A report published nearly six months before the historic U.S.-Canadian power outage warned the nation’s electric grid and other “critical infrastructure” is vulnerable to cyber-attack by terrorists.
The report, issued Feb. 21 by the Congressional Research Service, advised “industries potentially affected by a cyber-attack on industrial control systems include the electrical, telephone, water, chemical and energy sectors.” [Editor’s note: You must have Adobe Acrobat to view the above .pdf file.]
The report takes on new relevance following the Aug. 14 power outage throughout a wide swath of the Northeast. The cause is still under investigation, but a London-based Arabic newspaper said the terrorist network al-Qaida took responsibility.
As WorldNetDaily reported, the record blackout struck parts of the Northeast and Canada, affecting some 50 million people, including residents of New York City, New Jersey, Connecticut, Ottawa, Toronto, Cleveland and Detroit.
Analysts and infrastructure officials have said the nation’s electric grid is particularly vulnerable. Though much of it still relies on 1950s-era switching technology, the grid is regulated by computers – systems that could be hacked and disrupted by dedicated cyber-terrorists.
Within days of the Sept. 11, 2001, attacks, the General Accounting Office, the congressional watchdog agency, issued its own report warning of vulnerabilities to the nation’s critical infrastructure. The GAO called for action then to address potential cyber-security shortfalls.
“To protect computer systems and the critical operations and infrastructures they support, various efforts have been undertaken to implement a national strategy” as outlined in Presidential Decision Directive 63, issued by President Clinton May 22, 1998.
“However, progress in some areas has been slow,” the Sept. 20, 2001, GAO report said. “Specifically, federal agencies have taken initial steps to develop critical infrastructure protection plans, but independent audits continue to identify persistent, significant information security weaknesses that place federal operations at high risk of tampering and disruption.”
Following the blackout, Glenn English, chief executive officer of the National Rural Electric Cooperative Association, said “it was time to address” the nation’s power grid problems.
“That an outage of this scale could disrupt service over such a broad region is of great concern to NRECA,” he said. “We know that the transmission system has problems, we know that action is needed and we must now determine if new problems exist. Now is the time for the nation to address this shortcoming.”
The terrorist angle entered the probe into last week’s outage when the newspaper Al-Hayat published a communiqu? attributed to al-Qaida that stated the “brigades of Abu Fahes Al Masri” had hit two main power plants supplying major industrial cities in the U.S. and Canada, “its ally in the war against Islam and their neighbors.”
Yossef Bodansky, director of the Congressional Task Force on Terrorism and Unconventional Warfare, told WorldNetDaily al-Qaida has been advertising for a long time that a catastrophic attack on the U.S. power-supply infrastructure was something it wanted to do. Al-Qaida is known to posses detailed schematics of power facilities in North America.
While the CRS report said “much of the U.S. critical infrastructure is potentially vulnerable to cyber-attack,” it noted “industrial control computer systems involved in this infrastructure are specific points of vulnerability.”
“Cyber-security for these systems has not been perceived as a high priority,” despite a federal government warning “regarding an increase in terrorist interest in the cyber-security of industrial control systems,” the report said.
Brian Roehrkasse, a spokesman for the Department of Homeland Security, told WorldNetDaily “quite a bit” is being done to help protect the nation’s infrastructure.
While many steps could not be made public for security reasons, Roehrkasse said the department “in the past several weeks … has issued a number of different advisories alerting of potential cyber-security attacks, as well as security measures that could be in place to address those attacks.”
However, he pointed to the launch this week of the massive SoBig e-mail worm virus as proof that more work needs to be done. The virus, first detected on Monday, spread around the globe within hours and is said to be the largest e-mail virus ever.
“DHS sent out an advisory on that [virus] too, which is an example of the work we’re doing to secure cyber-security,” Roehrkasse said, adding that a number of alerts also have been sent to private industry by the department.
Some experts and analysts worry the federal government’s solutions may go a long way towards violating basic civil rights without providing much security.
“The security of these crucial systems must be improved, but the lead role must be taken by industry, not government and there must be a balance between that security and the rights of citizens,” says an analysis by the Center for Democracy and Technology, a Washington, D.C.-based think tank. “The government has proposed answers to the problem that will infringe on privacy rights while not providing adequate security.”
A year ago, the White House released its plan for improving cyber-security. The “National Strategy to Secure Cyberspace” calls for engaging, not alienating, private industry, curbing regulations, safeguarding civil liberties and working in conjunction with federal, state and local governments.
“The interests of security and personal privacy need not be antithetical to one another,” the plan says.