Last night Steve Kroft of 60 Minutes looked into how computers and the Internet can be used as weapons, a topic we have covered here for nearly two years. It was a very good piece.
The 60 Minutes online and on-air coverage discussed multiple events (cyber attacks) including one event in three cities north of Rio de Janeiro that occurred back in January 2005. They reported that in these events, hackers were able to penetrate the control systems and manipulated those controls for the power grid.
During the pieces Steve Kroft interviewed former Director of National Intelligence Mike McConnell who said that he believes it could happen in America. He went on to say that "If I were an attacker and wanted to do strategic damage to the United States, I would probably sack electric power on the U.S. East Coast, maybe the West Coast and attempt to cause a cascading effect."
McConnell is not the only one with this opinion. Democratic Congressman Jim Langevin of Rhode Island who chaired a subcommittee on cyber security agrees and said that U.S. power companies need to be forced to deal with the issue after they told Congress they would take steps to defend their operations but did not follow up.
Much of the rest of what 60 Minutes said was a rehash of what has already been published.
Examples:
- September 15th, 2008 in the posting "Where were you when the lights went out?"
- November 17th, 2008 in the posting "Legal Risks of Cyber Outage"
So what was missing from the 60 Minutes piece? This year I referenced in several briefings and during my lecture at Harvard a study by the European Parliament -- Directorate General for External Policies that was titled "Cyber Security and Politically, Socially and Religiously Motivated Cyber Attacks." On page 14 of that study in the third paragraph it states the following.
"In 2001, following a dispute over damage to US and Chinese aircraft in the South China Sea, both countries suffered a series of cyber attacks, and at one stage California's electricity grid was almost shut down."
I wonder if Congressman Langevin knows about that!
Background: Referenced Event: The aircraft incident occurred April 1st, 2001 when a U.S. Navy EP-3 surveillance plane was involved in a midair collision with fighter aircraft from China. The U.S. reconnaissance aircraft was on a routine surveillance mission and stated they were over international waters. As you may recall tensions between the United States and China became very strained. China disputed the location and said they were in their airspace. The U.S. Navy said their aircraft had significant damage and required an emergency landing be made at a Chinese military airfield on the island of Hainan, China.
Add the 60 Minutes reporting together with the EU study and the April 8th, 2009 WSJ story that stated "Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials" that was pointed out back on September 21st in the DefenseTech -Cyber Warfare blog posting.
There's Concern, but Where's the Action? What has to happen to get the military, the private sector and the government to work together and protect the United States from this growing threat?
