Courtesy of the International Spy Museum
Visitors read about cybersecurity threats at the International Spy Museum's new exhibit. The room goes dark every few minutes to simulate what would happen if the electrical grid were crippled.
Visitors read about cybersecurity threats at the International Spy Museum's new exhibit. The room goes dark every few minutes to simulate what would happen if the electrical grid were crippled. Courtesy of the International Spy Museum
We're in the dark.
That's the fear — and just part of the grim reality — if the nation's power grid should be disabled by a cyberterrorist.
It was one of the messages communicated by a panel of officials, past and present, from the CIA, the National Security Agency and the Department of Homeland Security, among others, at the opening of a new exhibit on cybersecurity called "Weapons of Mass Disruption" at the International Spy Museum in Washington, D.C.
"Taking down the grid for months comes as close to a nuclear attack with many weapons on the United States as anything could," says R. James Woolsey, former director of the CIA. "You'd have mass starvation and death from thirst and all the rest."
So why is the U.S. at risk? Because so much of our infrastructure — including the electrical grid, water and sewage treatment, as well as our transportation system — is computerized.
This week, reports surfaced online about a phishing scheme by hackers that resulted in the posting of thousands of user names and passwords for Web-based e-mail accounts, including Windows Live Hotmail, Gmail and Yahoo Mail accounts. The disclosure underscored how individuals — not just governments — can be affected by hacking. Google and Microsoft said the incident did not involve a security breach of their systems.
Cybersecurity A National Priority
Though he has called for a cybersecurity initiative, President Obama has yet to name a national cybersecurity coordinator. In a May speech, he said: "From now on, our digital infrastructure — the networks and computers we depend on every day — will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority."
James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, says the U.S. is "really far behind." The first major hacking incident by a foreign power against the Department of Defense and other networks aimed at stealing high-tech secrets occurred in 1984, he says. "So, it's been 25 years and we're still waking up."
Lewis says the No. 1 problem revolves around espionage. The U.S. stands out as the biggest target and as a result, it's the victim of more cyberattacks than any other nation, he says.
There have been hundreds of "clandestine incursions" into computer systems where hackers, criminals or spies have disabled Web sites — including those of government agencies — and succeeded in stealing defense and intelligence data, according to the guide to the exhibit.
The museum's historian, Thomas Boghardt, says one of the most recent attacks, with the code name "Independence," occurred July 4. Suspected North Korean attacks targeted numerous Web sites, including those of the Department of Defense, the National Security Agency and the Nasdaq Stock Market.
"The cyberthreat is the soft underbelly of the United States today in terms of strategic vulnerability," says former Director of National Intelligence Mike McConnell.
McConnell says he's concerned about terrorist groups with the capability to attack the U.S. money supply: "Because if someone is capable of destroying data — not stealing data, not hacking to deface the Web site, but successful in contaminating the accounting system, the reconciliation system — it could have impact of global proportions."
At the spy museum exhibit, the ceiling is designed to look like an electrical grid. Every few minutes the entire room goes dark. Then some words pop up on a flat-screen TV: "No Power. No Communication. No Transportation." The list goes on.
It's easy to see that there are serious consequences of not having adequate protections in place. But the government faces a balancing act between safeguarding privacy and implementing cybersecurity protections.
"We have not found a way to square cybersecurity and civil liberties yet," says Lewis of the CSIS. "So, there are technologies that could make us safer, but we can't use them."
Philip Reitinger, a deputy undersecretary at the Department of Homeland Security, says cybersecurity is a "shared responsibility" among governments, the private sector, the intelligence community and end-users. He says the government must move beyond its "whack-a-mole" approach — putting out one fire and then another and another — in favor of a strategy that "protects privacy by design."