As internet connections multiply so do points of attack and risks to national security. Airing October 14, 2015 at 9 pm on PBS Aired October 14, 2015 on PBS
The global cyberwar is heating up and the stakes are no longer limited to the virtual world of computers. Now, thanks in part to secret documents released by Edward Snowden, the true scale of the National Security Agency's scope and power is coming to light. Besides spending billions of dollars to ingest and analyze the worlds' electronic communications, the NSA has set out to dominate a new battlefield—cyberspace. NOVA examines the science and technology behind cyber warfare and asks if we are already in the midst of a deadly new arms race. Already, highly sophisticated, stealthy computer programs such as the notorious Stuxnet worm can take over and even destroy the control systems that regulate everything from food factories to gas pipelines, power plants, and chemical facilities—even our cars. While the destruction of Iranian centrifuges may have delayed Iran’s bomb program and forestalled an Israeli attack, the attack has opened a Pandora's Box, and now America's own critical infrastructure is vulnerable to retaliation and attack. With leading defense experts and investigative journalists who have probed the murky realm of criminal and strategic hacking, NOVA examines the chilling new reality of cyberwar in which no nation or individual is safe from attack.
PBS Airdate: October 14, 2015
NARRATOR: Will the next devastating attack against the United States be delivered with the tap of a key?
RICHARD CLARKE (Former Presidential Advisor, Cybersecurity): Instead of bullets and bombs, you use bits and bytes.
NARRATOR: Using only a computer, a terrorist or a nation can attack critical infrastructure like the power grid.
KIM ZETTER (Author, Countdown to Zero Day): Stuxnet and the Launch of the World's First Digital Weapon): That could result in a blackout for the majority of the U.S. that could last weeks or months.
NARRATOR: The enemies are anonymous; their reach is global. As Internet connections multiply, so does the threat.
DAVID ROTHKOPF (Editor, Foreign Policy): Imagine a world with 50-billion microprocessors attached to the Internet: that's 50-billion points of attack.
NARRATOR: The targets are everywhere.
TADAYOSHI KOHNO (University of Washington): Computers are permeating our environments. There are potential security risks anywhere there is one of these computing devices,…
And we'll be applying your brakes shortly….
…even in your car.
…Right about now.
NARRATOR: Cyberweapons have already been unleashed.
ERIC CHIEN (Symantec): It was the first real cyber sabotage that affected the real world.
MICHAEL HAYDEN (Director, National Security Agency (1999–2005); Director Cental Intelligence Agency (2006–2009): Somebody has used an entirely new class of weapon to effect destruction.
NARRATOR: Is it too late to put the genie back in the bottle?
EDWARD SNOWDEN (Former National Security Agency Contractor): When we put the little evil virus in the big pool, it tends to escape and go Jurassic Park on us.
NARRATOR: Can we survive the CyberWar Threat? Right now, on NOVA.
The Sayano-Shushenskaya Dam in remote Siberia: the ninth largest hydroelectric plant on Earth and the scene of a catastrophic event that may foreshadow the future of war.
On August 17th, 2009, all seems normal in the power plant at the base of the dam. Thirty-million tons of water pressure spin massive turbines, generating more than 6,000 megawatts of electric power. Suddenly, without warning, something goes terribly wrong: a plume of water, followed by a wave of destruction. In the end, 75 people perish.
In the aftermath, a hellish vision: one of the 1,500-ton turbines had burst through the floor, rocketing 50 feet into the air, punching a hole in the base of the dam.
Investigators eventually identify poor maintenance and worn anchor bolts as the cause, but at first, this scenario, a machine self-destructing with lethal consequences, led some to wonder if this might be a new kind of sabotage, one that targets the computers in our most critical machines, sending them out of control in a cyber-era attack.
SHANE HARRIS (Author, @War: The Rise of the Military-Internet Complex): We're living in an era, now, where we have to wonder whether people can cause damage with computer code that, before, they could only cause with a bomb.
NARRATOR: Computer code that could even be delivered anonymously, over the Internet. We think of the web as an indispensable tool that delivers the world to our doorstep, but it's also a wide-open conduit for attack.
We've learned to live with cybercrime: identity theft, credit card fraud, hacking and stealing personal information, but now there's a threat that's much more frightening and destructive.
RICHARD CLARKE: You can get into a network which has control of some physical thing. Think about a pipeline, for example.
