No one can prove it, but all fingers point at the Russian and Chinese governments. Dennis Blair, the U.S. director of national intelligence, told Congress that critical U.S. infrastructure, such as the U.S. electrical grid, is vulnerable to cyber attacks, and an unnamed senior intelligence official told the Journal, "The Chinese have attempted to map our infrastructure, such as the electrical grid... So have the Russians."
This shouldn't really be a surprise. There's a huge push to put everything on line -- and I'm not saying there shouldn't be -- but no consideration has been given to security standards. There simply aren't any.
Meanwhile, utilities are trying to put an additional 40 million nodes online because it makes meter-reading easier. Fiber to the home puts us all online so we can program our TVs remotely. Those are all good things.
But it's as if we were still driving around in cars without seat belts, or allowing building contractors to sell homes without requiring them to obtain a certificate of occupancy to ensure the houses are safe. Most things that are produced have to meet certain standards before they can be sold to the public. But the Internet isn't subject to standards because it's still early days, and everyone is so busy trying to figure out how to get online and get smarter that they're not thinking about security.
As cyberterrorism expert Melih Abdulhayoglu just told me, "People are looking at enablement, not figuring out vulnerabilities that enablement brings. But there has to be a standard for putting things online, especially when it concerns our national security."
Abdulhayoglu noted that U.S. airlines were just as vulnerable on September 10, 2001 as they were on September 11, but they weren't aware of it. "We're living in pre-9/11 days in the Internet. We're vulnerable to attack but we just don't see it," he told me.
He added, "We have to start creating those standards."