As computers and servers have taken over running everything from trains and subways to electrical plants and power stations, the concept of a Cyber-911 — a hack so critical that it actually puts lives or vital resources for survival in jeopardy has had the blogosphere randomly speculating for years. However, most of those discussions were based on unfounded rumors and wild conspiracy theories.
Recently, one of the top government experts on cybercrime, confirmed some of our worst fears about the possibility of that actually occuring.
In April, an little-known government agency shoehorned a frightening revelation into its monthly newsletter. It stated that the networks of several natural gas pipeline operators had been hacked. Natural gas pipelines not only supply millions with power for their homes and businesses, but they are also extremely volatile if allowed to overload or if their capacities were pushed past safety limits.
The idea of these networks being vulnerable to malicious attack is the realization of the nightmare scenario, and it has raised more than a few eyebrows.
According to CNN:
“The natural gas attackers got in through “convincingly crafted” emails that appeared to be internal and went to a ‘tightly focused’ list of targets, according a Department of Homeland Security cybersecurity team. The campaign lasted three months before it was discovered.”
And that’s what prompted Shawn Henry, the FBI’s number one cybercrime official, to bring up the concept of a Cyber-911.
In his opening keynote at Black Hat — one of the longest-running annual conferences of people who research security — he talked about the very real nature of this kind of threat.
“The adversary knows that if you want to harm civilized society — take their water away, do away with their electricity,” Henry said. “There are terrorist groups that are online now calling for the use of cyber as a weapon.”
Henry added that the hacks that are made public are “the tip of the iceberg.”
“I’ve seen below that waterline,” said Henry, who recently retired after 24 years with the bureau. “I’ve been circling below it for the last five years.”
His view is that American companies are somewhat hiding their heads in the sand over the reality of these attacks and the actual scope of the crisis.
“I still hear from CEOs, ‘Why would I be a target?’” he said. “We worked with one company that lost $1 billion worth of IP in the course of a couple of days — a decade of research. That is not an isolated event. … Your data is being held hostage, and the life of your organization is at risk.”
He also talked about an attack on a small business. Now keep in mind, depending on which statistics you believe, small business accounts for about 70 percent of the U.S. economy.
“There was a small company with $5 million in capital that made short-term loans,” he said. “They were hacked, lost their money, and were out of business Monday morning because they didn’t have any capital.”
So what can we do? He’s not just a Chicken Little. Henry believes companies should start taking steps right now. Henry said companies and governments need to start sharing information about security and suspected attacks. His opinion is that we can become more secure by scaling up on security and working with the government to tighten the security Web.
“This is probably the first time in history that civilians are on the front lines of the battle every day. That’s you.”
I agree. If you have security concerns, call me and I’ll work with you to develop a solution.