Now that President Obama has won his reelection bid, his administration is looking into key issues to set the agenda for the next four years. Of course the impending fiscal cliff and the down economy in general are on top of that list. However, Hurricane Sandy, the sudden resignation of CIA director David Petraeus and even the new James Bond film Skyfall bring up questions about national security threats to American infrastructure and specifically the growing concern about cyberterrorism. Many of the attendees of our post-election webinar last Saturday felt that these issues need to be taken more seriously in the very near future.
Regarding Hurricane Sandy, many of our non-American webinar attendees were shocked by how easily buildings, power and communications structures were disabled in New York and New Jersey in the storm’s aftermath. As of writing this, there are still 170,000 New Yorkers without power.
…According to Reuters, 20 percent of New York City was blacked out on Tuesday. When a substation exploded in downtown Manhattan Monday night and sent more than 250,000 into darkness, astonished residents took pictures of the eerily dark Manhattan skyline.
But New Yorkers are suffering from blackouts related to more than just the storm’s wind and flooding. Late Tuesday night, ConEdison reportedly cut power to more than 160,000 homes in Brooklyn and Staten Island because of storm-related issues on high voltage systems.
Major Internet, television and phone provider Verizon saw major damage to its telecom equipment located in Lower Manhattan, Queens and Long Island — areas that saw some of the worst of the storm’s surge floods. On Wednesday afternoon, Verizon had not yet released an estimate of how many customers were affected by the outages, but the company told Reuters on Tuesday that anyone affected has suffered a complete loss of all services. Several other cell phone providers, including AT&T and Sprint, say that service is spotty in areas hit hardest by the storm.
At the time of writing, more than 600,000 ConEdison customers in New York City’s five boroughs remain in the dark, though ConEdison reportedly believes service will be restored within four days for many Brooklyn and Manhattan customers whose power lines are underground. For others, service may not return for more than a week…
“The construction of this city did not anticipate these kinds of situations. We are only a few feet above sea level,” New York Governor Andrew Cuomo said to the New York Times. “As soon as you breach the sides of Manhattan, you now have a whole infrastructure under the city that fills — the subway system, the foundations for buildings, and the World Trade Center site.”
Nonetheless, climate change experts have been complaining to public officials for years about the need to improve buildings and communication structures to deal with rapidly changing weather patterns. U.S. politicians have counteracted that making such major infrastructure changes would cost trillions of tax payer dollars. However, the hesitation with dealing with the infrastructure questions also spotlights how America is falling behind as a global economic leader. Compared to Singapore and Shanghai, webinar attendee and Hong Kong resident Chao-xing Lee said comparing these two “Emerging Tigers” to the United States is “like comparing the Jetsons with the Flintstones.” Lee went on to say that the “Tigers” of Asia, especially Singapore, have become leaders in ICT utilization.
Having better infrastructure is not just an issue of improving America’s economic standing in the world. The aftermath of Hurricane Sandy also highlights America’s weakness in its national security protocol. It just so happens that two major events this weekend further displayed the possibility of cyberterrorism in American computers. The first event is regarding General David Petraeus, who resigned due to an extramarital affair with writer Paula Broadwell. The FBI is investigating Broadwell because she may have accessed Petraeus’ Gmail account, which set off many red alerts within the intelligence community.
…The e-mail account was apparently Petraeus’s personal Gmail, not his official CIA e-mail, according to the Wall Street Journal. That’s a big deal: Some of the most powerful foreign spy agencies in the world would love to have an opening, however small, into the personal e-mail account of the man who runs the United States’ spy service. The information could have proved of enormous value to foreign hackers, who already maintain a near-constant effort to access sensitive U.S. data.
If Petraeus allowed his Gmail security to be compromised even slightly, by widening access, sharing passwords or logging in from multiple addresses, it would have brought foreign spy agencies that much closer to a treasure trove of information…
…A personal e-mail account like Petraeus’s almost certainly would not have contained any high-level intelligence; he probably didn’t keep a list of secret drone-base coordinates on his Google docs account. But access to the account could have provided telling information on, for example, Petraeus’s travel schedule, his foreign contacts, even personal information about himself or other senior U.S. officials…
The other coincidental event was the U.S. opening of the new James Bond film Skyfall, which has 007 taking on possibly his most dangerous villain yet – hackers.
…Skyfall tackles the role technology plays as a tool and as a threat. The most recent Global Risks report from the World Economic Forum extolled the “Dark Side of Connectivity” and so in an effort to reflect our modern preoccupations and insecurities, Mendes cast the latest Bond villain as not a leader of a nation state, but a lone hacker, operating on an abandoned, post-apocalyptic island somewhere in the South China Sea. Javier Bardem’s character Raoul Silva is a wronged MI6 spy with a big grudge, racks upon racks of servers, and the ability to cut out critical infrastructure with a just few keystrokes. He’s every Chief Security Officer’s worst nightmare: the insider threat. Silva uses his advanced knowledge of the intelligence organization to plot an intricate attack against what should be the most secure of government agencies. He hacks into M’s computer, hijacking her screen with a message threatening to release the names of undercover NATO agents planted in the middle east. Borrowing from hacktivist iconography, a calavera skull serves as Silva’s visual signature. Silva’s laptop becomes a literal trojan horse inside headquarters justifying every security professional’s fear of plugging in found USB devices…
Unfortunately, this is not just a movie; this is real. U.S. Defense Secretary Leon Panetta recently warned that the United States is under the threat of a possible “cyber-Pearl Harbor” due to the increasing risk of foreign computer hackers disabling its power grid, transportation system, financial networks and government operations.
“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” Panetta said to the New York Times. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
In August a cybersecurity bill – Cybersecurity Act of 2012 (CSA) – was blocked by Republican congressmen and ripped apart by the U.S. Chamber of Commerce for being anti-business. The bill is scheduled to be brought back to Congress this week, however, it is expected to fail.
Homeland Security Secretary Janet Napolitano, who admits to not using email, has said she was frustrated with the process of getting a bill passed.
“This has been a very interesting and troubling discussion in Congress,” she said at the 2012 Social Good Summit. “It gets to the question which is ‘how does the government, which has overall security responsibly, interact with the private sector when an attack on private sector could have multiple rippling effects throughout the country?’ When you get into this debate, it’s a Washington, D.C. thing about government regulating the private sector.”
She further said that, unfortunately, a cyber-attack would have to happen to a private business before such a bill would be taken seriously.
“The problem with [cybersecurity] is that if you have a crisis, first of all it could be multiple crises happening simultaneously, second is that it could have damaging rippling effects that puts life and limb at risk, third is that we don’t have all the protocols in place to deal with a truly massive problem,” she said.
Hopefully, the United States will get ahead of cyberterrorism before it’s too late.