You get into that network which controls the pipeline, and you can cause the pipeline to explode, just as though it were attacked by a kinetic weapon.
NARRATOR: And traditional kinetic, physical weapons may be impotent against a cyberattack, because digital weapons can be anonymous and instantaneous: no reports of troop movements to signal a threat, or air-raid sirens to give warning, just a sudden, out-of-the-blue digital takedown of dams, power plants, factories, air traffic control, the financial system and more.
RICHARD CLARKE: Instead of bullets and bombs, you use bits and bytes.
NARRATOR: We are in a digital arms race against nations, hackers and terrorists.
JOE WEISS (Control System Cybersecurity Expert): Cyber is the poor man's atom bomb.
NARRATOR: Welcome to the frightening new world of cyberwar.
In the United States, the command center for cyber operations is here, at the ultra-secret National Security Agency in Fort Meade, Maryland.
Some joke N.S.A. should stand for "No Such Agency." For most of its history, the N.S.A. was so shrouded in secrecy, most Americans didn't even know it existed. But that all changed in 2013, when whistleblower Edward Snowden walked out the door with a huge cache of top secret documents.
JAMES BAMFORD (Author, The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America): I've been following N.S.A. for 30 years or so, and every now and then there's a little leak here, a little leak there, but nothing like this. This is extraordinary; hundreds of thousands of documents released all at once.
NARRATOR: Some of them famously revealed the existence of programs that empower the N.S.A. programs to spy on Americans citizens by collecting emails, phone calls and other personal data.
EDWARD SNOWDEN: What we've seen over the last decade is we've seen a departure from the traditional work of the National Security Agency. They've become the "National Hacking Agency."
NARRATOR: Other documents reveal that the agency is moving into new territory, developing offensive weapons to penetrate global networks, in preparation for launching cyberattacks.
That's a far cry from the original mission intended by President Truman, in 1952. In those days, the N.S.A. was all ears. Its listening posts eavesdropped on foreign radio and satellite transmissions and tapped underwater telephone cables.
MICHAEL HAYDEN: Traditional signals intelligence was fairly passive. It was an antenna or an alligator clip, and you had to wait for somebody to send a message, and you hope you're fortunate enough to be in the right place at the right time.
NARRATOR: But then the digital revolution and the Internet gave the N.S.A. new powers and a way to hack into distant computer networks.
MICHAEL HAYDEN: In the cyber domain, you didn't have to wait for them to send a message, you could commute to their target. You could commute to where the information was stored and extract it from that network, even if they never intended to transmit it.
NARRATOR: Today, the agency appears to have transformed from a passive listener into an active spy, able to infiltrate, steal and, when necessary, attack in cyberspace.
General Michael Hayden helped shape that transformation, beginning in 1999, when he became Director.
MICHAEL HAYDEN: I get to Fort Meade about the turn of the millennium, we're focused on cyber. Cyber is espionage but also the potential of cyber as a weapon: computer network attack.
NARRATOR: Then came 9/11, and President George W. Bush ordered the N.S.A. to begin planning an earnest, for-offensive cyberwar.
Eventually, to meet the need, the military created a new strategic unit, a partner to the N.S.A., called Cyber Command; it's mission: to go beyond espionage, using computers as weapons. "Site M" is the cover name for its massive new headquarters. It will eventually cover more than a million square feet, enough to add to N.S.A.'s headquarters complex some 14 new buildings and thousands of additional staff, plus a 1.5-billion-dollar data center in Utah.
By 2010, Cyber Command was ready for action, about the same time that the world got a glimpse of the first true cyberweapon, a surprisingly destructive computer worm, a self-replicating program that came to be called "Stuxnet."
KIM ZETTER: Stuxnet is what we consider the first confirmed digital weapon and the first act of cyberwarfare.
NARRATOR: Stuxnet first showed up infecting desktop computers and laptops in Iran and the Near East, but it soon spread further, using the Internet to copy itself from system to system.
Eventually it ended up in the crosshairs of Symantec, maker of anti-virus security software. There, it grabbed the attention of security experts Liam O'Murchu and Eric Chien.
Right away, they saw that Stuxnet was more complicated than any other malicious software, so-called "malware."
ERIC CHIEN: We had never seen a threat that was so large and so dense. I mean this threat was maybe 20-times the normal size of any threat that we had seen before.
