Local sites potential targets for cyberterror

[InfoSec News <isn () c4i org>]

http://seattlepi.nwsource.com/local/85214_cyberthreat02.shtml

Monday, September 2, 2002
By SAM SKOLNIK
SEATTLE POST-INTELLIGENCER REPORTER

> From nuclear plants to gas pipelines to electric utilities, Western
Washington contains several "critical infrastructure" facilities that
terrorists might target -- through their computers.

Two recent incidents have heightened concern about cyberterror
attacks, and have raised new questions about the capabilities of
al-Qaida and other terror groups.

Late last year, FBI agents in San Francisco discovered that
sophisticated hackers, working from the Middle East, had intruded into
sites detailing Bay Area emergency telephone service, electrical
generation and transmission, and the operations of nuclear power
plants.

And last month, federal officials said they detected a series of small
electronic attacks against U.S. Internet providers, including some in
Seattle. The initial government alert cited Italian authorities who
warned that "wide-scale hacker attacks" were planned against U.S.  
sites.

Local officials, from prosecutors to managers of the Columbia
Generating Station in Richland and the Bonneville Power
Administration, say they are not aware of any current terrorist
threat.

But those energy-related facilities, along with Seattle City Light and
the Olympic Pipe Line Co., say they have recently taken more steps to
secure their systems.

"For the potential cyberterrorists, we know we have vulnerabilities,"  
said U.S. Attorney John McKay, the top federal prosecutor in the
region. "So we're out there in terms of education and prevention."

McKay has bolstered the office's cybercrime squad to five prosecutors
and three support staff members, up from two attorneys and one
staffer. So far, most of the unit's time has been spent on more
routine cases involving hackers who get into corporate or government
computer systems.

Yet, McKay said, "Counterterrorism is our main priority, so preventing
cyberterror is our main concern there."

One way to do this is to educate business and utility managers to
beware of any possible intrusion -- and ensure that they tell
government investigators, which market-sensitive companies are
sometimes reluctant to do, said Assistant U.S. Attorney Floyd Short,
who oversees the cybercrime unit.

The stakes in the counterterrorism game grew recently when top-level
government officials conceded that al-Qaida and other like-minded
terror groups could be close to having the capability to use the
Internet as a deadly weapon, possibly in connection with more
conventional attacks.

Ronald Dick, head of the FBI's National Infrastructure Protection
Center, recently laid out a terrifying scenario:

"The event I fear most is a physical attack in conjunction with a
successful cyberattack on the responders' 911 system or on the power
grid," Dick recently told a closed-door gathering of security company
executives, according to The Washington Post.

In a subsequent interview with the Post, Dick said a coordinated
attack could mean that "the first responders couldn't get there ...  
and water didn't flow, hospitals didn't have power. Is that an
unreasonable scenario? Not in this world. And that keeps me awake at
nights."

In late January, federal officials reported that a photo of the Space
Needle and of a hydroelectric dam similar to the Grand Coulee Dam were
found in the rubble of al-Qaida hideouts in Afghanistan.

That followed a government alert Jan. 24 about possible threats to
nuclear power plants nationwide, including the Columbia Generating
Station near Richland.

Officials with Energy Northwest, which runs the plant, say the plant
has not received any direct threats, cyber or otherwise -- and further
that they have security systems in place to handle any that might
come.

The Nuclear Regulatory Commission did thorough reviews in advance of
Jan. 1, 2000, when some predicted that a "millennium bug" or attack by
a doomsday cult would cause havoc. Analysts "determined there were no
vulnerabilities found" with the computer systems at the Richland plant
-- the only operational commercial nuclear power plant in the Pacific
Northwest, said Kelly Butz, an Energy Northwest spokeswoman.

"Engineer safety systems in place were in fact protecting us from any
cyberthreat," Butz said.

The gasoline pipelines that move millions of gallons of fuel through
the state are also protected from threats, officials say.

Dan Cummings, a spokesman for BP Pipelines, North America Inc., which
now operates the Olympic Pipe Line system, said "security
enhancements" were made on all of their systems -- including their
computers, which operate the pipeline -- just before Sept. 11.

Cummings also said Olympic has a backup system ready to be booted up,
should the main computer system be hit.

He declined to discuss the specifics of their computer network -- as
did each of the officials reached at various critical infrastructure
facilities throughout the state, including officials with Seattle City
Light.

Cummings noted that a pipeline failure could be caused by other types
of terrorist strikes, such as an attack on the BPA regional electrical
power grid.

His point -- that there are significant vulnerabilities of
interdependence -- recently was pounded home to managers of critical
infrastructure facilities and law enforcement and other public-safety
officials at a closed-door meeting sponsored by the newly formed
Partnership for Regional Infrastructure Security.

Officials with the regional public-private partnership were hosts of
the conference June 12 at Welches, Ore., at which possible local
terrorist acts against critical infrastructure facilities were
discussed. Such facilities included energy providers or
telecommunications networks -- and the devastating domino effect that
an attack on them could have on the ability of other utilities to
function.

"What if the telecoms aren't working? Pipelines rely on telecoms to
send signals to regulate flow," said Barry Penner, a member of the
British Columbia legislative assembly and president of Pacific
NorthWest Economic Region. "What if the natural-gas supply was
disrupted for a few days? The electric utilities could be affected."

Penner's group, which oversees the infrastructure security
partnership, is a Canadian-American group composed of legislators and
government, utility and private sector leaders.

At the end of the conference, the partnership ran a full-day exercise
called "Blue Cascades," in which officials were asked to respond to a
simulated attack on the region's electric power supply. The electrical
failures in the scenario caused telecommunications and natural-gas
distribution disruptions, as well as threats to the operation of the
region's water systems and ports.

A report issued from the conference faulted infrastructure-facility
authorities for not fully realizing their interdependence and for not
having plans in place to deal with such possible attacks.

The report also faulted officials for not recognizing their reliance
on computers -- and what could happen if their systems were shut down.

"There was little recognition of the overwhelming dependency upon IT
(information technology)-related resources to continue business
operations and execute recovery plans," the report says, "and the need
for contingency plans in the event of loss or damage to electronic
systems."

"We're vulnerable to concerted terrorist attacks, the acts of yahoos
or even the weather," Penner said. "We live in the most interdependent
region in North America. We've got to be better prepared."

Paula Scalingi, an infrastructure security consultant based in Vienna,
Va., who designed the Blue Cascades exercise, said that before Sept.  
11, utility managers usually planned only for "single-point failures"  
such as natural disasters, which would affect only one plant or
business.

But if terrorists hit just one critical utility, "you could have a
domino effect that could basically shut down a region," said Scalingi,
who formerly was director of the U.S. Department of Energy's Office of
Critical Infrastructure Protection.

"Up until September 11, people really have not been aware of how
interconnected the infrastructures of the country have become,"  
Scalingi said.

Scalingi said the news is mixed regarding the threat of
cyberterrorists.

"Responsible companies are undertaking cybervulnerability assessments,
and this is good," Scalingi said. "But the determined hacker still has
the ability to wreak havoc."


P-I reporter Sam Skolnik can be reached at 206-467-1039 or
samskolnik () seattlepi com




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.