"An attack on the scale of the Bhopal disaster in India is not
impossible," says Mr. Clarke, citing the chemical leak that killed
some 3,800 people in 1984.
Despite such a nightmare scenario, federal officials are more
immediately focused on the threat of a dual attack, says Mr. Powner of
the GAO. "There is a lot of concern in government about what the FBI
calls a swarming terrorist attack. You have a physical attack and a
simultaneous cyber-attack on critical infrastructure -- that really
hurts your ability to respond."
The cascading effect of such an attack could cost the nation billions
of dollars. And getting the incredibly complex systems up and running
again wouldn't be easy, security experts say.
Many experts say that DHS is still relatively unprepared to protect
America's critical infrastructure against a cyber-attack.
"In government, when it came to senior level focus after Sept. 11,
99.9 percent was skewed towards physical protection, and
cyber-security took a back seat," says Paul Kurtz, director of the
Cyber Security Industry Alliance and a former Bush administration
official. But he is optimistic that attitudes are changing.
Facing mounting pressure, DHS is creating a national cyberspace
response system. Supporters claim it will help the government work
with the private sector to prevent, detect, and respond to cyber
incidents. In November, DHS will launch its first major national
exercise -- code-named "Cyberstorm" -- to test the government's
ability to partner with the private sector in response to a major
cyber incident.
Last month, DHS Secretary Michael Chertoff created a new post,
assistant secretary of cyber and telecommunications security, a
position that Mr. Kurtz says will carry the necessary clout.
But Clarke points out that the position hasn't been filled yet.
"So far it's been all talk," he says.
Power companies aren't waiting around for governments to protect
them. "Ultimately industry has to be responsible for protecting its
own assets," says Ellen Vancko of the North American Electric
Reliability Council. The council is developing cyber-security
standards, which its members will have to uphold.
The industry has a lot to address, Clarke says. "Every time the
government has tested the security of the electric power industry,
we've been able to hack our way in - sometimes through an obscure
route like the billing system," he says. "Computer-security officers
at a number of chemical plants have indicated privately that they are
very concerned about the openness of their networks and how easily
they might be penetrated."
Copyright 2005 The Christian Science Monitor.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, Christian Science Publishing Society.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml