world war E
dispatches from the network society

cyber-defenses: low; cyberterrorism: inevitable.

The real world consequences of cyberwarfare were suggested by the cyberwar on Estonia, which took emergency response telephone services offline for about an hour. Similar concerns have been raised for years in the U.S., especially after the logistical problems of 9/11’s emergency response: What if a cyberterrorist coordinated with a ‘kinetic bomber’ to take down communications systems at the moment of detonation? The inability of emergency systems to respond would invariably constitute a ‘damage multiplier’ magnifying the impact of the real world attack.

Such concerns have remained largely within the realm of the hypothetical, with scenarios and warnings also issued for other critical infrastructure such as power stations and dams. Analysts in law enforcement agencies throughout the U.S., however, maintain that they are very real threats and that cyberterrorism is an inevitability – conclusions supported by evidence gleaned from seized al-Qaeda laptops in Afghanistan and elsewhere. The problem lies in system structure and the inintended consequences of integrating conventional systems into the network society:

Specialized digital devices are used by the millions as the brains of American “critical infrastructure” — a term defined by federal directive to mean industrial sectors that are “essential to the minimum operations of the economy and government.”

The devices are called distributed control systems, or DCS, and supervisory control and data acquisition, or SCADA, systems. The simplest ones collect measurements, throw railway switches, close circuit-breakers or adjust valves in the pipes that carry water, oil and gas. More complicated versions sift incoming data, govern multiple devices and cover a broader area.

What is new and dangerous is that most of these devices are now being connected to the Internet — some of them, according to classified “Red Team” intrusion exercises, in ways that their owners do not suspect.

Because the digital controls were not designed with public access in mind, they typically lack even rudimentary security, having fewer safeguards than the purchase of flowers online. Much of the technical information required to penetrate these systems is widely discussed in the public forums of the affected industries, and specialists said the security flaws are well known to potential attackers.

Now, at the recent DefCon conference in Las Vegas, hackers have provided a proof of concept cyberassault on oil refineries, power plants and factories, suggesting that cyberdefenses are in more urgent need of upgrading.

One Response to “cyber-defenses: low; cyberterrorism: inevitable.”

  1. i want information about cyber low colleges

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: