Experts inside government and the Institute for Security Technology Studies at Dartmouth College are still formally evaluating results of the so-called "Livewire" exercise, carried out over five days late in October. It simulated physical and computer attacks on banks, power companies and the oil and gas industry, among others.
"There were some gaps," said Amit Yoran, the newly hired chief of the agency's National Cyber-Security Division. "The information flow between various sectors was not as smooth as we would perhaps have liked." He assessed government's performance as "certainly a B+, better than my personal expectations."
Yoran said mock attacks during the exercise tried to broadly disrupt services and communications across major industrial sectors, enough to make consumers to lose economic confidence. It modeled bombings at communications facilities outside Washington and cyberattacks aimed at companies and other networks.
Even before the Sept. 11, 2001, terror attacks, the government organized its cyber-protection efforts around early-warning centers operated separately by banks, water utilities, technology companies and the electric industry.
But critics have long pointed to problems with the ways that these centers exchange information with each other, making it far more difficult for banks to describe their internal problems with a power utility than with other financial institutions that also may be under attack.
Yoran said that in some cases, the exercise exposed problems as simple as uncertainty about which companies and industries can be contacted in the middle of the night with urgent information about an ongoing attack; most mock failures occurred during the day.
In some cases, victim companies weren't told explicitly about an attack; organizers might send them clues, such as e-mails purportedly from customers who mysteriously couldn't access their bank accounts.
Yoran said the exercise affirmed that troublesome interdependencies exist throughout the nation's most important systems. A broad power outage could also bring down key telephone or computer networks, disrupting repair efforts.
Homeland Security officials said it was the first large-scale exercise carried out with the agency. Officials at the National Security Council and departments of Defense and Treasury also were involved.