Cyberterrorism expert Andy Cutts of Dartmouth's Institute for Security Technology Studies addressed the Dickey Center's War and Peace discussion panel Friday, briefing the group on Operation Livewire, a recent nationwide cyberterror simulation that tested America's preparedness in the event of a major cyber attack.
Cutts spoke specifically about the possibility of a sustained, campaign-level attack on the United States' computing networks, such as banking, law enforcement, energy and emergency response networks, by an unknown adversary. Because of the anonymous nature of cyberterrorism, he said, such an attack could come from virtually any source, including an enemy state or a small terrorist group.
"There have been examples of cyber attacks that have gone on for years, and the National Security Agency still does not know who is perpetrating them," Cutts said. "There are hundreds of thousands of computers in this country that are compromised."
When asked if there was any idea of who was controlling these computers, Cutts said there was not.
"In the event of a cyber attack," Cutts said, "the first question is who is in charge. Well, it's not clear."
The nation lacks an efficient means of relaying information to a single, central decision-making body in the event of a cyber attack. Because such an attack would span the jurisdictions of multiple government bodies at both state and federal levels, communication and decision-making would be problematic.
"Sometimes the more information you have, the worse off you are," Cutts said.
He added that through Operation Livewire, the federally-funded ISTS learned valuable lessons about how various agencies and entities respond to such attacks and that this information would help ISTS and other groups to correct the nation's vulnerabilities.
The simulation involved an East Coast state and city, a West Coast state and city, as well as various corporations in the telecommunications, trading, banking and energy sectors. Because participants were wary of sharing their networks and security vulnerabilities with an outside organization, Cutts said, allaying their security concerns was of the utmost importance.
"The important thing is that these simulations continue," Cutts said.
Cutts' background in security includes a nine-year career in naval intelligence, which included serving in the Intelligence Detachment at the Wargaming Department of the Naval War College. He also worked for years in the private sector, performing war-games simulations and vulnerability analyses at an engineering services firm.
Cutts was optimistic about the improvements in America's cyber security that can result from simulations such as Operation Livewire, though he acknowledged that the nation has a long way to go in preparing itself for cyberterrorism.
"To pry [responsibility for responding to a cyber attack] away from law enforcement and get it to the national security level is going to be really tough," Cutts said.
