written by Mr. Oded Raz.
Since its inception, the goal of modern terrorism has been to disrupt a nation’s routines. The vast majority of terrorist events have been directed against the sovereign elected government and the citizens of the state.
The 9/11 attacks brought the impact of terrorism to a new level: for the first time, attacks were carried out against the most fundamental components of a country and Western civilization:
- Undermining one’s sense of personal safety.
- Rocking the economy.
- Damaging the symbols of the ruling class and governability.
The impact of the event, defined by the best of researchers as a third world war between the West and its enemies, resulted in the governments making enormous investments in physical defenses of the basic values of society and its fundamental components – i.e., their civilians.
The radical Islamic organizations understood that they have the capability of affecting the West’s way of life in a dramatic way using sophisticated methods that lead to chaos in the nation under attack. The information age generated the insight that it is possible to achieve the results described above by attacking the Internet networks of critical systems in the target nation. The nations of the West, reliant on information infrastructures, are the obvious preferred target as damage to critical infrastructures can disrupt many vital systems affecting the functioning of the entire country.
In August 2003, the electric grid in New York crashed. According to reports, 60 million Americans and Canadians were affected at the peak of the power failure. More than 10 million households experienced a total blackout. Flights were cancelled, trains were stuck on the tracks, fires broke out, elevators filled with riders stopped between floors, and cars caused enormous traffic backups because of delays in fuel supply. On the basis of initial estimates, the cost of the power failure in New York State alone was assessed at $0.5 billion. It is still not clear whether the breakdown was the result of a planned attack or not. Either way, the incident is indicative of the impact of the damage that such an attack could potentially cause.
The new challenge resulted in a confusion of concepts as the professional literature united all new threats under the label of “unconventional terrorism.” No distinction was made between terrorism using unconventional materiel and terrorism delivered over the World Wide Web.
The use of the World Wide Web allows attackers anonymity: they do not have to rub shoulders with the target in order to learn about the its structure, nature and security routines, but can sit in an air conditioned room thousands of miles away and attempt to hack into critical systems using only a computer.
McAfee, the giant information security company, and the Center for Strategic and International Studies recently published a report reflecting the cost of the effects of cyber attacks on critical infrastructures, such as power stations, fuel and gas depots, and water reservoirs. The report included a survey that included some two hundred IT experts from organizations associated with critical electric infrastructures in fourteen countries: Australia, Brazil, China, France, Germany, India, Italy, Japan, Mexico, Russia, Spain, the United Arab Emirates-Dubai, and the United States.
The survey revealed that 40% of managers believe that the level of vulnerability of their industry has gone up. Close to 30% believe that their organization is not prepared for cyber attacks, and more than 40% expect that such an attack is likely to occur within a year.
The report, entitled “In the Dark: Crucial Industries Confront Cyber attacks”, was commissioned by McAfee and written by the CSIS. It is a continuation of a similar report published about a year ago that found that most critical infrastructures lack appropriate protection for their computer networks. The new study shows that, while the threats against critical infrastructures have accelerated, the rate of preparedness against such threats lags behind.
Based on the data above, it may be determined with a high rate of probability that the next target will be a computerized system operating all the critical infrastructures in a vulnerable nation. Such an attack is liable to damage, among others, the following:
- Power stations.
- Energy providers: fuel and gas companies, etc.
- Command and control systems: air traffic control towers, traffic lights, and more.
- Financial systems: the stock market, banks, insurance companies, etc.
- Telephone systems, both stationary and mobile.
- Emergency systems: health services, fire fighters, etc.
- Government offices.
The striking of all of these systems would cause anarchy and damage to governability and institutions of enforcement.
- To analyze the threat.
- To map the critical infrastructures in the country and examine alternatives for an emergency.
- To decide which infrastructures to protect.
- To determine principles for prioritizing security responses.
- To prepare to implement appropriate operational responses.
- To construct a security program for targets included in (3).
- To create binding legislation and regulations at the federal level.
- To train personnel to cope with the threat in routine times and in emergencies.
Early preparation at the state level will provide ample professional security responses that can, at a high rate of probability, neutralize the damage and keep it to the absolute minimum.
Mr. Oded Raz – Oded Raz, is a former senior ranking security official of the Israeli Security Agency (ISA). His most recent position with the ISA was as deputy head of the protection and security division. Mr. Raz advises clients on strategic tactics for security preparedness and assists companies in both identifying alternative uses for technologies to enhance homeland security defense and integrating them into the security marketplace. email@example.com