The popular NBC drama, Revolution, takes viewers on a journey to a post-apocalyptic America where every piece of electronic technology has been rendered mysteriously inoperable. Imagine this world: no computers, no telephones, nothing requiring electricity will function. On television this makes for an engaging “what if.”
Just this week the U.S. Department of Homeland Security Industrial Control Systems-Cyber Emergency Response Team (ISC-CERT) released a report focused on real, present-day threats to the national utility infrastructure. While the report may not have the pizzazz of creator, J. J. Adams’ NBC drama, its contents deserve equally rapt attention.
According to the ISC-CERT report, cyber-attacks on critical industrial control systems rose from 9 in 2009 to 198 in 2012, with a majority of the attacks aimed at the energy sector.
As Douglas Salane writes for the Crime Report, “There is good cause to worry about cyber attacks on power grids, water treatment systems and the other physical systems that depend on computers and networks. Many of these systems were put in place long before the Internet became the pervasive presence it is today.”
Salane’s observations are borne out by the fact that many of the computer systems and networks used to control utilities employ antiquated security measures. Moreover, many rely largely on isolation for security — the systems are located behind a restricted physical perimeter.
Salane goes on to state, “Even worse, many systems still have in place vendor passwords and software that is never or infrequently updated.”
The ISC-CERT report clarifies that not all threats represent state-sponsored activities, but because control systems are often exposed on the Internet, they could be easily attacked from other nations.
The ISC-CERT report comes on the heels of similar testimony given before Congress last week. Testifying at the Senate Intelligence Committee’s annual hearing on worldwide threats, Director of National Intelligence James Clapper told lawmakers that terrorist groups are increasingly pursuing the ability to wage cyberattacks — which, if successful, could cripple the U.S. energy, communications, defense and economic infrastructures.
Reading a statement on behalf of himself, FBI Director Robert Mueller, CIA Director John Brennan and National Counterterrorism Center Director Matthew Olsen, Clapper told lawmakers, “Our statement this year leads with cyber, and it’s hard to overemphasize its significance.”
Apparently Congress has begun to listen. While al Qaeda in the Arabian Peninsula, Hezbollah, Iran and North Korea were all addressed as serious concerns during the recent hearing, all present agreed cybersecurity should be the top priority when attempting to counter threats to the United States.
Given all this, it is a point of particular consternation that last year’s proposed cybersecurity bill was essential dead on arrival. Despite efforts by the White House and an emerging consensus among many lawmakers, the measure apparently lacked the magic spark needed to ensure our digital sparks keep flying.
In the throws of the sequester and in the face of so many other visceral problems, it’s difficult to keep attention on issues that seem so ethereal. The threats involve technologies and tactics far removed from what most of are capable of comprehending. Unfortunately, our paucity of understanding does not lessen the potential damage. Just as Europeans of the Middle Ages didn’t understand the transmission mechanism of various plagues, many of us don’t get all the computer gibberish. Like the Europeans, our ignorance, might exact a heavy price.