Ten years after the terrorist attacks of Sept. 11, 2001, the nation faces a critical threat to its security from cyberattacks, a new report by a bipartisan think tank warns.
The report, released last week by the Bipartisan Policy Center's National Security Preparedness Group (NSPG), offers a broad assessment of the progress that government has made in implementing the security recommendations of the 9/11 Commission. The comments about cyber security are part of broader discussion on nine security recommendations that have yet to be implemented.
[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
The report , the foreword to which is signed by Lee Hamilton, a former Democratic representative from Indiana, and Thomas Kean, former governor of New Jersey, notes that catastrophic cyberattacks against U.S. critical infrastructure targets are not a mere theoretical threat.
"This is not science fiction," the NSPG said its report. "It is possible to take down cyber systems and trigger cascading disruptions and damage. Defending the U.S. against such attacks must be an urgent priority."
The report highlights concerns expressed by the Department of Homeland Security (DHS) and the U.S. intelligence community about terrorists using cyber space to attack the country without physically crossing its borders. "Successive [intelligence chiefs] have warned that the cyber threat to critical infrastructure systems -- to electrical, financial, water, energy, food supply, military, and telecommunications networks -- is grave."
The report makes note of a briefing in which DHS officials described a "nightmare scenario" of terrorists hacking into the U.S. electric grid and shutting down power across large sections of the country for several weeks. "As the current crisis in Japan demonstrates disruption of power grids and basic infrastructure can have devastating effects on society," the report noted.
The committee's report is sure to reinforce perceptions among many within the security industry that critical infrastructure targets remain woefully underprepared for dealing with cyberattacks. Over the past few years there have been numerous attacks targeting government and military networks. Most of the attacks are believed to be the work of highly organized, well funded, state-sponsored groups.
Despite the attacks, some believe that those within government are not taking the threat seriously enough. Just a few weeks ago for instance, Cofer Black, former director of the CIA's Counterterrorism Center during the Bush Administration warned about cyber threats not being taken seriously enough .
Though many security experts agree that future conflicts will likely be fought in cyberspace, military and government officials have shown a hesitancy to act until they see a validation of the threats, Black said during a keynote address at the Black Hat conference in August. It was the same sort of skepticism that many government officials had showed toward the alarms sounded prior to the Sept. 11, 2001, Black had noted.