NYTimes.com: Virtually Unprotected

[David Farber <dave () farber net>]

June 2, 2005
Virtually Unprotected

When the East Coast and Midwest were hit by a blackout in 2003, the  
first fear of many people was that terrorists had attacked the  
electricity grid. It turned out not to have been terrorism, but the  
fears were well founded. Experts have long warned that the nation's  
power, transportation and communications systems are vulnerable to  
"cyberattacks" that could devastate the economy and cause huge damage  
to life and property. Now a new government report has concluded that  
far too little is being done to close these gaps.

After Sept. 11, 2001, a group of leading scientists sent a stern  
warning to President Bush about the danger of a computer-based  
terrorist attack on the nation's infrastructure. They called for the  
creation of a major Cyber-Warfare Defense Project, modeled on the  
Manhattan Project, to prevent, detect and respond to potential  
attacks. "Fast and resolute mitigating action is needed to avoid  
national disaster," the scientists warned.

Power grids, water treatment and distribution systems, major dams,  
and oil and chemical refineries are all controlled today by networked  
computers. Computers make the nation's infrastructure far more  
efficient, but they also make it more vulnerable. A well-planned  
cyberattack could black out large parts of the country, cut off water  
supplies or worse. The Nuclear Regulatory Commission found that in  
2003 a malicious, invasive program called the Slammer worm infected  
the computer network at a nuclear power plant and disabled its safety  
monitoring system for nearly five hours.

Despite the warnings after 9/11 - and again after the 2003 blackout -  
disturbingly little has been done. The Government Accountability  
Office did a rigorous review of the Department of Homeland Security's  
progress on every aspect of computer security, and its findings are  
not reassuring. It found that the department has not yet developed  
assessments of the threat of a cyberattack or of how vulnerable major  
computer systems are to such an attack, nor has it created plans for  
recovering key Internet functions in case of an attack. The report  
also expressed concern that many of the department's senior  
cybersecurity officials have left in the past year. Representative  
Zoe Lofgren, the California Democrat who was among those who  
requested the G.A.O. report, said last week that it proved that "a  
national plan to secure our cybernetworks is virtually nonexistent."

Protecting the nation from a potentially devastating cyberattack is  
not easy. The technological challenges are considerable - even major  
technology companies have trouble defending themselves against  
hackers. The number of potential targets is enormous. And because  
many of the targets are in private hands, the Department of Homeland  
Security has to work with entities that may be reluctant to follow  
the government's lead.

But overcoming these obstacles should be a high priority. One of the  
lessons of the Sept. 11 attacks in New York and Washington was how  
much damage a few men with simple weapons, like box cutters, could do  
if they targeted a point of maximum vulnerability. In a well-planned  
cyberattack, a single terrorist with nothing more than a computer and  
Internet access could do an extraordinary amount of harm from half a  
world away.

An Insecure Nation: Editorials in this series remain online at  
nytimes.com/insecurenation.



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/