Corporate America now on front lines of war on terror

Computerworld - A year ago this week, America was attacked by a global enemy that has demonstrated its determination to use any means at its disposal to wreak havoc and fear, damage the economy and compel the nation to withdraw from the international community (see story).

In that regard, Sept. 11, 2001, will be remembered as a colossal failure for international terrorism, say government and private-sector security experts.

Rather than leaving the country in a state of stunned inaction, the attacks triggered what many security experts say was long overdue: a nationwide effort to bolster homeland security and critical infrastructure protection—a concept that has placed private companies on the front lines of national defense.

"It's never been done before," said Steve Cooper, CIO at the White House's Office of Homeland Security, referring to the massive integration effort now under way to help improve security information sharing among government agencies and the hundreds of private companies that own and operate 90% of the nation's critical systems. "We must do it, and we can do it," said Cooper, speaking Aug. 19 at a government symposium on homeland security.

Perception Game

However, proponents of critical-infrastructure protection, particularly in the area of cybersecurity, face many of the same challenges that terrorism experts encountered prior to Sept. 11: Few in the private sector perceive that there's an imminent threat to the digital homeland, and fewer still acknowledge terrorists' ability to and willingness to adapt their tactics to take advantage of America's digital Achilles' heel—its information networks.

Every so-called critical infrastructure in the U.S., from telecommunications to transportation, banking and energy, relies on computers and computer networks, National Security Adviser Condoleezza Rice said in March last year during her first major policy address on the topic (see story).

"Corrupt those networks, and you disrupt this nation," she said. "Today, the cybereconomy is the economy."

"The terrorists in the Sept. 11 event had the patience to plan [and] the foresight and the understanding of the infrastructure that could be used to simultaneously or sequentially disrupt the infrastructure electronically," said Paula Scalingi, former director of critical infrastructure protection at the U.S. Department of Energy. "That could cause a major regional failure in this country. There's no question that that's doable."

Game of Dominoes

The reality of the threat to the nation's critical infrastructure, particularly in the areas of power, telecommunications and emergency services, was demonstrated in June when the federal government co-sponsored an exercise known as Blue Cascades. Dozens of government and private-sector representatives from five U.S. states in the Pacific Northwest and three Canadian provinces confronted the very real potential for cascading infrastructure failures resulting from combined physical and cyberterrorist incidents.