The nightmare scenarios involve a computer attack on systems like telecommunications, electricity or water supplies. “Increasingly there are components on the electric-power grid and the natural-gas pipeline network that are controlled remotely via the Internet,” says Jeffrey Hunker, dean of the Heinz School for Public Policy and Management. Juice could be cut off and energy supplies halted. Hacking into the electronic-funds-transfer network would exact an inestimable economic toll. The threats are real. In a 1997 test called Eligible Receiver, 34 National Security Agency techies posed as North Korean cyberwarriors. “We learned that hackers could have a dramatic impact on the nation’s infrastructure, including the power grid,” according to a Pentagon spokesperson.
Fortunately, critical systems have layers of protection against intrusions, starting with firewalls. But both government and industry could improve their spotty track record of enforcing basic rules: constant vigilance of what’s happening on a system and monitoring who’s in and who doesn’t belong. Encryption programs that hide communications also provide security. “Even if terrorists get physical control of a system, with strong crypto installed, they wouldn’t be able to make use of it,” says Howard Schmidt, Microsoft’s chief security officer (and an Army reservist recently called up to fortify U.S. networks). Cybersecurity czar Richard Clarke is recommending a separate network called GOVNET, a voice-and-data system less subject to denial-of-service attacks and viruses. “There are government functions that need to communicate reliably at all times,” says Clarke.
FIRST STEPS: Monitor computer systems better and more often. Augment physical access to prevent insider attacks. Train more cyber-security managers and wizards.
