Editor’s note: In an excerpt from their new book, Cybersecurity and Cyberwar: What Everyone Needs to Know in Armed Forces Journal, co-authors Peter W. Singer and Allan Friedman explain why cybersecurity exercises and simulations are important. In a closed environment, network attackers and defenders can test vulnerabilities and tactics and better understand the effects of their plans.
Twice in six months sophisticated attackers were able to gain access to the production code that runs Facebook’s website, used by over a billion people around the world. The first time, a Facebook engineer’s computer was compromised by an unpatched zero-day exploit. This enabled the attacker to “push” their own malicious computer code into the “live build” that runs the website.
The second time, in early 2013, several engineers’ computers were compromised after visiting a website that launched a zero-day exploit on its victims. But this time, the attacker was unable to get inside sensitive systems and could cause no major damage.
The reason these two attacks caused such differing effects lies in their origin. The attackers in the first incident were actually part of a security training exercise in 2012, led by an independent “red team.” This preparation meant that when real attackers tried to harm Facebook in the second incident just a few months later, they weren’t able to do much at all.