10 years after 9/11, cyberattacks pose national threat, committee says
Catastrophic cyberattacks are not 'science fiction,' says the Bipartisan Policy Center
Computerworld - Ten years after the terrorist attacks of Sept. 11, 2001, the nation faces a critical threat to its security from cyberattacks, a new report by a bipartisan think tank warns.
The report, released last week by the Bipartisan Policy Center's National Security Preparedness Group (NSPG), offers a broad assessment of the progress that the public sector has made in implementing the security recommendations of the 9/11 Commission. The comments about cybersecurity are part of broader discussion on nine security recommendations that have yet to be implemented.
The report, the foreword to which is signed by Lee Hamilton, a former Democratic representative from Indiana, and Thomas Kean, former governor of New Jersey, notes that catastrophic cyberattacks against U.S. critical infrastructure targets are not a mere theoretical threat.
"This is not science fiction," the NSPG said in its report. "It is possible to take down cyber systems and trigger cascading disruptions and damage. Defending the U.S. against such attacks must be an urgent priority."
The report highlights concerns expressed by the Department of Homeland Security (DHS) and the U.S. intelligence community about terrorists using cyberspace to attack the country without physically crossing its borders. "Successive [intelligence chiefs] have warned that the cyber threat to critical infrastructure systems -- to electrical, financial, water, energy, food supply, military, and telecommunications networks -- is grave."
The report makes note of a briefing in which DHS officials described a "nightmare scenario" of terrorists hacking into the U.S. electric grid and shutting down power across large sections of the country for several weeks. "As the current crisis in Japan demonstrates, disruption of power grids and basic infrastructure can have devastating effects on society," the report noted.
The committee's report is sure to reinforce perceptions among many within the security industry that critical infrastructure targets remain woefully underprepared for dealing with cyberattacks. Over the past few years, there have been numerous attacks targeting government and military networks. Most of the attacks are believed to be the work of highly organized, well-funded, state-sponsored groups.
Despite the attacks, some believe that those within government are not taking the threat seriously enough. Just a few weeks ago, for instance, Cofer Black, former director of the CIA's Counterterrorism Center during the Bush administration, warned about cyberthreats not being taken seriously enough.
Though many security experts agree that future conflicts will likely be fought in cyberspace, military and government officials have shown a hesitancy to act until they see a validation of the threats, Black said during a keynote address at the Black Hat conference in August. It was the same sort of skepticism that many government officials had showed toward the alarms sounded prior to the Sept. 11, 2001, Black had noted.
The Bipartisan Policy Center (BPC) is a Washington-based think tank that was established in 2007 by former Senate Majority leaders Howard Baker, Tom Daschle, Bob Dole and George Mitchell. The NSPG is a group that was established by the BPC to monitor the implementation of the 9/11 Commission's recommendations for bolstering national security in the aftermath of the terrorists attacks.
Last week's report offers an assessment of the progress that the government has made in implementing the commission's recommendations. According to the NSPG, the government has made significant progress in addressing many of the 9/11 Commission's 41 recommendations.
However, several crucial ones remain very much a work in progress, the report noted.
One area where little progress has been made has to do with the recommendation to increase the availability of radio spectrum for public safety purposes, the report noted.
"Incompatible and inadequate communications led to needless loss of life" on 9/11, the BPC said in its report. But plans to address the problem by setting aside more radio spectrum for first responders have "languished" because of a political fight over whether to allocate 10MHz of radio spectrum to first responders or to a commercial wireless bidder.
Another area where progress has been limited has been on the civil rights and privacy fronts, the report noted. Surveillance activities and the use of tools such as National Security Letters to search for terrorists has greatly expanded since the 9/11 attacks. But a recommendation for setting up a Privacy and Civil Liberties Oversight Board with the executive branch of the federal government has yet to be fully implemented.
"If we were issuing grades, the implementation of this recommendation would receive a failing mark," the NSPG said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is firstname.lastname@example.org.
- How 9/11 changed data centers
- Online archive chronicles 3,000 hours of 9/11 TV coverage
- Tech items among museum's 9/11 relics
- 9/11: Top lessons learned for disaster recovery
- Ten years after 9/11: Public safety network may be near
- 9/11 continues to influence IT strategy
- 10 years after 9/11, cyberattacks pose national threat, committee says
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!