wolfdancer
10-03-2007, 04:45 PM
Why would he stall on this????
JEANNE MESERVE, CNN HOMELAND SECURITY CORRESPONDENT: This is an electric generator. It is vital because it's the kind that power companies use to bring electricity to your home. It shudders and shakes, then goes up in smoke. Destroyed just as effectively as if it was a smuggled bomb. But all it took was a computer. Some patient work, and the click of a mouse.
ROBERT JAMISON, HOMELAND SECURITY DEPT.: What's new here is that through a cyber attack, you can actually get in and cause physical damage to equipment. That's the new piece of this.
MESERVE: This previously classified video of a test cyber attack on a power plant control system has sent shock waves through the federal government and the power industry. Could a large-scale, simultaneous cyber attack knock out power to a huge part of the country for months?
The nightmare scenario, at first it would be inconvenient. Lights out, businesses shut. No teller machines. No gas pumps. By day three, stores would be out of food. Emergency generators, out of gas. After ten days with no hope of power being restored, people want to evacuate. But where to? With what fuel?
And with no emergency services, medicine, heating, or air- conditioning, lives could be lost. Listen to what economist Scott Borg projects if such a nightmare scenario played out with a loss of power to a third of the country for three months.
SCOTT BORG, U.S. CYBER CONSEQUENCES UNIT: It's equivalent to 40 to 50 large hurricanes striking all at once. It's greater economic damage than any modern economy has ever suffered.
MESERVE: Even the Great Depression?
BORG: It's greater than the Great Depression.
MESERVE: The potential damage is so severe, the Department of Homeland Security asks CNN not to divulge certain technical details about the government experiment. Dubbed Aurora (ph), the test was conducted last march at the Idaho National Lab. We can say that the research involved hacking in a replica of a power plant's control system.
Researchers change the operating cycle of the generator, sending it out of control, until it self-destructed. Since the test, the Department of Homeland Security has been working feverishly with the electric industry to thwart such an attack.
Can you say right now that this vulnerability has been eliminated?
JAMISON: No, I can't say it's been eliminated. But I can say a lot of risk has been taken off the table.
MESERVE: But the job of protecting power plants is hard, because control systems that open and close valves and switches and govern the load are increasingly connected to the Internet for efficiency reasons, making them vulnerable. Joe Weiss is an expert on power plant control systems and has been sounding the alarm for five years.
So, the same systems we're using here are being used in Iran, Pakistan?
JOE WEISS, APPLIED CONTROL SOLUTIONS: Very, very possibly.
MESERVE: Which means people there know how to run them?
WEISS: Absolutely.
MESERVE: They know how to bring them down?
WEISS: Absolutely. They have the same training, the same passwords.
MESERVE: And security experts say, it would be virtually impossible to figure out who attacked. In 2002, the current Director of National Intelligence, Mike McConnell, and former CIA Director James Woolsey, were among more than 50 computer and security experts who begged President Bush for a massive cyber defense program to avoid a national disaster. Five years later, there is no such program.
JAMISON: We need to get on this and get on it quickly.
MESERVE: Keeping them honest, we looked at how much is being spent on cyber security, across the federal government, it is projected there will be a slight increase next year, but homeland security cyber security budget is projected to decrease, with only $12 million budgeted for protecting control systems.
DHS points out that its own research uncovered the power plant vulnerability and action it is taking with industry is reducing the risk. But the question remains -- can the U.S. close the cyber security holes before the hackers find them?
Jeanne Meserve, CNN, Washington.
JEANNE MESERVE, CNN HOMELAND SECURITY CORRESPONDENT: This is an electric generator. It is vital because it's the kind that power companies use to bring electricity to your home. It shudders and shakes, then goes up in smoke. Destroyed just as effectively as if it was a smuggled bomb. But all it took was a computer. Some patient work, and the click of a mouse.
ROBERT JAMISON, HOMELAND SECURITY DEPT.: What's new here is that through a cyber attack, you can actually get in and cause physical damage to equipment. That's the new piece of this.
MESERVE: This previously classified video of a test cyber attack on a power plant control system has sent shock waves through the federal government and the power industry. Could a large-scale, simultaneous cyber attack knock out power to a huge part of the country for months?
The nightmare scenario, at first it would be inconvenient. Lights out, businesses shut. No teller machines. No gas pumps. By day three, stores would be out of food. Emergency generators, out of gas. After ten days with no hope of power being restored, people want to evacuate. But where to? With what fuel?
And with no emergency services, medicine, heating, or air- conditioning, lives could be lost. Listen to what economist Scott Borg projects if such a nightmare scenario played out with a loss of power to a third of the country for three months.
SCOTT BORG, U.S. CYBER CONSEQUENCES UNIT: It's equivalent to 40 to 50 large hurricanes striking all at once. It's greater economic damage than any modern economy has ever suffered.
MESERVE: Even the Great Depression?
BORG: It's greater than the Great Depression.
MESERVE: The potential damage is so severe, the Department of Homeland Security asks CNN not to divulge certain technical details about the government experiment. Dubbed Aurora (ph), the test was conducted last march at the Idaho National Lab. We can say that the research involved hacking in a replica of a power plant's control system.
Researchers change the operating cycle of the generator, sending it out of control, until it self-destructed. Since the test, the Department of Homeland Security has been working feverishly with the electric industry to thwart such an attack.
Can you say right now that this vulnerability has been eliminated?
JAMISON: No, I can't say it's been eliminated. But I can say a lot of risk has been taken off the table.
MESERVE: But the job of protecting power plants is hard, because control systems that open and close valves and switches and govern the load are increasingly connected to the Internet for efficiency reasons, making them vulnerable. Joe Weiss is an expert on power plant control systems and has been sounding the alarm for five years.
So, the same systems we're using here are being used in Iran, Pakistan?
JOE WEISS, APPLIED CONTROL SOLUTIONS: Very, very possibly.
MESERVE: Which means people there know how to run them?
WEISS: Absolutely.
MESERVE: They know how to bring them down?
WEISS: Absolutely. They have the same training, the same passwords.
MESERVE: And security experts say, it would be virtually impossible to figure out who attacked. In 2002, the current Director of National Intelligence, Mike McConnell, and former CIA Director James Woolsey, were among more than 50 computer and security experts who begged President Bush for a massive cyber defense program to avoid a national disaster. Five years later, there is no such program.
JAMISON: We need to get on this and get on it quickly.
MESERVE: Keeping them honest, we looked at how much is being spent on cyber security, across the federal government, it is projected there will be a slight increase next year, but homeland security cyber security budget is projected to decrease, with only $12 million budgeted for protecting control systems.
DHS points out that its own research uncovered the power plant vulnerability and action it is taking with industry is reducing the risk. But the question remains -- can the U.S. close the cyber security holes before the hackers find them?
Jeanne Meserve, CNN, Washington.