Exercise Exposes Vulnerabilities

Computerworld - Understanding the threats posed by cyberattacks against the nation's critical telecommunications, energy and emergency infrastructures has given way to learning about how failures in one industry segment can affect other sectors.
That was the conclusion of the Blue Cascades critical-infrastructure protection exercise that was held June 12 in Portland, Ore. A detailed action plan based on the results of Blue Cascades is scheduled to be completed this week.
The exercise was the second such regional critical-infrastructure protection exercise sponsored by the Pacific Northwest Economic Region, a public/private partnership created by five U.S. states and three Canadian provinces. The first exercise, code-named Black Ice and held in Salt Lake City in November 2000, demonstrated how the effects of a major terrorist attack or natural disaster could be made significantly worse by a simultaneous cyberattack.
"Blue Cascades and Black Ice centered on prolonged power outages that were accompanied by natural gas infrastructure and telecommunications failures stemming from unknown causes," said Paula Scalingi, former director of the U.S. Department of Energy's Critical Infrastructure Protection Office and now a private consultant. Scalingi, who took part in both exercises, said response and reconstitution of services was hampered by infrastructure interdependencies during both exercises.
The Pacific Northwest's infrastructure systems are highly integrated with Canada's. For example, more than 80% of the region's natural gas supply flows south from Canada through pipelines that are dependent on IT-based control systems, prompting a need for what state and local officials characterized as a multiyear effort to develop "a disaster-resistant region."
"Sept. 11 demonstrated that U.S. intelligence cannot provide the necessary alert and warning to prevent terrorists from striking," said Scalingi. Instead, it's up to regional officials to prepare "to deal with the unthinkable," she said.