[ISN] Black Ice scenario sheds light on future threats to critical systems

From: William Knowles (wkat_private)
Date: Fri Oct 19 2001 - 12:06:25 PDT

  • Next message: InfoSec News: "[ISN] Anthrax worm fails to spread on 'net"

    October 18, 2001
    WASHINGTON -- A little-known exercise held last year to help federal,
    state and local officials in Utah prepare for a possible terrorist
    attack during the 2002 Winter Olympics may hold some of the most
    important lessons for critical-infrastructure protection in the
    aftermath of the Sept. 11 terrorist attacks, according to a key
    official involved in the exercise.
    Next month marks the one-year anniversary of the first regional
    critical-infrastructure protection exercise, known as Black Ice.
    Sponsored by the Department of Energy (DOE) and the Utah Olympic
    Public Safety Command, Black Ice demonstrated in frightening detail
    how the effects of a major terrorist attack or natural disaster could
    be made significantly worse by a simultaneous cyberattack.
    "The terrorists in the Sept. 11 event had the patience to plan [and]
    the foresight and the understanding of the infrastructure that could
    be used to simultaneously or sequentially disrupt the infrastructure
    electronically and that could cause a major regional failure in this
    country," said Paula Scalingi, director of the DOE's Critical
    Infrastructure Protection Office and a central figure in planning the
    exercise. "There's no question that that's doable."
    The Energy Department is preparing a report detailing the impact of
    the Sept. 11 terrorist attacks in New York on various critical
    infrastructure sectors. Despite a few minor differences between the
    Black Ice scenario and the actual disaster that unfolded on Sept. 11,
    the exercise proved to officials that future terrorist attacks could
    be far worse if they include a major cyberdisruption.
    The Black Ice scenario takes place on Feb. 14, during the second week
    of the Olympics. A major ice storm topples power lines across seven
    counties and disrupts microwave communications in the Salt Lake City
    area. It also damages the high-voltage bulk transmission lines in
    several states, including transmission lines north and south of Salt
    Lake City.
    The damage to the transmission system isn't extensive, but the ability
    to import electricity to the seven-county area is hindered
    significantly. The lack of power generation forces authorities to
    conduct rolling blackouts.
    That's when the Supervisory Control Data Acquisition systems, which
    control the power grid, are further damaged by a cyberattack. The
    source of the disruption is unknown; it could be a hacker, a
    terrorist, an insider or the result of storm damage. Regardless, the
    failure begins to ripple throughout the rest of the regional
    "Communications were one of the first things to go," said Scalingi.
    "What was discovered is that if you have a prolonged power outage that
    goes on for several hours, your infrastructure starts to degrade.
    Power backup only lasts so long."
    And it's not just telecommunications. Water systems rely on electric
    power, as does the natural gas industry and the natural gas-powered
    electric utilities in the region. Emergency responders struggle
    through the chaos that results from Internet outages, cell phone
    overload and telephone failures.
    "You get the idea," said Scalingi.
    The ice storm could easily have been replaced with scenarios of
    multiple bombs, hijackings or other physical catastrophes, she said.
    The important lesson is that Black Ice showed how interdependent the
    various infrastructure systems, including telecommunications,
    utilities and banking, are to one another and to the combined effects
    of cyber- and physical attacks, she said.
    "The infrastructure system providers did not understand the
    interdependencies among their systems," Scalingi said. "If you talk to
    state and local government and local utilities, they'll tell you they
    have great response plans. The problem is, they write them in
    One recommendation was to develop a template for private-sector owners
    of critical-infrastructure systems to use to identify the various
    levels of interdependency among their systems. Utah emergency planners
    also proposed developing a secure database to store information
    provided by the various infrastructure owners. However, concerns about
    the security of proprietary industry data put the project on hold,
    said Scalingi. A report on the lessons learned and recommendations on
    how to prepare for such disaster was released in May.
    The database would have included geographic information system
    technology that would have enabled officials to view a graphic
    representation of the status of various infrastructure systems and how
    they connect, she said. Getting protection from Freedom of Information
    Act requests remains a key concern to most infrastructure companies
    and a main sticking point in information sharing, said Scalingi.
    "It would have been real useful to have that database," she said. "You
    have to be able to share information with the other infrastructures.
    That's exactly where we need to go in the post-Sept. 11 world."
    [ http://www.dtic.mil/ndia/2001wmd/scalingi.pdf ]
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 13:47:48 PDT