The federal government needs to strengthen information security and collaborate with the private sector to ensure that the economy is safe from Internet-based attacks, a Senate subcommittee was told Tuesday.
The technologies that direct transportation, water supplies, energy and emergency systems -- including police, fire and rescue teams -- are vulnerable to a combination of a traditional terrorist assault and a cyber-attack that would amplify catastrophic results, experts and federal officials testified.
Deputy Assistant Atty. Gen. John Malcolm said no such cyber-attack had been launched. But Dan Verton, a former Marine Corps intelligence officer and author of a new book on cyber-terrorism, said an assault was “inevitable.”
“We don’t take cyber-terrorism as seriously as we should,” said Sen. Dianne Feinstein (D-Calif.), the ranking member of the Senate Judiciary subcommittee on terrorism, technology and homeland security.
“A terrorist could theoretically use a computer to open up floodgates of a dam, disrupt the operations of an aircraft control tower or shut down the New York Stock Exchange.”
Though perceived as “thugs living a hand-to-mouth existence in caves in Afghanistan,” Al Qaeda is actually a “thinking enemy that values formal training,” Verton told the subcommittee. One of its objectives is to topple the U.S. economy by breaking encryption algorithms and infiltrating the technological systems of major corporations, he said.
“We’ve seen reports that Al Qaeda has explored the possibility of damaging some of our key computer systems, seeking to cripple electric power grids, transportation systems, even financial institutions,” said Sen. Jon Kyl (R-Ariz.), the subcommittee chairman. “Just imagine what chaos would result if a cyber-attack were coordinated with a more conventional strike, such as bombing a highly populated area and then tampering with emergency systems to thwart hospitals and first responders caring for wounded civilians.”
The growing numbers of Al Qaeda sympathizers, many of whom are young and computer-savvy, could “strike out against the U.S. through computers or targeting the cyber-infrastructure rather than strapping dynamite around their waists and walking into crowded cafes,” Kyl said.
A study conducted by the U.S. Department of Energy and the Utah Olympic Public Safety Command in 2000 demonstrated the damaging potential of a physical attack joined by a strike against information infrastructures.
Under the worst-case scenario, an area the size of five U.S. states and three Canadian provinces could be cut off from power for up to several months, Verton said, adding that officials in government and the private sector had limited knowledge of their linked infrastructure.
Kyl criticized the Department of Homeland Security’s efforts against cyber-terrorism, noting that a study released in December said computer viruses can spread more than 100 times faster now than in 2001.
“We’re working on contingency planning” with the private sector, said Amit Yoran, director of the national cyber-security division of the Department of Homeland Security.
Federal agencies are pursuing Internet-based security threats worldwide with the help of authorities in England, Japan, Canada, Australia, Germany, Russia, Romania and several African nations, said Keith Lourdeau, the FBI’s deputy assistant director.