War college calls a digital Pearl Harbor doable

War college calls a digital Pearl Harbor doable

The Naval War College and consultants from Gartner Inc. of Stamford, Conn., last month held war games to see how easy it would be for attackers to disrupt key segments of the U.S. economy. They concluded it was doable, given enough time and money.

'We really felt at the end that it would be possible to bring off a digital terrorist event,' said French Caldwell, a Gartner vice president.

The time and money they assumed were five years and $200 million. That sounds like a lot, but 'we are not talking about an amount of money that would require a nation state' to sponsor the attacks, said Craig Koerner, a professor who teaches war gaming.

Caldwell and Koerner were on a panel that discussed the war game at the Sector5 cybersecurity conference in Washington this week. The games involved attacks on telecommunications, the Internet, financial services and electrical utilities. The real-life exploits were vetted by a panel of experts.

Attacks against isolated parts of the nation's critical infrastructure, such as electrical grid control systems, were more difficult but also harder to detect. Networked segments, such as the financial services industry and the Internet itself, were easier to attack but also easier to defend.

'The skills required on the Internet side were pretty minimal,' said David Fraley, a Gartner telecommunications and public network analyst. 'Our team said, 'We can do this with a small number of the right people.' The telecommunications side found ways to bring down elements for days, weeks or months, but their research requirements were more substantial.'

The targets on the electrical grid were supervisory control and data acquisition networks, said John Dubiel, a Gartner electric power analyst. Information to plan the attack was easy to come by, because 'there are a lot of reports on where the bottlenecks and the key transmission facilities are,' as well as details about the networks themselves, he said.

Undermining confidence in financial services could take several years of planning for an under the radar attack, said Annemarie Earley, a financial services analyst. But, she said, 'There's really no reason we couldn't do it.'

Although coordinating large-scale attacks across several industry sectors would be complex and costly, Koerner called the scenario 'too plausible for comfort. It's an obvious avenue of attack. It would be an almost irresistible target.'

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group