Cyber Eye: A digital Pearl Harbor might not be so easy
- By William Jackson
- Sep 18, 2002
For several years, federal officials have raised the specter of a digital Pearl Harbor'a sneak attack on the nation's critical infrastructures'to push for better computer security.
Just how likely is such an attack? The Naval War College, with the help of Gartner Inc. of Stamford, Conn., held war games this summer to find out. They devised scenarios for attacking the telecommunications, financial services and electric power industries, using real-life exploits vetted by expert panels.
'We felt at the end that it would be possible to bring off a digital terrorist event,' Gartner vice president French Caldwell said.
But it wouldn't be cheap or easy. The wargamers assumed the hackers had five years to plan and $200 million to spend, by no means unrealistic assumptions about a determined enemy. 'We are not talking about an amount of money that would require a nation-state,' said Crag Koener, a professor at the war college.
The effort did, however, discredit the myth of a lone hacker opening floodgates, shutting down power grids, or publicly posting Social Security and credit card numbers.
As the security-aware know, a PC with downloadable hacking freeware can be a powerful weapon. Lone hackers have penetrated and done real harm to government and commercial networks. But an attack on the scale of a digital Pearl Harbor would demand resources and coordination across multiple fronts.
The attack the wargamers envisioned against financial networks would take years of advance work and only reach full impact over several months' time.
'We didn't think we had the resources to attack the entire U.S. electrical system,' said Gartner's John Dubiel, who led the power industry analysis.
Attacking the Internet would be easier, but keeping it down would be difficult. Bringing down telecom networks would require substantially more research and planning'not to mention getting physical access to the targets, gamers found.
Even a single hacker can do real damage, and events have shown that our enemies are willing to devote their very lives to harming us.
But we can take some comfort in the fact that our critical infrastructures, even if imperfectly defended, are probably tougher nuts to crack than anyone thought.
William Jackson is freelance writer and the author of the CyberEye blog.