http://seattlepi.nwsource.com/local/85214_cyberthreat02.shtml Monday, September 2, 2002 By SAM SKOLNIK SEATTLE POST-INTELLIGENCER REPORTER From nuclear plants to gas pipelines to electric utilities, Western Washington contains several "critical infrastructure" facilities that terrorists might target -- through their computers. Two recent incidents have heightened concern about cyberterror attacks, and have raised new questions about the capabilities of al-Qaida and other terror groups. Late last year, FBI agents in San Francisco discovered that sophisticated hackers, working from the Middle East, had intruded into sites detailing Bay Area emergency telephone service, electrical generation and transmission, and the operations of nuclear power plants. And last month, federal officials said they detected a series of small electronic attacks against U.S. Internet providers, including some in Seattle. The initial government alert cited Italian authorities who warned that "wide-scale hacker attacks" were planned against U.S. sites. Local officials, from prosecutors to managers of the Columbia Generating Station in Richland and the Bonneville Power Administration, say they are not aware of any current terrorist threat. But those energy-related facilities, along with Seattle City Light and the Olympic Pipe Line Co., say they have recently taken more steps to secure their systems. "For the potential cyberterrorists, we know we have vulnerabilities," said U.S. Attorney John McKay, the top federal prosecutor in the region. "So we're out there in terms of education and prevention." McKay has bolstered the office's cybercrime squad to five prosecutors and three support staff members, up from two attorneys and one staffer. So far, most of the unit's time has been spent on more routine cases involving hackers who get into corporate or government computer systems. Yet, McKay said, "Counterterrorism is our main priority, so preventing cyberterror is our main concern there." One way to do this is to educate business and utility managers to beware of any possible intrusion -- and ensure that they tell government investigators, which market-sensitive companies are sometimes reluctant to do, said Assistant U.S. Attorney Floyd Short, who oversees the cybercrime unit. The stakes in the counterterrorism game grew recently when top-level government officials conceded that al-Qaida and other like-minded terror groups could be close to having the capability to use the Internet as a deadly weapon, possibly in connection with more conventional attacks. Ronald Dick, head of the FBI's National Infrastructure Protection Center, recently laid out a terrifying scenario: "The event I fear most is a physical attack in conjunction with a successful cyberattack on the responders' 911 system or on the power grid," Dick recently told a closed-door gathering of security company executives, according to The Washington Post. In a subsequent interview with the Post, Dick said a coordinated attack could mean that "the first responders couldn't get there ... and water didn't flow, hospitals didn't have power. Is that an unreasonable scenario? Not in this world. And that keeps me awake at nights." In late January, federal officials reported that a photo of the Space Needle and of a hydroelectric dam similar to the Grand Coulee Dam were found in the rubble of al-Qaida hideouts in Afghanistan. That followed a government alert Jan. 24 about possible threats to nuclear power plants nationwide, including the Columbia Generating Station near Richland. Officials with Energy Northwest, which runs the plant, say the plant has not received any direct threats, cyber or otherwise -- and further that they have security systems in place to handle any that might come. The Nuclear Regulatory Commission did thorough reviews in advance of Jan. 1, 2000, when some predicted that a "millennium bug" or attack by a doomsday cult would cause havoc. Analysts "determined there were no vulnerabilities found" with the computer systems at the Richland plant -- the only operational commercial nuclear power plant in the Pacific Northwest, said Kelly Butz, an Energy Northwest spokeswoman. "Engineer safety systems in place were in fact protecting us from any cyberthreat," Butz said. The gasoline pipelines that move millions of gallons of fuel through the state are also protected from threats, officials say. Dan Cummings, a spokesman for BP Pipelines, North America Inc., which now operates the Olympic Pipe Line system, said "security enhancements" were made on all of their systems -- including their computers, which operate the pipeline -- just before Sept. 11. Cummings also said Olympic has a backup system ready to be booted up, should the main computer system be hit. He declined to discuss the specifics of their computer network -- as did each of the officials reached at various critical infrastructure facilities throughout the state, including officials with Seattle City Light. Cummings noted that a pipeline failure could be caused by other types of terrorist strikes, such as an attack on the BPA regional electrical power grid. His point -- that there are significant vulnerabilities of interdependence -- recently was pounded home to managers of critical infrastructure facilities and law enforcement and other public-safety officials at a closed-door meeting sponsored by the newly formed Partnership for Regional Infrastructure Security. Officials with the regional public-private partnership were hosts of the conference June 12 at Welches, Ore., at which possible local terrorist acts against critical infrastructure facilities were discussed. Such facilities included energy providers or telecommunications networks -- and the devastating domino effect that an attack on them could have on the ability of other utilities to function. "What if the telecoms aren't working? Pipelines rely on telecoms to send signals to regulate flow," said Barry Penner, a member of the British Columbia legislative assembly and president of Pacific NorthWest Economic Region. "What if the natural-gas supply was disrupted for a few days? The electric utilities could be affected." Penner's group, which oversees the infrastructure security partnership, is a Canadian-American group composed of legislators and government, utility and private sector leaders. At the end of the conference, the partnership ran a full-day exercise called "Blue Cascades," in which officials were asked to respond to a simulated attack on the region's electric power supply. The electrical failures in the scenario caused telecommunications and natural-gas distribution disruptions, as well as threats to the operation of the region's water systems and ports. A report issued from the conference faulted infrastructure-facility authorities for not fully realizing their interdependence and for not having plans in place to deal with such possible attacks. The report also faulted officials for not recognizing their reliance on computers -- and what could happen if their systems were shut down. "There was little recognition of the overwhelming dependency upon IT (information technology)-related resources to continue business operations and execute recovery plans," the report says, "and the need for contingency plans in the event of loss or damage to electronic systems." "We're vulnerable to concerted terrorist attacks, the acts of yahoos or even the weather," Penner said. "We live in the most interdependent region in North America. We've got to be better prepared." Paula Scalingi, an infrastructure security consultant based in Vienna, Va., who designed the Blue Cascades exercise, said that before Sept. 11, utility managers usually planned only for "single-point failures" such as natural disasters, which would affect only one plant or business. But if terrorists hit just one critical utility, "you could have a domino effect that could basically shut down a region," said Scalingi, who formerly was director of the U.S. Department of Energy's Office of Critical Infrastructure Protection. "Up until September 11, people really have not been aware of how interconnected the infrastructures of the country have become," Scalingi said. Scalingi said the news is mixed regarding the threat of cyberterrorists. "Responsible companies are undertaking cybervulnerability assessments, and this is good," Scalingi said. "But the determined hacker still has the ability to wreak havoc." P-I reporter Sam Skolnik can be reached at 206-467-1039 or samskolnikat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 04:29:03 PDT