US prepares for potential cyber terror
ISN:By Carmen Gentile
Terrorists may be plotting ways to use the internet to wreak havoc by hacking into US power grids, water treatment plants, and other vital necessities for modern living, so the US government believes.
Concerns over potential cyber attacks are what prompted numerous US government agencies to conduct a joint exercise earlier this month aimed at readying the country in case of a mass terror hacker attack.
In all, 17 US agencies and one Canadian branch of government participated in the exercise that included computer experts from the Department of Homeland Security (DHS), the Central Intelligence Agency (CIA), the White House, and the US Secret Service.
Officials at DHS stressed, however, that "the exercise was a simulated event, and there were no real world effects on, tampering with, or damage to any critical infrastructure".
Dubbed operation "Cyber Storm", the war-game tested US response to attacks from a number of hackers and bloggers working in unison to disrupt what has become the county’s most vital information conduit.
Though the notion of bloggers posing a threat to the government is characterized as excessive to some, part of the exercise was to counter a massive misinformation campaign on several fronts, though many have described the notion of bloggers posing a threat to the government as excessive.
Considering the growing influence some of America’s more prominent bloggers wield, US officials said they deemed it necessary to take into account the potential disaster what they called a widespread misinformation campaign could cause.
The internet itself was also a mock target in Cyber Storm. Experts said they simulated an attack that would knock out power in ten US states and disrupt online banking and commerce.
They also practiced countering a pseudo-distribution of software tainted with virus and hack attacks against potential weakness in the public transportation and health care systems.
"Cyber security is critical to protecting our nation’s infrastructure because information systems connect so many aspects of our economy and society," said George Foresman, DHS under secretary for preparedness according to MSNBC.
"Preparedness against a cyber attack requires partnership and coordination between all levels of government and the private sector. Cyber Storm provides an excellent opportunity to enhance our nation’s cyber preparedness and better manage risk," he said.
Though US systems and the internet survived the mock attack, results from an earlier exercise conducted by the DHS called "Livewire", raised serious concerns with officials who concluded the government’s preparedness for an all-out cyber assault - be it from a band of hackers, a terror group or a foreign government - was questionable.
Homeland officials also expressed concern about whether the government was capable of handling the rigors of a mass internet attack without the help of private companies.
The Cyber Czar
In the wake of the 11 September 2001 attacks on New York and Washington, US officials also turned their sites on shoring up security for the internet by creating a new department to keep tabs on US technology as it pertains to potential targets.
By mid-October 2001, the Bush administration appointed Richard Clarke special advisor for cyberspace security.
A long-time proponent of bolstering US defenses against cyber attacks, Clarke previously served as national coordinator for security, infrastructure protection, and counter-terrorism on the super-secret National Security Council (NSA).
He often warned of al-Qaida’s growing interest and presence on the internet and the potential for future online attacks.
"The fact that these people are gathering skills in cyber war capability is very troubling, combined with the fact that we know that they’re looking on the Web for hacking tools," said Clarke in a recent television interview. "We know that because we’ve seized some of their computers."
"It suggests to me that al-Qaida may be trying to grow an indigenous cyber warfare capability. I think it suggests that someday we may see al-Qaida, if it’s still alive and operating, use cyberspace as a vehicle for attacking infrastructure - not with bombs, but with bytes."
He also warned that the private technology sector, particularly software companies, was under threat from cyber terror and should be taking the necessary precautions to ensure their products contained the necessary safeguards to thwart off potential attacks, be they from foreign extremists or homegrown teenage hackers.
"Until very recently, and perhaps for some software companies still today, quality control of source code has been a low priority," said Clarke. "Getting the product to market fast has been the highest priority.
"This has meant that there are some very sloppy mistakes, things that just don’t have to happen [...] So there are hundreds of thousands of systems out there that are never fixed, even when the software vulnerability is identified."
Clarke resigned from his commission as White House "cyber czar" in March 2003 and the post has remained vacant since, raising concerns with some officials in the Bush administration.
Cyber terror skeptics
Skeptics of the potential for a cyber attack disaster say the Bush administration has over-hyped the possibility of a devastating internet terror attack to keep the public frightened and behind the US-led wars in Iraq and Afghanistan.
"People being blown to bits is terror, your wife coming home in a body bag, that’s terror [...] your email not working is not terrorism," Bruce Schneier, a well-known, outspoken internet technologist and advisor told ISN Security Watch.
Schneier said that while cyber crimes like credit card fraud were not being taken seriously enough by the US government, Washington’s focus on potential cyber attacks was misguided and more a ploy to rally support for the "war on terror".
"Terrorism is sexy - it gets the votes," he said.
The cyber security expert noted that it was extremely difficult to, for example, knock a power station off line by hacking into its computers, and that terror organizations like al-Qaida were not interested in disruption, but in devastation and high death tolls.
"Imagine bin Laden sitting in a cave and one of his men comes up to him and says ‘we’re going to make all their chatrooms fail’. He’d say: ‘you’re an idiot.’"
Carmen Gentile is a senior international correspondent for ISN Security Watch based in Rio de Janeiro. He has reported from Iraq, Afghanistan, and Bolivia for Security Watch, and Haiti, Venezuela, and elsewhere for United Press International, The Washington Times, and others.
