Eligible Receiver was the first Information Warfare (IW) exercise in this country. Thirty-five people participated on the Red Team over 90 days using off-the-shelf technology and software. The scenario was a rogue state rejecting direct military confrontation with the United States, while seeking to attack vulnerable U.S. information systems. Some of the goals of the rogue state were to conceal the identity of the attackers and to delay or deny any U.S. ability to respond militarily. A number of cyber attacks (all simulated) were made against power and communications networks in Oahu, Los Angeles, Colorado Springs, St. Louis, Chicago, Detroit, Washington, D.C., Fayetteville, and Tampa.
Although reliable, unclassified results are hard to come by it is generally believed government and commercial sites were easily attacked and taken down. This exercise served as a wake-up call for many. Gen. Campbell, head of the Pentagon’s Joint Task Force — Computer Network Defense, wrote Eligible Receiver “clearly demonstrated our lack of preparation for a coordinated cyber and physical attack on our critical military and civilian infrastructure.” Then Pentagon spokesman Kenneth Bacon said, “Eligible Receiver was an important and revealing exercise that taught us that we must be better organized to deal with potential attacks against our computer systems and information infrastructure.” Senator John Kyl said in 1998:
- Well, [cyberterrorism is] surprisingly easy. It’s hard to quantify that in words, but there have been some exercises run recently. One that’s been in the media, called Eligible Receiver, demonstrated in real terms how vulnerable the transportation grid, the electricity grid, and others are to an attack by, literally, hackers — people using conventional equipment, no “spook” stuff in other words.