[IP] NYTimes.com: Virtually Unprotected
June 2, 2005
Virtually Unprotected
When the East Coast and Midwest were hit by a blackout in 2003, the
first fear of many people was that terrorists had attacked the
electricity grid. It turned out not to have been terrorism, but the
fears were well founded. Experts have long warned that the nation's
power, transportation and communications systems are vulnerable to
"cyberattacks" that could devastate the economy and cause huge damage
to life and property. Now a new government report has concluded that
far too little is being done to close these gaps.
After Sept. 11, 2001, a group of leading scientists sent a stern
warning to President Bush about the danger of a computer-based
terrorist attack on the nation's infrastructure. They called for the
creation of a major Cyber-Warfare Defense Project, modeled on the
Manhattan Project, to prevent, detect and respond to potential
attacks. "Fast and resolute mitigating action is needed to avoid
national disaster," the scientists warned.
Power grids, water treatment and distribution systems, major dams,
and oil and chemical refineries are all controlled today by networked
computers. Computers make the nation's infrastructure far more
efficient, but they also make it more vulnerable. A well-planned
cyberattack could black out large parts of the country, cut off water
supplies or worse. The Nuclear Regulatory Commission found that in
2003 a malicious, invasive program called the Slammer worm infected
the computer network at a nuclear power plant and disabled its safety
monitoring system for nearly five hours.
Despite the warnings after 9/11 - and again after the 2003 blackout -
disturbingly little has been done. The Government Accountability
Office did a rigorous review of the Department of Homeland Security's
progress on every aspect of computer security, and its findings are
not reassuring. It found that the department has not yet developed
assessments of the threat of a cyberattack or of how vulnerable major
computer systems are to such an attack, nor has it created plans for
recovering key Internet functions in case of an attack. The report
also expressed concern that many of the department's senior
cybersecurity officials have left in the past year. Representative
Zoe Lofgren, the California Democrat who was among those who
requested the G.A.O. report, said last week that it proved that "a
national plan to secure our cybernetworks is virtually nonexistent."
Protecting the nation from a potentially devastating cyberattack is
not easy. The technological challenges are considerable - even major
technology companies have trouble defending themselves against
hackers. The number of potential targets is enormous. And because
many of the targets are in private hands, the Department of Homeland
Security has to work with entities that may be reluctant to follow
the government's lead.
But overcoming these obstacles should be a high priority. One of the
lessons of the Sept. 11 attacks in New York and Washington was how
much damage a few men with simple weapons, like box cutters, could do
if they targeted a point of maximum vulnerability. In a well-planned
cyberattack, a single terrorist with nothing more than a computer and
Internet access could do an extraordinary amount of harm from half a
world away.
An Insecure Nation: Editorials in this series remain online at
nytimes.com/insecurenation.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/