- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
CSO - The damage to the electrical grid from Superstorm Sandy is just a taste of what could happen from a major cyberattack, says Department of Homeland Security (DHS) Secretary Janet Napolitano.
And a DHS task force said this week that one way to minimize that kind of risk is to recruit a "Cyber Reserve" of computer security pros that could be deployed throughout the country to help the nation defend and recover from such an attack.
Napolitano and other high government officials have been preaching about the escalating threats, particularly from hostile nation states like Iran, Russia and China, for some time.
The Hill reported that at a cybersecurity event hosted by the Washington Post, Napolitano said while recent news has been about financial institutions being hit with Distributed Denial of Service (DDoS) attacks, the nation's control systems for major infrastructure like utilities and transportation infrastructure were also being targeted.
The Secretary used Hurricane Sandy to make the point. "If you think that a critical systems attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities," Napolitano said.
[Bill Brenner in Salted Hash: DHS is right to eye kindergartners for future security roles, but don't forget the adults]
Government officials have been invoking the Pearl Harbor image for years. Defense Secretary Leon Panetta did it again just a few weeks ago, saying in a speech in New York that such an attack would, "cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability."
For good measure, he also called it a "pre-9/11 moment."
The security community is divided over the depth of the threat. Most experts say they are real, but not at the level of a catastrophic military attack.
Bruce Schneier, author and chief security technology officer at BT, told CSO Online this year: "Throughout history, the definition of a 'major war' has involved casualties in the hundreds of thousands. That means dead people."
Panetta did invoke the risk of dead people. "[Attackers could] derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals," he said. "They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country."
Patrick Lambert wrote in a TechRepublic blog post that while the scenarios painted by Panetta are horrifying, "there's no way to accomplish them solely via the Internet. Most things have to be done on site, and any critical systems shouldn't be connected directly to the 'Net in the first place."
John Felker, a retired Coast Guard captain and vice president of cyber programs at SCI Consulting Services, who believes Panetta is right, said: "Those systems were closed -- site specific -- when they were put in place a long time ago," he said. But now they are Internet facing. "It's cheaper that way, but they are also more vulnerable."