LIAM O'MURCHU (Senior Development Manager, Symantec): Normally, we can analyze malware in a very short period of time, from five minutes, maybe, up to a week, but with Stuxnet, we spent six months.
NARRATOR: With computer users around the world sending millions of suspicious pieces of malware to Symantec's server farm, Eric and Liam get to examine a huge variety. But nearly all of them have one thing in common: they're all programs that try to worm themselves into an unwitting computer and hide.
LIAM O'MURCHU: Most people don't realize that when they use their computer for browsing the web or checking their email, there is a lot more going on in the background, lots of hidden programs. For the most part, they're never seen.
NARRATOR: Bringing up a list of these programs reveals unfamiliar names. They come and go as needed, and there can be dozens running at any given time. Some carry out simple tasks, deep in the computer's operating system, hidden from view. Others are complex and obvious, the applications we see running on our screens. They all coexist, sharing the computer's memory and constantly communicating with each other, like a digital ecosystem.
ERIC CHIEN: Hackers or attackers take advantage of all of these hidden programs on your computer by hiding their malicious software, otherwise known as malware, in and amongst them, so that you don't even notice.
NARRATOR: The first challenge for an attacker is to get the malware installed on the victim's computer. A common ploy is to trick users into doing it themselves.
ERIC CHIEN: One way an attacker can do this is by simply sending you an email with a legitimate document inside.
NARRATOR: Even though the document doesn't look suspicious, it actually contains malicious computer code.
Liam plays the part of the victim.
LIAM O'MURCHU: So, first thing in the morning, I'm going to log in to my email and check if I have anything new.
So, I have received an email about open enrollment for my benefits, and even though I don't know who the sender is, I'm going to open this up.
NARRATOR: Downloading and opening the booby-trapped document generates an error message, but what the victim doesn't realize is that clicking on it also invisibly installs malware onto the computer.
ERIC CHIEN: Once my victim opens up that document, that secret computer code inside has started to run on his computer without him even knowing it, and it's connected back to my computer to a program that I'm running called, "Nuclear RAT."
NARRATOR: Stealthy programs like this allow for a shocking behind-the-lines invasion, where the attacker can spy or disrupt at will.
ERIC CHIEN: I can even take screenshots of his computer and watch all of his keystrokes via something called a "key logger." He is logging in to his email right now and I can actually get his username and his password. Not only that, but we can also get video by turning on the webcam, and I can actually see what my victim looks like, all without him knowing.
NARRATOR: "Nuclear Rat" takes advantage of a well-known weakness in computers with the Windows operating system, and security experts have devised defenses against it.
But when Liam and Eric looked at Stuxnet, they saw that the program was taking advantage of a weakness that no one had ever seen before. It's what hackers refer to as a "zero-day exploit."
KIM ZETTER: A zero-day exploit is malicious code that is used against a vulnerability that is at the time unknown to the vendor and unknown to antivirus companies. Because it's unknown, the vendor can't patch it and antivirus companies don't have signatures to detect it.
NARRATOR: In other words, it's a flaw that has been detected and fixed for zero days, meaning not at all. Stuxnet used a zero-day to take advantage of a vulnerability related to U.S.B. thumb drives, also called memory sticks.
Plugging in a Stuxnet-infected thumb drive causes the program to copy itself onto the target computer without the user's knowledge.
Zero-days are extremely hard to find and can command huge sums on illicit markets.
ERIC CHIEN: Your average threat doesn't use any zero-days at all.
NARRATOR: But Stuxnet represented a major investment by someone.
KIM ZETTER: At the time that Stuxnet was launched, zero-days weren't used that often in attacks. Stuxnet used five zero-days and that was really remarkable.
NARRATOR: And still Stuxnet had an even bigger surprise in store: its purpose.
ERIC CHIEN: What's its payload? What's its motivation? What's it actually going to do when it's on your system? And it wasn't until November of 2010, we really uncovered its primary motivation.
NARRATOR: The first clue came from a close examination of Stuxnet's computer code, all 15,000 lines of it.
LIAM O'MURCHU: When we looked inside the code, we saw the name of a German industrial control equipment manufacturer. We saw "Siemens" in there.
NARRATOR: Siemens makes factory automation equipment. Also in the code, was a reference to a specific model number of one of its products, a mysterious device called a P.L.C.