Terrorists may be plotting ways to use the internet to wreak havoc by hacking into US power grids, water treatment plants, and other vital necessities for modern living, so the US government believes.
Concerns over potential cyber attacks are what prompted numerous US government agencies to conduct a joint exercise earlier this month aimed at readying the country in case of a mass terror hacker attack.
In all, 17 US agencies and one Canadian branch of government participated in the exercise that included computer experts from the Department of Homeland Security (DHS), the Central Intelligence Agency (CIA), the White House, and the US Secret Service.
Officials at DHS stressed, however, that "the exercise was a simulated event, and there were no real world effects on, tampering with, or damage to any critical infrastructure".
Dubbed operation "Cyber Storm", the war-game tested US response to attacks from a number of hackers and bloggers working in unison to disrupt what has become the county’s most vital information conduit.
Though the notion of bloggers posing a threat to the government is characterized as excessive to some, part of the exercise was to counter a massive misinformation campaign on several fronts, though many have described the notion of bloggers posing a threat to the government as excessive.
Considering the growing influence some of America’s more prominent bloggers wield, US officials said they deemed it necessary to take into account the potential disaster what they called a widespread misinformation campaign could cause.
The internet itself was also a mock target in Cyber Storm. Experts said they simulated an attack that would knock out power in ten US states and disrupt online banking and commerce.
They also practiced countering a pseudo-distribution of software tainted with virus and hack attacks against potential weakness in the public transportation and health care systems.
"Cyber security is critical to protecting our nation’s infrastructure because information systems connect so many aspects of our economy and society," said George Foresman, DHS under secretary for preparedness according to MSNBC.
"Preparedness against a cyber attack requires partnership and coordination between all levels of government and the private sector. Cyber Storm provides an excellent opportunity to enhance our nation’s cyber preparedness and better manage risk," he said.
Though US systems and the internet survived the mock attack, results from an earlier exercise conducted by the DHS called "Livewire", raised serious concerns with officials who concluded the government’s preparedness for an all-out cyber assault - be it from a band of hackers, a terror group or a foreign government - was questionable.
Homeland officials also expressed concern about whether the government was capable of handling the rigors of a mass internet attack without the help of private companies.
The Cyber Czar
In the wake of the 11 September 2001 attacks on New York and Washington, US officials also turned their sites on shoring up security for the internet by creating a new department to keep tabs on US technology as it pertains to potential targets.
By mid-October 2001, the Bush administration appointed Richard Clarke special advisor for cyberspace security.
A long-time proponent of bolstering US defenses against cyber attacks, Clarke previously served as national coordinator for security, infrastructure protection, and counter-terrorism on the super-secret National Security Council (NSA).
He often warned of al-Qaida’s growing interest and presence on the internet and the potential for future online attacks.
"The fact that these people are gathering skills in cyber war capability is very troubling, combined with the fact that we know that they’re looking on the Web for hacking tools," said Clarke in a recent television interview. "We know that because we’ve seized some of their computers."
"It suggests to me that al-Qaida may be trying to grow an indigenous cyber warfare capability. I think it suggests that someday we may see al-Qaida, if it’s still alive and operating, use cyberspace as a vehicle for attacking infrastructure - not with bombs, but with bytes."
He also warned that the private technology sector, particularly software companies, was under threat from cyber terror and should be taking the necessary precautions to ensure their products contained the necessary safeguards to thwart off potential attacks, be they from foreign extremists or homegrown teenage hackers.
"Until very recently, and perhaps for some software companies still today, quality control of source code has been a low priority," said Clarke. "Getting the product to market fast has been the highest priority.
"This has meant that there are some very sloppy mistakes, things that just don’t have to happen [...] So there are hundreds of thousands of systems out there that are never fixed, even when the software vulnerability is identified."
Clarke resigned from his commission as White House "cyber czar" in March 2003 and the post has remained vacant since, raising concerns with some officials in the Bush administration.
Cyber terror skeptics
Skeptics of the potential for a cyber attack disaster say the Bush administration has over-hyped the possibility of a devastating internet terror attack to keep the public frightened and behind the US-led wars in Iraq and Afghanistan.
"People being blown to bits is terror, your wife coming home in a body bag, that’s terror [...] your email not working is not terrorism," Bruce Schneier, a well-known, outspoken internet technologist and advisor told ISN Security Watch.
Schneier said that while cyber crimes like credit card fraud were not being taken seriously enough by the US government, Washington’s focus on potential cyber attacks was misguided and more a ploy to rally support for the "war on terror".
"Terrorism is sexy - it gets the votes," he said.
The cyber security expert noted that it was extremely difficult to, for example, knock a power station off line by hacking into its computers, and that terror organizations like al-Qaida were not interested in disruption, but in devastation and high death tolls.
"Imagine bin Laden sitting in a cave and one of his men comes up to him and says ‘we’re going to make all their chatrooms fail’. He’d say: ‘you’re an idiot.’"
Carmen Gentile is a senior international correspondent for ISN Security Watch based in Rio de Janeiro. He has reported from Iraq, Afghanistan, and Bolivia for Security Watch, and Haiti, Venezuela, and elsewhere for United Press International, The Washington Times, and others.
posted by Marko at 3/01/2006 08:54:00 AM
<< Home