To help individuals better understand the apocalyptic potential of cyberterrorism, in 1998 Robert Rief developed a passage whose nightmarish particulars mimic in some respects those of the September 11, 2001, attack on the World Trade Center. The Wall Street computer systems crash and the financial system network is brought to a halt. In buildings, the emergency lights dim and chaos peaks on streets. Subways and trains fail to support the usual masses, and at the airport, the computers fail—though no bugs are immediately apparent. In short, the usual tempo of life in “the Big Apple” grinds to a halt amid a backdrop of massive chaos.
It is interesting to note that a cyber Apocalypse could occur, for hundreds of times daily, crackers attempt to invade critical infrastructure facilities in the United States. One such place of attack is the computer network of Constellation Energy Group, Inc., a Maryland power company having clients across the United States. Though to date crackers have not caused serious damage to the network that feeds the U.S. power grid, the experts caution that terrorists could engineer a crack that triggers a widespread blackout and victimizes power plants, producing an extended outage. The U.S. power grid system has become more vulnerable to cracks in recent years since control of the electric generation and distribution equipment was moved from private, internal networks to SCADA (Supervisory Control and Data Acquisition) systems, accessible through the Internet or by telephone. Though the SCADA technology allows employees to operate equipment remotely, without question it is more vulnerable to crack attacks.
Of further interest, in February 2005 guards placed at the Nevada Test Site to protect the nuclear weapons complex north of Las Vegas failed a test in which they were to combat a mock terrorist attack. A spokesperson for the National Nuclear Security Administration, the group responsible for operating the complex, said that deficiencies had been identified during the test. Though the numbers of guards and particulars about the Test Site are classified information, weapons-grade plutonium and very enriched uranium are apparently stored there. In 2004, the United Nations’ International Atomic Energy Agency (IAEA) cautioned about an increasing international concern regarding the potential for cyber attacks on nuclear facilities. Though no public reports regarding successful attacks against nuclear plants have surfaced to date, in 2001 the Slammer worm cracked a private computer network at Ohio’s nonactive Davis-Besse nuclear plant, bringing down a safety monitoring system for almost five hours—and creating concerns regarding a potential cyber Apocalypse. Apparently, the worm got in through an interconnected contractor’s network that bypassed the nuclear plant’s firewall.
Because of these concerns, the United States Nuclear Regulatory Commission (NRC) began a public comment phase in January 2005 regarding a 15-page updated regulatory guide entitled “Criteria for Use of Computers in Safety Systems of Nuclear Power Plants,” which will supersede the previous 1996 three-page version that had absolutely no mention of such security issues. The updated version not only advises against network interconnections such as the one that brought down the Davis-Besse plant for an extended period of time but also suggests that plant operators should take into account the impact that each new computer system has on the entire plant’s cyber security. The updated version also speaks to the development of response plans for coping with cyber attacks and presents ways for reducing the risks of Black Hats “planting” back doors and logic bombs in the safety system software when it is being designed and, later, implemented.
See Also: Attack, Black Hats; Critical Infrastructures; Telecom.