recommended reading

DHS to use more simulations in infrastructure protection

The Homeland Security Department will rely more on simulations to test the integrity of critical infrastructure and key resources, according to a 175-page plan released last week. But one security specialist said the plan was thin on details.

DHS will increase coordination with the science and technology community on requirements for the "development, maintenance and application of modeling capabilities," according to the National Infrastructure Protection Plan released on Feb. 19.

The plan -- an update of a 2006 strategy -- emphasized the need to incorporate simulations into training at agencies such as the Coast Guard, which is responsible for overseeing protection of the maritime transportation sector.

DHS will provide guidance on the testing of commercially available software tools, and look for opportunities for public-private partnerships, the plan stated. The principal modeling, simulation, and analysis organization is the National Infrastructure Simulation and Analysis Center, located at the Sandia and Los Alamos National laboratories in New Mexico and operated by the DHS Office of Infrastructure Protection.

Alan Paller, director of research at the SANS Institute, a nonprofit cybersecurity research group in Bethesda, Md., said the strategy is too broad.

"The authors [of the plan] are unable to communicate anything specific that these simulations do, have done, or will do," Paller said.

Furthermore, "[DHS] provides no proof that what they are doing matters, and they provide no plan of action -- just a laundry list of coordination activities," he said. "It's a shame the nation invested anything in this [document]."

Some observers say past simulation exercises such as DHS' 2006 and 2008 Cyber Storm drills did not go far enough to mirror an actual cyberattack, but few disagree that such drills are critical for revealing potential vulnerabilities.

"There's a huge need for more simulation and modeling in cybersecurity, particularly as it concerns control systems and their nexus to the physical security of critical infrastructures like the electric grid, water purification and chemical manufacturing," said Gregory Garcia, who served as assistant secretary of cybersecurity and telecommunications at DHS under the Bush administration and opened his own information security consulting firm, Garcia Strategies, last month.

He cited as a valuable lesson the 2007 Aurora experiment, in which researchers at Idaho National Laboratory demonstrated they could hack into the programs that controlled a generator and manipulate settings so it would self-destruct. "Just a few thousand bytes of malicious code can tell a picture in a thousand words," he said.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.