This week's 60 Minutes broadcast should make everyone afraid, very afraid, of the real, looming specter of cyberwarfare attacks. As I recently blogged, government agencies are already going full-bore to come up with guidelines to protect federal networks. So when an Admiral goes on national television to say hackers have the ability to take down our power grid, he's
This week's 60 Minutes broadcast should make everyone afraid, very afraid, of the real, looming specter of cyberwarfare attacks. As I recently blogged, government agencies are already going full-bore to come up with guidelines to protect federal networks. So when an Admiral goes on national television to say hackers have the ability to take down our power grid, he's doing it to deliver a warning.I was actually poised to turn off the segment, which I happened upon by accident following Sunday's last-minute Giants loss. Half-expecting the usual security for dummies piece, I was surprised to see an unusually detailed (for TV) dive into the subject by correspondent Steve Kroft. What I wondered about most was, why were the likes of retired Admiral, and former NSA director, Mike McConnell and Jim Lewis, director of the Center for Strategic and International Studies, blabbing away about vulnerabilities in domestic networks?
"Do you believe our adversaries have the capability of bringing down a power grid?" Kroft asked McConnell.
"I do," McConnell replied.
To give some ummph to his warning, McConnell leaked the previously undisclosed news that a series of power-grid outages in Brazil in 2005 and 2007 were caused by hackers.
"In 2007 we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor," Lewis said. "Some unknown foreign power, and honestly, we don't know who it is, broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."
This was a serious attack. And that's really what made people wake up and say, 'Hey, we've got to get a grip on this,'" Lewis said.
So then it hit me. (It seems obvious now, but it had been a long day.) These guys are alarmed at the lack of attention to the threat. Utilities aren't addressing power-grid vulnerabilities, because they're commercial entities more concerned with their finances than with government security protocols. OK, this isn't all that shocking.
What's more worrisome, though, is that one can infer from the volubility of these normally closemouthed types that there's a hidden agenda. (When FBI and NSA types talk, it's for a reason.) That agenda, I suspect, is unhappiness with the progress, or lack thereof, of the cybersecurity protection efforts wending their way through the National Institute of Standards and Technology (which we know about) and various other bodies (e.g., NSA, which we don't know about).
The one point of comfort , coming from Lewis, is that whatever the Chinese and Russians are doing to us, we're doing to them, too. However, he did make the point that the United States is the big target, and we've got a lot more to lose from cyberattacks than do our adversaries.
The bottom line is, these guys are offering a serious warning, and it's time to listen up.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.