The Threat of Virtual War
Cyber war is a frightening reality, and as the Los Angeles Times reports today, the U.S. is vulnerable to attacks on its most crucial infrastructures controlled by computers. The story begins with a chilling anecdote:
When a large Southern California water system wanted to probe the vulnerabilities of its computer networks, it hired Los Angeles-based hacker Marc Maiffret to test them. His
team seized control of the equipment that added chemical treatments to drinking water — in one day.
The weak link: County employees had been logging into the network through their home computers, leaving a gaping security hole. Officials of the urban water system told Maiffret that with a few mouse clicks, he could have rendered the water undrinkable for millions of homes ...
The weaknesses that he found in California exist in crucial facilities nationwide, U.S. officials and private experts say.
The same industrial control systems Maiffret's team was able to commandeer also run electrical grids, pipelines, chemical plants and other infrastructure. Those systems, many designed without security in mind, are vulnerable to cyber attacks that have the potential to blow up city blocks, erase bank data, crash planes and cut power to large sections of the country.
The U.S. military's infrastructures are protected by the U.S. Cyber Command, "a group of 1,000 spies and hackers charged with preventing such intrusions...[and] responsible for mounting offensive cyber operations." But civilian infrastructures are mainly protected only by the initiative of individual companies, which cyber specialists say is a huge problem.
Some want to see the government ramp up cyber-security policies for water systems and electric utilities, and require Internet service providers to monitor traffic patterns and stop malware. The White House has promised to introduce cyber-security legislation this month, the article reports.
But experts say we're doomed for a "cyber Pearl Harbor."
"The odds are we'll wait for a catastrophic event," said Mike McConnell, former director of National Intelligence and cyber-security specialist, "and then overreact."
As a layman, I find this all terrifying and mind-boggling.
To our technology saavy contributors and members: is there any hope in our protection before a cyber catastrophe? Can private water, utility, and chemical companies initiate enough technological armor to ward off cyber hackers?
- Comment (6)
- · Quote
- · UnfollowFollow (1)
Comments :
Feb '11
Re: The Threat of Virtual War
One thing that would help: if employees really need access to these control systems from their home computers, then the connection should be made using private-networking technologies (viz MPLS) rather than via the Internet. This does not provide 100% protection, but it does make intrusion significantly more difficult. The added costs would not be very great.
(Of course, this wouldn't let someone run the water-treatment plant from Starbucks, but perhaps free home coffee machines and supplies as an employee benefit could make up for this)
Jun '10
Re: The Threat of Virtual War
Since computer systems continually get cheaper and less energy-consuming, you'd think they could at least build in some redundancy in the sections most susceptible to hacking. That's what they do in the space program. They switch to the backup now, and figure out what went wrong later.
May '10
Re: The Threat of Virtual War
"...blow up city blocks, erase bank data, crash planes and cut power to large sections of the country."
Which movie was that in?
And that Cyber Command...anyone remember Bradley Manning? Sounds like the cyber specialists are wrong, the huge problem isn't individual companies, but individual oath-breakers.
Individual companies will be sued blue when fouled up computers cost someone else money or harm, so that alone is the incentive to place and enforce technology policies to reduce these kinds of intrusions.
Now some of this is for-freaking-real. My go-to guy is Bruce Schneier.
Re: The Threat of Virtual War
It's really about disrupting power and data networks for hours, not even weeks. It's estimated that people have about 72 hours worth of provisions in case of emergency -- but if the power grid goes along with the data grid, even if they're both repaired in four or five days, it's a giant and lasting problem.
Sep '10
Re: The Threat of Virtual War
The danger is a bit more significant than a few day's power shutdown. Per the article, "In a 2006 U.S. government experiment, hackers were able to remotely destroy a 27-ton, $1-million electric generator similar to the kind commonly used on the nation's power grid. A video shows it spinning out of control until it shuts down."
The generator is, I understand, not something one can run down to the local GE warehouse and replace; it's a special order, months to construct and install, situation. Consider hitting the entire US grid a once. We'd all be out of power for months - at least, by tomorrow, when the emergency generator at the local hospital runs out of fuel. Richard Clarke's Cyberwar is chilling.
Jun '10
Re: The Threat of Virtual War
Lauren Fink, Ed.:"The odds are we'll wait for a catastrophic event," said Mike McConnell, former director of National Intelligence and cyber-security specialist, "and then overreact."
True. We can spend some thought and money now (expensive) or we can blame someone else later. Guess which one is the American way.
Can we stop at cyber attack? Ask the Iranians about "stuxnet."