How to Prevent a Digital 9/11
Washington and software companies must work in tandem to defend America against a devastating cyberattack.
December 19, 2008 - 12:00 am
It starts on a cold November night. You went to sleep, comfortably warm, after listening to the late news: a nor’easter coming through, the worst storm in several years. You go to bed, quietly excited at the thought of the fairly certain snow day — build a snowman with the kids, maybe work through the email that has piled up, and do a little online shopping; after all Christmas is coming.
That’s not the way it works out, though — about 3 a.m., you awaken, cold. The house is too cold. You get out of bed — the hardwood floor icy against your feet — and when you flip the hall light switch, nothing happens. Odd, the power is out. Automatically, you look out the window and realize the whole neighborhood is dark; in fact, there is no sky glow — usually, you can see the red shimmer of New York City on a cloudy night. It’s darker than you’ve ever seen it.
Sounds like a Tom Clancy novel, doesn’t it? It’s all too realistic, though. This is based on a scenario that was war-gamed by the “U.S. Professionals for Cyber Defense” in the months after 9/11. I talked it over with Dr. John McHugh, Canada Research Chair in Privacy and Security of the faculty of computer science at Dalhousie University in Halifax, Nova Scotia, one of the members of the committee. They investigated whether or not there was a credible threat from a first-strike cyberattack. Their answer was frightening.
Railroads are largely controlled by computers; change a switch while a train is passing over it and you have an instant derail. Gas pipelines are also computer controlled; to my surprise, you can blow them up entirely by computer control — reverse the pumps on the ends, pressure builds up in the middle, and something, somewhere, will eventually give way.
Traffic flow, the electrical system, all much the same. To give the most effect, attack during a major storm — the nor’easter — and apply a few “kinetic” attacks (read “bombs”) at critical points. Dr. McHugh says they found the most credible attacks combined large-scale cyberattacks with a few small conventional acts of terrorism at vulnerable points, in order to surgically cause the most damage. The attacks were low effort, but high skill, and they could cripple the U.S. economy for years.
You have to fumble in the dark to find the phone; it’s dead. You try your cell phone; no service. And the house is getting colder.
You were better prepared than a lot of people: you have a portable radio and flashlight combination, and it’s even one of the ones that can be hand-cranked. It’s more work than you thought to crank it up, but now you’re getting nervous. You turn it on — and you need to search for a station. You finally find a distant station, CJCL in Toronto. They are reading news, in a hushed and controlled voice. Power out over large parts of the East Coast, in California, and across the Midwest. Explosions reported in Texas and Oklahoma, trains derailed all over the country, the tunnels into Manhattan closed. Telephone systems out over much of the country — and the president will be speaking soon. He’s been moved to a secret, secured location. Once again, like on September 11, 2001, the world wonders: is it war?