Experts: Little Chance Of 'Digital Pearl Harbor'
Now that the Pentagon is reportedly drawing up rules of engagement for a potential cyberwar against unspecified enemies, what can Americans expect should cyberterrorists decide to strike first?
Nothing much worse than the spotty service they already receive from their electric, telephone and Internet service providers, according to an expert here at the annual CyberCrime convention who recently modeled the scenario with government war game honchos and industry leaders.
“The idea that the U.S. collapses with one keystroke is clearly false and intended to frighten children,” said Richard Hunter, vice president at Gartner Group, the Stamford, Conn., research firm that conducted the war games.
That’s not to say all infrastructures are invulnerable. The teams found the Internet, while extremely difficult to take out completely by terror teams, could be “subverted” in a variety of ways without detection. And financial institutions could face vulnerabilities as well.
While agreeing that a so-called “digital Pearl Harbor” was unlikely, Casey Dunlevy, former senior U.S. intelligence officer and now a senior member of the government-funded CERT Analysis Center at Carnegie Mellon University, said it’s not unreasonable to expect terrorists to use computers as a “force multiplier.” For instance, terrorists could attempt to take down emergency response 911 networks after setting off a bomb.
While noting authorities have yet to document a case of cyberterrorism in the United States, Dunlevy said the center has noticed spikes in attacks on computers at U.S. financial institutions within 48 hours of international incidents.
Those findings carry some weight as administration officials reportedly have authorized the Pentagon to draw up guidelines for attacking enemy computer networks. The plan is said to include scenarios in which U.S. military operatives might use computers to disable foreign electrical, telecommunications and radar systems.
Hunter declined to speculate on what tools the Pentagon might use to carry out those operations, though he suggested use of viruses or worms could prove disastrous given their ability to spread back to U.S. computers. James Doyle, president of Internet Crimes Inc. and former executive officer of the NYPD Computer Investigation and Technology Unit, said a massive bombardment of enemy computer servers might prove an effective offensive.
But Hunter’s own first-hand experience at attempting to hypothetically cripple the infrastructure of the United States suggested the efforts of a well-financed terror cell would meet only limited success.
Last July, the Gartner Group and 100 industry and government experts conducted an exercise at the U.S. Naval War College to develop a model for a plausible large scale cyberattack against America’s critical infrastructure. Twenty experts acting as a terror cell financed with $200 million were given five hypothetical years to bring America to its knees.
They didn’t do well. The telephone network, it turns out, is such a geographically large and redundant monster that it would require a large number of physical attacks on equipment to bring it down. “I think it’s beyond the capability of most terrorist organizations,” Hunter said, saying service might be knocked out for short periods. Same for the electrical system.
The greatest potential threat is one against the financial networks. Terrorists with clean credentials could buy or even start a bank and get access to a clearinghouse that processes transactions. Terrorists could then introduce a massive onslaught of fraudulent bills into the system, causing it to choke on the unacceptable volume.