ControversyExperts disagree on risks to U.S. critical infrastructure

We reported yesterday that after many delays and much pointed criticism, DHS has released its 175-page draft National Infrastructure Protection Plan (NIPP) even as it allowed the public only two weeks to download the .pdf file from the DHS Web site and limited the public comment period to thirty days (which end 5 December). How vulnerable, however, is the U.S. critical infrastructure network? Experts disagree. Here are a few quotes:

The Be Worried camp:

“There is a general danger of cyber-terrorism but there are more immediate and direct threats to the infrastructure, and if you have limited money, I would chase the other threats before cyber-terrorism,” says Mark Rasch, former head of the U.S. Justice Department’s computer crime unit. He adds: “We know [terrorists organizations] have spent considerable energy researching vulnerabilities, attracting and retaining people with cyber-crime skills, including virus writers, and that tells us they have the desire and capability to launch attacks on the electronic infrastructure …. We also know they have the desire to go after SCADA [supervisory control and data acquisition] systems which control real-world things — like the opening or closing of a dam or whether an elevator goes up or down.”

Dan Verton, author of Black Ice: The Invisible Threat of Cyber-Terorism, says al-Qaeda learned from the 2001 attack on the World Trade Center that it had also inadvertently destroyed two key communication switches in the base of the building and had managed to put the New York Stock Exchange offline. This would mean future attacks were likely to be coordinated, combining a physical attack with disabling the electronic infrastructure, he says.

Mark Rasch agrees: “A simultaneous cyber-attack will inhibit the government’s chance to respond …. You blow up a building in San Francisco and you take out the phone system or the traffic lights at the same time.”