ERIC CHIEN: And I didn't even know what a P.L.C. was, so I had to Google for "What is a P.L.C.?" That, even, baseline knowledge, we just did not have.
NARRATOR: What they learned is that a P.L.C. is a programmable logic controller, some kind of computer used in industry.
ERIC CHIEN: We basically ordered one off an auction site. I was expecting something the size of a mini-refrigerator to show up, something you might see in a university dorm room. But instead, what showed up was one of these: a tiny, tiny box that basically has a mini-computer inside that controls things like the power grid, pipelines, factories that are building cars.
KIM ZETTER: So P.L.C.s are, kind of, the unsung component that makes the world go around. They are used to make elevators go up and down; they are used in chemical plants; they control the recipe that gets put into drugs and chemicals; they control water distribution plants; they're used in the electrical grid to control equipment; they're used, surprisingly, in NASDAQ, in the trading systems; they're used in traffic lights; they're used to control trains. So you can see that these components are really crucial, and these systems were never created with security in mind.
NARRATOR: So what was Stuxnet ultimately after? The answer was discovered in Hamburg, Germany, by a security expert.
RALPH LANGNER (Principal, Langner Group): I had, let's just say, 20 or 30 "holy cow!" moments. What really blew my mind was to see from day one how sophisticated the thing was.
NARRATOR: When he examined the code, Ralph Langner saw that Stuxnet was not designed to tamper with Siemens P.L.C.s wherever it found them; it was hunting for specialized equipment in a specific configuration, likely targeting a single factory.
RALPH LANGNER: I was like, "Holy cow! This is a targeted attack?" And certainly we started to wonder, "Wow, somebody's writing the most sophisticated worm that we have ever seen, only to hit one target? That must be quite a significant target."
NARRATOR: But where? Stuxnet had come to the attention of the world when a security expert found it infecting a client's malfunctioning computer located in Iran. He then shared it with other experts.
For Langner, the apparent epicenter of that original outbreak proved a vital clue.
RALPH LANGNER: In Iran, you don't have an awful lot of significant industrial facilities. Then, the number of potential targets that could be worth such an effort shrinks down to just a few. And certainly the one potential target that popped up was the Iranian nuclear program.
NARRATOR: Langner turned his attention to two known nuclear facilities in Iran: a power plant at Bushehr and an enrichment plant at Natanz.
Natanz is an underground, fortified facility, housing cylindrical centrifuges used to isolate a rare form of uranium, a precursor to fueling a power plant or making a nuclear weapon.
The machines spin at very high speed, with little room for error. And their motors and safety systems are under the control of P.L.C.s.
Examining photos from Natanz, made public by Iran's press office, and comparing the equipment in them to the computer worm's code, helped confirm the identity of the target.
RALPH LANGNER: At the end of 2010, we were able to show 100 percent proof that we had a complete match from the attack codes with the configuration of the enrichment cascades in Natanz.
NARRATOR: This was conclusive proof that a computer virus has been unleashed against a military target, a true digital weapon.
Langner circulated his discovery among other security experts, who were stunned.
ERIC CHIEN: We weren't just protecting 16-digit credit card numbers, but potentially stumbling into something that had geopolitical implications.
NARRATOR: But they still didn't understand how the weapon worked. So Eric and Liam set out to hack their own P.L.C.
LIAM O'MURCHU: So, here, I have a P.L.C., programmable logic controller. This model is a Siemens S-300, and that's the exact same model that was targeted by Stuxnet. Inside the P.L.C., there's a small computer, and it's used for controlling equipment in the real world, like conveyor belts or motors. And, in this case, I have an air pump.
NARRATOR: Turning the knob starts a program that turns on the pump, waits three seconds, and then turns it off.
LIAM O'MURCHU: What Stuxnet did was it targeted this P.L.C. And even though you'd download a program that says "operate an air pump for three seconds," in the background, Stuxnet changes that code. It intercepts your request and it puts malicious code onto the P.L.C. instead.
NARRATOR: Liam has infected the laptop with a Stuxnet-like virus. So now, when he loads his program onto the P.L.C., the virus steps in.
And something goes very wrong.
LIAM O'MURCHU: In this case, we popped a balloon, but imagine if that was a gas pipeline or a power plant. That's what's at stake in cyber-attacks like this.
