Ten years after 9/11, cyberattacks pose national threat, committee says

Catastrophic cyberattacks are not 'science fiction,' says the Bipartisan Policy Center

Ten years after the terrorist attacks of Sept. 11, 2001, the nation faces a critical threat to its security from cyberattacks, a new report by a bipartisan think tank warns.

The report, released last week by the Bipartisan Policy Center's National Security Preparedness Group (NSPG), offers a broad assessment of the progress that government has made in implementing the security recommendations of the 9/11 Commission. The comments about cyber security are part of broader discussion on nine security recommendations that have yet to be implemented.

The report , the foreword to which is signed by Lee Hamilton, a former Democratic representative from Indiana, and Thomas Kean, former governor of New Jersey, notes that catastrophic cyberattacks against U.S. critical infrastructure targets are not a mere theoretical threat.

"This is not science fiction," the NSPG said its report. "It is possible to take down cyber systems and trigger cascading disruptions and damage. Defending the U.S. against such attacks must be an urgent priority."

The report highlights concerns expressed by the Department of Homeland Security (DHS) and the U.S. intelligence community about terrorists using cyber space to attack the country without physically crossing its borders. "Successive [intelligence chiefs] have warned that the cyber threat to critical infrastructure systems -- to electrical, financial, water, energy, food supply, military, and telecommunications networks -- is grave."

The report makes note of a briefing in which DHS officials described a "nightmare scenario" of terrorists hacking into the U.S. electric grid and shutting down power across large sections of the country for several weeks. "As the current crisis in Japan demonstrates disruption of power grids and basic infrastructure can have devastating effects on society," the report noted.

The committee's report is sure to reinforce perceptions among many within the security industry that critical infrastructure targets remain woefully underprepared for dealing with cyberattacks. Over the past few years there have been numerous attacks targeting government and military networks. Most of the attacks are believed to be the work of highly organized, well funded, state-sponsored groups.

Despite the attacks, some believe that those within government are not taking the threat seriously enough. Just a few weeks ago for instance, Cofer Black, former director of the CIA's Counterterrorism Center during the Bush Administration warned about cyber threats not being taken seriously enough .

Though many security experts agree that future conflicts will likely be fought in cyberspace, military and government officials have shown a hesitancy to act until they see a validation of the threats, Black said during a keynote address at the Black Hat conference in August. It was the same sort of skepticism that many government officials had showed toward the alarms sounded prior to the Sept. 11, 2001, Black had noted.

The Bipartisan Policy Center (BPC) is a Washington-based think tank that was established in 2007 by former Senate Majority leaders Howard Baker, Tom Daschle, Bob Dole and George Mitchell. The NSPG is a group that was established by the BPC to monitor the implementation of the 9/11 Commission's recommendations for bolstering national security in the aftermath of the terrorists attacks.

Last week's report offers an assessment of the progress that the government has made in implementing the commission's recommendations. According to the NSPG the government has made significant progress in addressing many of the 9/11 Commission's 41 recommendations.

However, several crucial ones remain very much a work in progress, the report noted.

One area where little progress has been made, has to do with the recommendation to increase the availability of radio spectrum for public safety purposes, the report noted.

"Incompatible and inadequate communications led to needless loss of life," on 9/11 the BPC said in its report. But plans to address the issue by setting aside more radio spectrum for first responders have "languished" because of a political fight over whether to allocate 10MHz of radio spectrum to first responders or to a commercial wireless bidder.

Another area where progress has been limited has been on the civil rights and privacy fronts, the report noted. Surveillance activities and the use of tools such as National Security Letters to search for terrorists has greatly expanded since the 9/11 attacks. But a recommendation for setting up a Privacy and Civil Liberties Oversight Board with the Executive Branch has yet to be fully implemented.

"If we were issuing grades, the implementation of this recommendation would receive a failing mark," the NSPG said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com .

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Government use of ITdata securityIT in Governmentsecuritygovernmentdata protection

More about BushTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts