Cyber Eye: It's hard to keep a good infrastructure down
- By William Jackson
- Sep 11, 2003
Within seven days last month, every segment of the nation's critical infrastructure came under fire, yet we weathered the assaults with no signs of lasting trauma.
On Friday, Aug. 8, a major gasoline pipeline in Arizona was shut down. The following Monday, the Blaster worm began crawling through the Internet. On that Thursday, while administrators were struggling to patch systems and clean up after the worm, a cascading power failure blacked out parts of eight U.S. states and two Canadian provinces.
In our efforts to defend critical infrastructures, it's important to remember how resilient they are. The interconnections that make them vulnerable also build in redundancy. Complexities that make them difficult to manage also eliminate single points of failure.
Take the blackout. It shouldn't have happened. Almost 38 years after the first such massive event, procedures and technology were supposed to be in place to stop a repetition. Yet the power grid and the process of failure are so complex that not only was it not stopped, but weeks afterward we still don't know for sure what happened.
That complexity makes it unlikely terrorists could duplicate the event. The kinds of things terrorists are good at, such as blowing up power plants, are the kinds of things we can guard against. Such an attack would do more physical damage, but the effects would be easier to contain.
Despite the complexity of the outage, power was restored within hours. There were consequences, of course. The economic impact for New York City alone could exceed $1 billion. But such estimates are notoriously unreliable, and economists do not expect the effects to be long-lasting.
Yet with all due sympathy for those inconvenienced by the blackout, the impact did not approach that of the heat wave blamed for many thousands of deaths in Europe that same week. (Several deaths were atttributed to the Northeast blackout.)
Our August here was certainly newsworthy but, in the end, mostly inconvenient. Any terrorist looking for the soft underbelly of the American infrastructure should be discouraged.
That doesn't mean that we shouldn't be concerned about protecting our infrastructures, physical and cyber. But in building an effective defense we must consider strengths as well as weaknesses. Both were visible during that week in August.
William Jackson is freelance writer and the author of the CyberEye blog.