NARRATOR: Finally they understood enough to reconstruct the attack. The Natanz plant was not connected to the Internet, a security measure.
That explained why Stuxnet was designed to copy itself via thumb drives, which could be plugged in to a computer on the internal network by a spy or an unwitting plant worker.
Once on the plant's internal network of computers, Stuxnet would search for P.L.C.s in control of centrifuges. When it found a target, it would lie in wait for weeks. But then Stuxnet would begin tampering with the centrifuges, causing them to gradually speed up and slow down, operating out of safe limits, until they broke.
It's not clear how long Stuxnet was active, but according to international nuclear regulatory authorities, 1,000 centrifuges mysteriously failed over five months. There's no evidence the Iranians even knew that they were under attack.
But eventually, the worm escaped, spread using the Internet, and was spotted and decoded by security experts. Suddenly the stakes in cybersecurity had gone way up.
LIAM O'MURCHU: I'm looking at a piece of code that could blow something up in Iran. It was very, very scary to realize that that's the destruction that's possible now, with this type of software.
ERIC CHIEN: It was the first real cyber sabotage threat that we've ever seen that affected the real world.
NARRATOR: But unlike a traditional weapon, a missile or a bomb, it's almost impossible to know for sure who launched it. But its complexity was a big clue.
ERIC CHIEN: It was immediately obvious to us, when we began looking at this code, that this was not two kids in the basement, in Kansas somewhere, who had written this particular threat.
LIAM O'MURCHU: This was multiple teams, with different expertise, who had come together to create this one weapon.
ERIC CHIEN: It was very clear to us that this was at the level of a nation-state.
MICHAEL HAYDEN: Someone, probably a nation-state, because it's too hard to do from a garage or a basement, just used a weapon comprised of ones and zeros, during a time of peace, to destroy what another nation could only describe as critical infrastructure.
RALPH LANGNER: Who would have the motivation to do something against the Iranian nuclear program? Obviously not Venezuela.
MICHAEL HAYDEN: I also say, for somebody of my background, Director of C.I.A., crashing 1,000 centrifuges at Natanz? Almost an absolute good.
RALPH LANGNER: If you think about who would have the capabilities to launch such an attack of that sophistication, completely unprecedented, well, you would certainly think about the United States, in the first place.
MICHAEL HAYDEN: I say with great sincerity, it would be irresponsible for someone of my background to even speculate who might have done this.
NARRATOR: In June 2012, the New York Times reported that Stuxnet was created jointly by the N.S.A. and Israeli intelligence. Then, in apparent retaliation, the Saudi Oil company Aramco was hit with a computer virus in August, 2012.
EDWARD SNOWDEN: They sent what's called a "wiper" virus, which is actually, sort of, a Fisher Price, baby's-first-hack kind of a cyber-campaign. It's not sophisticated. It's not elegant.
NARRATOR: But it was effective, destroying the data on 30,000 computers. Then followed a coordinated attack against American targets.
RICHARD CLARKE: One by one, American banks—Citibank, Bank of America, J.P. Morgan, SunTrust, Wells Fargo—all had their Web-facing customer interface pages knocked offline.
In other words, if you were a Citibank customer and you went online to do some banking, you couldn't get through.
NARRATOR: Attack and counter-attack. But that's not the end of the story. In fact, it may be just the beginning.
KIM ZETTER: Stuxnet was the blueprint. It provided proof of concept that such attack is possible. It's opened the door onto a new era of warfare, and I don't think we fully understand now what the repercussions of it will be.
MICHAEL HAYDEN: This is an incredibly important event in our history. Theoretically, this smells like August of 1945, and somebody has used an entirely new class of weapon to affect destruction.
NARRATOR: The U.S. and Soviet Union took decades to reach agreements to limit the buildup of their nuclear arsenals, but with cyberweapons we may not have the luxury of time. The capability is spreading, and the number of targets, exploding.
Stuxnet exposed the vulnerability of one kind of embedded computer in industrial P.L.C.s., but now there are embedded computers all around us, from power stations to pacemakers.
Yoshi Kohno is a security researcher who has an uncanny ability to find frightening vulnerabilities in everyday technology, like cars.
YOSHI KOHNO: Modern automobiles have 10, sometimes up to a hundred, different computers inside them. Essentially, what we want to know: what might an unauthorized party be able to do with an automobile straight off the lot?
