From 12.-14. November 2001, a "Cyber Terror Exercise" (CYTEX) was conducted at IABG in and the participant representatives included
- Federal Ministry of the Interior / German Information Security Agency, Federal Ministry of Economic Affairs, Federal Ministry of Defence / Federal Office of Defence Technology and PBWB
- the Federal Academy for Security Policy
- der DFS, DB (transport)
- the police, and Technical Assistance Organisation
- an energy facility (E.ON)
- TÜV (industrial safety agency)
- EADS as the representative of a major industry.
The scenario consisted of a concerted series of attacks, from within and from without, on the IT systems of those branches represented in the Greater Berlin area with the aim of an enormous blackmail effort against the Federal Government. With a team of over 40 participants, the branch crisis units were fed events on the basis of which they had to evaluate the situation and draw up counter-measures.
The assessment of the results will indeed take several weeks but two important insights can be seen at this stage:
Using this kind of attack on information systems, the whole infrastructure and thus public life, the functionality of the branches of industry affected and the political ability to act can be brought to a halt completely.
Gradually, telephone traffic, the transaction capacity of banks, energy facilities, road, rail and air traffic cease functioning. Large-scale events have to be cancelled, panic breaks out and economic damage caused which has yet to be quantified.
The second point demonstrated was that a high degree of cooperation between these infrastructures to master the scenario is essential. For this currently the necessary decisions by the Federal Government and as their consequences the organisational and material pre-requisites are being prepared.
Although this was a first-off experiment in Germany with this highly complex topic and these completely new methodological approaches, we can report a great success. There is of course much room for improvement but there were many constructive proposals put forward by the participants. Important customers such as BMI/BSI, BMWi, BMVg/BWB or Deutsche Telekom have announced further demand for such events also as part of the new anti-terrorism campaign set out by the Federal Government.
The initiative started over three years ago by IABG in founding the working group Schutz von Infrastrukturen (protection of infrastructures) – www.aksis.org – which continues to meet 2 a year with about 40 interested participants, has proven to be a correct decision. We shall introduce other forward-looking projects to this group.
As a result of the terrorist attacks in USA, immediate importance was attached to this meeting and there was widespread media interest. This was shown in numerous press releases and interviews.