10 years after 9/11, cyberattacks pose national threat, committee says

Catastrophic cyberattacks are not 'science fiction,' says the Bipartisan Policy Center

Ten years after the terrorist attacks of Sept. 11, 2001, the nation faces a critical threat to its security from cyberattacks, a new report by a bipartisan think tank warns.

The report, released last week by the Bipartisan Policy Center's National Security Preparedness Group (NSPG), offers a broad assessment of the progress that the public sector has made in implementing the security recommendations of the 9/11 Commission. The comments about cybersecurity are part of broader discussion on nine security recommendations that have yet to be implemented.

The report, the foreword to which is signed by Lee Hamilton, a former Democratic representative from Indiana, and Thomas Kean, former governor of New Jersey, notes that catastrophic cyberattacks against U.S. critical infrastructure targets are not a mere theoretical threat.

"This is not science fiction," the NSPG said in its report. "It is possible to take down cyber systems and trigger cascading disruptions and damage. Defending the U.S. against such attacks must be an urgent priority."

The report highlights concerns expressed by the Department of Homeland Security (DHS) and the U.S. intelligence community about terrorists using cyberspace to attack the country without physically crossing its borders. "Successive [intelligence chiefs] have warned that the cyber threat to critical infrastructure systems -- to electrical, financial, water, energy, food supply, military, and telecommunications networks -- is grave."

The report makes note of a briefing in which DHS officials described a "nightmare scenario" of terrorists hacking into the U.S. electric grid and shutting down power across large sections of the country for several weeks. "As the current crisis in Japan demonstrates, disruption of power grids and basic infrastructure can have devastating effects on society," the report noted.

The committee's report is sure to reinforce perceptions among many within the security industry that critical infrastructure targets remain woefully underprepared for dealing with cyberattacks. Over the past few years, there have been numerous attacks targeting government and military networks. Most of the attacks are believed to be the work of highly organized, well-funded, state-sponsored groups.

Despite the attacks, some believe that those within government are not taking the threat seriously enough. Just a few weeks ago, for instance, Cofer Black, former director of the CIA's Counterterrorism Center during the Bush administration, warned about cyberthreats not being taken seriously enough.

Though many security experts agree that future conflicts will likely be fought in cyberspace, military and government officials have shown a hesitancy to act until they see a validation of the threats, Black said during a keynote address at the Black Hat conference in August. It was the same sort of skepticism that many government officials had showed toward the alarms sounded prior to the Sept. 11, 2001, Black had noted.

The Bipartisan Policy Center (BPC) is a Washington-based think tank that was established in 2007 by former Senate Majority leaders Howard Baker, Tom Daschle, Bob Dole and George Mitchell. The NSPG is a group that was established by the BPC to monitor the implementation of the 9/11 Commission's recommendations for bolstering national security in the aftermath of the terrorists attacks.

Last week's report offers an assessment of the progress that the government has made in implementing the commission's recommendations. According to the NSPG, the government has made significant progress in addressing many of the 9/11 Commission's 41 recommendations.

However, several crucial ones remain very much a work in progress, the report noted.

One area where little progress has been made has to do with the recommendation to increase the availability of radio spectrum for public safety purposes, the report noted.

"Incompatible and inadequate communications led to needless loss of life" on 9/11, the BPC said in its report. But plans to address the problem by setting aside more radio spectrum for first responders have "languished" because of a political fight over whether to allocate 10MHz of radio spectrum to first responders or to a commercial wireless bidder.

Another area where progress has been limited has been on the civil rights and privacy fronts, the report noted. Surveillance activities and the use of tools such as National Security Letters to search for terrorists has greatly expanded since the 9/11 attacks. But a recommendation for setting up a Privacy and Civil Liberties Oversight Board with the executive branch of the federal government has yet to be fully implemented.

"If we were issuing grades, the implementation of this recommendation would receive a failing mark," the NSPG said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at  @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is jvijayan@computerworld.com.

Copyright © 2011 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon