A research group attached to the Department of Homeland Security believes that attacks on North America’s critical infrastructure could be devastating. Ya don’t say?
Scott Borg, director of the Cyber Consequences Unit, or CCU, a Department of Homeland Security advisory group, said increasing intelligence ”chatter” was pointing to possible criminal or terrorist schemes to destroy physical infrastructure, such as power grids.
Let’s have a look back to the black out in 2003. Most of the eastern seaboard was plunged into darkness when software at FirstEnergy failed causing a domino effect. This could conceiveably happen on a much larger scale. The infrastructure for the power grid the US and Canada is aging and the software was written without really taking security into account. The potential for trouble presents itself in rather vivid detail.
”Chatter on SCADA attacks is increasing,” Borg said, referring to patterns of behavior his unit has observed suggesting that criminal gangs and militant groups like al Qaeda are becoming capable of carrying out such attacks.
I think this could be flawed. Terrorist groups are interested in body counts plain and simple. In the media there is a phrase “if it bleeds it leads”. A black out would not really accomplish what they are after. I would hazard a guess that a foreign power or a criminal organization would have much more to gain from such a catastrophe. A foreign power could cripple the cash flow of the US which is having enough trouble trying to finance the ongoing war on terror. A criminal organization could leverage the ensuing chaos for a string of bank robberies using it as cover. No one would know what had happened until it was all over. The article points out this as a scenario,
In one hair-raising scenario, Borg describes how attackers might change specifications at an automobile plant and cause a car to ”burst into flames after it had been driven for certain weeks or months.”
This is far too Hollywood. What are we paying these guys for. I believe that a low tech approach would be far more realistic.
”An attack, if well planned, could run for months without being detected,” Borg said. ”Now, imagine if they go public on a website and announce what they have done. Stocks would go into a free fall. Liability lawsuits would pile up.”
OK, I’ve figured it out. These guys are former writers for the show “24”. Honestly though, a few dumptrucks in the right places across the US could inflict massive damage. I do agree with one passage from the article.
”The best way for companies to discover security holes is to ask trusted employees to attack their own company,” Borg said.
Can’t really argue there. A sanctioned inside job would illustrate the greatest threat level. Interesting read nonetheless.
[tags]SCADA Security, SCADA, Critical Infrastructure, DHS[/tags]