On April 12, the Atlantic Council and Science Applications International Corporation (SAIC) hosted the second scenario-driven, interactive conference to discuss the day-after response to a cyber incident.

This event, “The Cyber 9/12 Project: Cyber Statecraft after Catastrophes,” brought together experts from sectors such as government, finance, telecommunications, and media to discuss the decision-making process in light of a serious cyber security breach.

The event began by establishing a hypothetical scenario in which a DDoS attack has been launched on the US finance sector by proxy groups linked to Iran. Director of the Atlantic Council Cyber Statecraft Initiative Jason Healey then led a panel of experts in a discussion of how various private enterprises would respond to this attack, and whether the US government or military would need to have a role in determining a suitable response.

As the scenario developed, experts were informed of Iran’s increasing hostilities towards US institutions, as well as the political context for further attacks by patriotic hackers. Eventually the scenario evolved into a full blown cyber attack on the institution that runs the root DNS servers of the Internet, which rendered entire sections of cyberspace unreachable. This was followed by an additional attack resulting in increased mistrust about financial transactions within the US.

All the while, panelists sought to answer several important questions about which sectors of society would be responsible for dynamically securing US computer networks. Experts were forced to focus on key priorities and sector-specific concerns during a major cyber attack against the United States.

The event was livestreamed, and questions were accepted from social media throughout the scenario. Panelists and observers responded to these questions, generating an interactive discussion between the experts and audience members. The event garnered a wide following on Twitter with over 1.7 million impressions.

The goal of the event was to encourage greater dialogue about the intricate decision-making process various sectors must face during a serious cyber conflict, and shine light on the need for greater conversation on how to respond to cyber security issues. By bringing together panelists from different backgrounds, this event provided a model for how collaboration might take place during a high-stress attack, and suitable responses might be developed.

The Atlantic Council is also hosting a related event, the Cyber 9/12 Student Challenge, which is the only student competition devoted to high-level policy recommendations for day-after responses to a major cyber incident. This competition will promote awareness of cybersecurity policy issues while providing students and experts an opportunity to network and develop new ideas on the future of cybersecurity policy.

“The Cyber 9/12 Project” is an annual event and will be hosted again in 2014.

Friday, April 12, 2013

The Knight Studio at the Newseum
555 Pennsylvania Ave., NW
Washington, DC

8:00 a.m. – 1:30 p.m.

8:00 a.m.Registration and Breakfast

  • Frederick Kempe, President and CEO, Atlantic Council
  • Remarks by John Thomas, Acting President National Security Sector, SAIC
8:50Description of Events and Intro of Speakers and Observers
9:00 Cyber Scenario Injects 1 and 2

  • Moderated by Jason Healey, Director, Cyber Statecraft Initiative, Atlantic Council
10:25Discussion with Observers and Social Media Responses
11:00 Cyber Scenario Injects 3 and 4

  • Moderated by Jason Healey, Director, Cyber Statecraft Initiative, Atlantic Council
12:30 p.m.Discussion with Observers and Social Media Responses
1:00Lessons Learned and Concluding Remarks

  • Remarks by Deborah Lee James, President, Technical and Engineering Sector, Government Solutions Group, SAIC

Media Mentions

This conference is generously sponsored by SAIC.

Related Experts: Jason Healey