U.S. holds cyberattack security drill on heels of harmful hacks


The moment a U.S. official pressed a computer key Tuesday, dozens of security experts who gathered in an underground control room girded themselves for a cyberattack — a drill meant to thwart the kinds of intrusions that have recently crippled health networks and retail giants.

The weeklong event run by the Homeland Security Department and hosted by the U.S. Secret Service is now a decade old. But officials say this week’s exercises are becoming more important as both the government and private sector have reeled from breaches of personal data.

More than 1,000 U.S. cybersecurity professionals are participating in — and testing how well they respond to — a mock attack, said Gregory Touhill, a Homeland Security Department deputy assistant secretary for cybersecurity protection. They’ll be working together for three days in Washington and across the nation.

Officials from five countries are also observing the exercise. The department would not disclose the countries involved.

Other participants include health companies, Internet service providers, telephone companies and retail organizations. The aim is to test human response and coordination, not necessarily the participants’ technical skills.

“Retail and health care have been in the headlines — and, frankly, in the crosshairs for a lot of criminals,” Touhill said. Household names like Target Corp., The Home Depot, UCLA Health Systems and Anthem Inc. have all faced recent cyberattacks that compromised millions of their customers’ data.

U.S. officials wouldn’t detail the attack scenarios unfolding this week because they said it would tip off the drill’s participants. But they said their event has one, overarching scenario, with roughly 1,000 smaller events — spurred by a phone call, an email or a news article — that could be indicators of an looming cyberattack.

Suzanne Spaulding, a top Homeland Security cyber official, said the “challenge is here and now.” She pointed to a “nightmare” scenario last December, in which hackers attacked the Ukrainian electrical grid and cut power to about a quarter-million people.

During previous U.S.-led tests, officials found what they called areas for improvement. Touhill said two areas from a previous tests are still being addressed, such as how security personnel share information effectively.

Secret Service Director Joseph Clancy described the event Tuesday as a way to stay one step ahead of criminals who’ve taken advantage of new and changing technology, and who have changed their own tactics.

“We’re looking to find the failure points, to raise the bar in every scenario,” Touhill said.

Recent attacks have also hammered the financial sector, in which a 2014 data breach at JPMorgan Chase affected more than 76 million households and 7 million small businesses. The bank said hackers may have stolen names, addresses, phone numbers and email addresses.

Meanwhile, U.S. officials told Congress last year the Office of Personnel Management didn’t take basic steps to secure their computer networks. That allowed Chinese-linked hackers to steal private information about nearly every federal employee, as well as detailed personal histories of millions who had security clearances.