, is certainly sufficiently dangerous to make paying attention – and preparing for the worst – a prudent and worthwhile strategy.