CIOs already feel assailed as they deal with internal and external threats to the network, but a new book due out in August outlines a broader threat to computer infrastructures, including the Internet. This book, Black Ice: The Invisible Threat of Cyber-Terrorism, details how cyberterrorism could occur, the global and financial implications, and the effect it could have on privacy and civil liberties. It also contains advice on how to prepare for and prevent cyberterrorism. The author, Dan Verton, is a former US intelligence officer and a senior investigative reporter at Computerworld. He won first place in this year's Jesse H. Neal National Business Journalism Awards for his series of stories about wireless homeland security. He also maintains his own National Security Journal. Verton agreed to answer some questions for TechRepublic.com. TechRepublic: Your average geek might see the threat to the United States' computer infrastructure as clear and present.
Verton: Actually, the situation is quite the opposite. The average computer security practitioner doesn't bring to the table a sophisticated, long-term view of international terrorism. As a result, they approach issues of terrorism based on the historical examples that we currently have to work with. According to this way of thinking, all terrorists are simple-minded, bloodthirsty killers with no other objective but to shed blood. This is dangerous, inflexible thinking -- the same type of thinking that allowed us to ignore evidence dating back eight years that al-Qaeda was interested in using commercial airliners as precision strike weapons. The truth of the matter is that modern global terrorism is a thinking enemy that understands the only way to force America to withdraw from the world is to strike at the soft underbelly of the US economy, which is its digital infrastructure. You're not always going to feel terrorised from a cyberterrorist incident that aims to create fear and uncertainty by striking at the economy. Is the United States more vulnerable than any other developed nation?
Yes and no. Although all modern, industrialised economies now rely on computers and computer networks for most, if not all, of their vital human and economic services, the United States remains the driving force of the global technology industry. As a result, the United States is often a first-adopter of many untested technologies that bring with them unintended consequences, particularly in the realm of security. Secondly, as a superpower, the United States has many enemies around the world who now have cyberweapons that are relatively easy to use and provide a reasonable level of safety and anonymity for the attacker. The Internet was developed as an alternative communication and information source in the event of nuclear war. How vulnerable is it, really, to cyberterrorism?
Some information security practitioners like to think of cyberterrorism in terms of what has become known as a digital Pearl Harbor--a surprise attack that has devastating consequences for the entire US information infrastructure. Fortunately, this level of strategic attack falls only within the capability of one or two nation states that are willing and able to use the full range of military options at their disposal. However, a successful cyberterrorist attack that combines both physical and cyber elements on a regional scale is certainly within the capabilities of terrorist organisations today. In fact, tabletop exercises conducted by actual owners and operators of critical infrastructures in the Pacific Northwest (code named Black Ice, from which I took the title of my book) have already demonstrated how cyber- or physically induced failures in one sector of the economy, such as electric power, can cause cascading failures in multiple infrastructure sectors.