DHS Cybersecurity: The Interactive Night-mare
The lead defender in protecting the critical infrastructure is the Department of Homeland Security, a collection of 23 agencies that began operations in January 2003.
By Todd Datz
April 01, 2004 — CSO — Consider the following scenario. Members of a terrorist organization announce one morning that they will shut down the Pacific Northwest electric power grid for six hours starting at 4 p.m.; they then do so. The same group then announces that it will disable the primary telecommunications trunk circuits between the U.S. East and West Coasts for a half day; they then do so, despite our best efforts to defend against them. Then, they threaten to bring down the air traffic control system supporting New York City, grounding all traffic and diverting inbound traffic; they then do so. Finally, they threaten to cripple e-commerce and credit card services for a week by using several hundred thousand stolen identities in millions of fraudulent transactions. Their list of actions is then posted in The New York Times, threatening further action if their demands are not met. Imagine the ensuing public panic and chaos.
Alarmist, perhaps? Far from it. The scenario is actually quoted from a letter sent by a group of concerned scientists to President Bush in February 2002. Signatories included O. Sami Saydjari, founder of the Cyber Defense Research Center; Matt Donlon, former director of the security and intelligence office at the Defense Advanced Research Projects Agency; and Robert T. Marsh, a retired Air Force general and former chairman of the President's Commission on Critical Infrastructure Protection. The scientists don't mince words about the cyberthreats facing the nation: "The critical infrastructure of the United States, including electric power, finance, telecommunications, health care, transportation, water, defense and the Internet, is highly vulnerable to cyberattack. Fast and resolute mitigating action is needed to avoid national disaster."
While the group's scenario was meant to grab attention, it also was grounded in reality. Each of the events depicted has happened (though not concurrently); some resulted from government-sponsored exercises, some from technical failures and some from actual cyberattacks. All could plausibly be triggered by a few knowledgeable people using some PCs and Internet access.
The cyberthreat to the nation's security and economy may not be as well understood to the general public as a dirty bomb or a vial of ricin in the wrong hands. But to experts in cybersecuritythose who know the vulnerabilities of the Internet and do daily combat with hackers, criminals and foreign governments trying to probe our critical infrastructure and military networksthe threat is vividly real. Indeed, the 54 scientists who signed the letter believe that a professionally coordinated cyberattack on the critical infrastructure could ravage not only the nation's economy (to the tune of hundreds of billions of dollars in damage) but also undermine public confidence in the government's ability to protect its citizens. In fact, although a cyberattack alone may lack the awful human destruction that can accompany a physical attack, because the systems controlling the critical infrastructure are often densely interconnected, such an attack could have more destructive and widespread consequences.