Politically motivated cyber-attacks are nothing new. Whether to steal state secrets, disrupt military or business operations or infiltrate computer controlled public utilities, state sponsored cyber-attacks are a real threat.
Daily, our nation’s critical infrastructure is under attack. While many of these attacks are thwarted, the recent publicity is revealing weaknesses that need to be addressed. In October of 2010, the NASDAQ was the victim of a hack attempt. Malware (software designed to disrupt or damage systems like a virus) had infiltrated the computer systems responsible for operating portions of the NASDAQ. Fortunately, the FBI detected this attack and was able to stop it. After a thorough analysis, it was determined the attack was likely state sponsored and designed to do damage. The NASDAQ is considered a critical part of the US economic infrastructure – what better way to cripple an economy than shutting down stock trades.
The nation’s power grid is run by computer systems. Not only do they monitor the status, it’s possible to control the flow of power to certain areas. In theory, an attacker could gain control of these systems and shut power down to large areas. While a short outage might not seem that disruptive, if large enough it can still create a significant financial impact. Factories cannot produce goods, stores cannot process transactions, and offices can’t turn on the lights. And if timed properly it could allow other actions – such as a terrorist attack – to happen.
Fresh water is necessary for survival. For many, water treatment plants are essential for providing clean drinking water. These facilities are complex, using sophisticated machinery and chemical dispensation to process raw water into potable, safe hydration. Computers control the valves, filters and chemicals that treat water until its safe. If a hacker was able to gain control of these systems, it might be possible to contaminate the drinking water, or disrupt the flow of fresh water to a city or town. While we can survive a few days without water, there are more serious short term effects. If a fire broke out – hydrants and sprinkler systems would be dry. Restaurants would need to close. Any businesses or individuals reliant on water would be impacted.
Our public safety systems rely on computers to operate. Police need communications in order to effectively do their job. Radios, telephones, and in-car computers continually provide critical information. Fire fighters and ambulance crews need information to find those in need of help. These systems are reliant on software to operate. If an attack on this infrastructure was successful, it might be possible to disrupt or cut off access.
Telecommunications includes both voice and data networks. Dialing a number to California routes you through many providers, allowing a call to be completed from coast to coast. Sending an email follows a similar path. While there is some redundancy built in at the physical and logical layers, it might be possible to interrupt or damage these systems and shut down communications over a large area. The result, as you can imagine, would be catastrophic.
Defense against Cyber Warfare
Many are asking how we can successfully combat this threat. After all, technology is ever evolving. It’s like hitting a moving target – you must anticipate your next move. While I don’t believe there is a simple answer, I do think that awareness of the need is growing. Government needs to place a larger focus on cyber security, perhaps by creating a national standard on network security for all to follow. Public utility and safety providers need to understand that protecting this infrastructure is critical, and invest in the hardware and software necessary for it. Even small businesses need to invest in protection, and understand it’s a cost of doing business. Banks and credit unions are audited for network security to meet regulatory requirements, but what about public services? Will it take a successful attack to raise enough awareness? I certainly hope that isn’t the case.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Matt Rice is an Owner and Chief Technology Officer of Burgess Computer, a comprehensive IT support, managed service and network design firm located in Bath serving clients in southern, midcoast and central Maine. www.burgesscomputer.com