In a small hotel meeting room a few blocks from the White House, employees from power plants, factories, airports and oil refineries hunched over laptops working frantically to stop cyberterrorists from firing a rocket launcher into the heart of a picturesque American town.
It was just a training drill with pretend hackers and a model “cybercity” made of plastic and wood. But, for the participants, the lesson zeroed in on a threat becoming increasingly real.
While the nation has focused on the dramatic cyberattack against Sony Pictures and the recent hackings of Target and Home Depot, cybersecurity experts say the greater danger is that terrorists will go after the nation’s critical infrastructure — airports, water treatment plants, power companies, oil refineries and chemical plants.
Cyberterrorists could turn off the lights for millions of Americans by attacking power grids, shut down the nation’s airports by seizing control of air-traffic control systems or blow up an oil pipeline from thousands of miles away, experts say.
“This is a much bigger threat over time than losing some credit cards to cybercriminals,” said Derek Harp, lead instructor at the recent training conference run by SANS Institute, which provides cybersecurity education and certification for people who run industrial control systems.
Members of Congress agree.
Maryland Rep. Dutch Ruppersberger, the senior Democrat on the House Intelligence Committee, said cyberattacks will be “the warfare of the future.”
“Just think what could happen down the future if North Korea wanted to knock out a grid system, an energy system, knock out air-traffic control,” he said in an interview Monday on CNN.
The House passed a bill in early December to help protect the U.S. against electromagnetic pulse weapons, which terrorists could conceivably develop to disrupt or destroy computer systems controlling the electrical grid.
However, the Senate did not take up the Critical Infrastructure Protection Act, which requires the U.S. government to make plans to prevent and recover from a large-scale blackout. Bill proponents say they plan to reintroduce it after the new Congress convenes in January.
“Our electric grid is a key target to exploit not only for its inherent vulnerability, but because we are so vitally dependent on it,” said Rep. Trent Franks, R-Ariz., a member of the House Armed Services Committee and the lead sponsor of the bipartisan bill.
President Obama also urged the incoming Congress to pass “stronger cybersecurity laws that allow for information sharing” in the wake of the cyberattack against Sony.
A bill to pave the way for increased information-sharing about cyberattacks between private companies and the Department of Homeland Security stalled in the Senate this year, but supporters plan to try again.
“We must pass an information-sharing bill as quickly as possible next year,” said Sen. Dianne Feinstein, D-Calif., lead sponsor of the Cybersecurity Information Sharing Act.
The bill encourages businesses to voluntarily share information about cyberattacks with the government by giving them protection from lawsuits and antitrust actions if they disclose when they’ve been hacked and provide details of the attacks.
It failed to pass this year in part because privacy rights groups say companies are protected even if they inadvertently share their customers’ personal data with DHS, which may go on to share it with the National Security Agency or Defense Department. Supporters of the bill say those fears are unfounded.
Industrial control systems that enable pipelines to flow, nuclear power to be generated and factories to make products have been switching from old, analog electronics to digital, Web-accessible structures since the 1990s. The switch boosts efficiency and saves money but opens these crucial systems to cyberattacks.
In the power sector alone, an estimated 10,000 more employees need training to defend against cyberattacks, according to the SANS Institute. “Workforces generally are undertrained to defend their companies,” said Michael Assante, a SANS Institute project leader.
During the recent training drill here, one team of participants beat back the make-believe terrorists and seized control of the rocket launcher, firing the mock weapon into open space away from the model city. The victory drew enthusiastic applause.
But in real life, Harp said, “we’ve got a long way to go to defend ourselves.”
Copyright 2014 USA TODAY
- 6 Jan, 2015
- Posted by admin
- 0 Comments