NARRATOR: Recently, he and his graduate students demonstrated how a hacker could seize control of a car. The model they chose had a built-in emergency communication system that works like a cell phone. They used that system to call the car and remotely force malware into its embedded computers, giving them control over electrical and mechanical systems like door-locks and lights, even the brakes.
YOSHI KOHNO: Okay, Alexei, we've unlocked the brake controller and, uh, just to verify: you have your helmet on and all your safety precautions in place, right?
ALEXEI CZESKIS: That's right, helmet on, gloves on, strapped in and ready to go.
YOSHI KOHNO: Great. Okay, go ahead and go, and we will apply your brakes when you get to the checkered flag area.
NARRATOR: By sending malicious code to the car, they will try to lock up the brakes.
YOSHI KOHNO: And we'll be applying your brakes shortly. Right about now.
Oh, oh, yeah, that worked! Oh, is he going to go to the wall? No. Are you okay, Alexei?
NARRATOR: In some cars, the steering, air bags and accelerators are also hackable. And as more cars become connected to the Internet, the opportunities for attack will increase. So far, many carmakers have not made defense against cyberweapons a top priority.
And the same may be true for countless other companies, all racing to connect their products to what's being called "the Internet of Everything."
TV AD: Tailo turns any litter box into a smart monitoring system.
YOSHI KOHNO: We have computers in medical devices; we have computers in automobiles; we have computers in airplanes; and we actually have computers in our homes. Home automation systems are becoming increasingly popular.
NARRATOR: These are systems that wirelessly link common appliances like light switches, furnaces and door alarms to the Internet, for remote control. But Yoshi wonders if the rush towards convenience is stampeding over security.
YOSHI KOHNO: There's a lot of drive towards pushing functionality, coming out with new technologies that do amazing new and greater things. But not enough people are stepping back and asking, "How might I also abuse it?"
And together with some students that I work with at the University of Washington, we wanted to figure out, "How secure are these home automation systems, actually?"
NARRATOR: They decide to set up in a Seattle coffee shop, the kind of place where people like to hang out because it offers free wi-fi.
Alex Takakuwa has an automation system at home and plays the innocent victim. Meanwhile, playing the part of the attackers, are students Tope Oluwafemi and Tariq Yusuf. This is an ideal public spot to demonstrate how an attacker could gain control of a complete stranger's home.
They have set up a wireless hot spot that masquerades as the coffee shop's own wi-fi. It's a notorious hacking ploy and aptly named.
TEMITOPE OLUWAFEMI (University of Washington): It's called an "evil twin network," a really evil twin.
NARRATOR: The victim connects to the evil twin, and what's called a "man-in-the-middle" attack begins. The attackers can now spy on everything flowing to and from the victim's laptop. They observe that Alex is connecting to a home automation system. They're able to see his private login information.
TOPE OLUWAFEMI: We're able to get credentials to access his home automation system without him knowing.
NARRATOR: The next phase gives the location of the house. They insert malicious code into the home automation system. That code tricks it into reporting the victim's G.P.S. coordinates back to the attackers every time the victim logs in on his laptop.
It takes a few days, but, eventually, they are able to deduce where the victim lives.
TOPE OLUWAFEMI: We're able to get his house coordinates, his G.P.S. coordinates, and paid him a nice little visit.
NARRATOR: Even in a simple demonstration like this, bad things can happen. With a few key strokes from their car, they unlock the doors and stroll right in.
ALEX TAKAKUWA (University of Washington): In today's world, embedded devices tend to be stripped-down computers that are meant to do some set of specific tasks, automating things like locks and lights. Oftentimes, that means they stripped down the security, as well.
NARRATOR: In the "Internet of Everything," every new device connected to the web brings both promise and peril.
DAVID ROTHKOPF: Imagine a world with 50-billion microprocessors attached to the Internet in just five years. That's 50-billion vulnerabilities, 50-billion points of entry, 50-billion points of attack.
NARRATOR: The trick is to find the right balance between convenience and security.
TARIQ YUSUF (University of Washington): You can have a solid concrete structure, and there's no way to get in, no way to get out. That's secure, not necessarily useful, because no one can access it. As you add doors, as you add windows, as you add ventilation, they become multiple points of entry and multiple points to monitor and figure out what's going on.
NARRATOR: Windows and doors are easy to lock. Not so for devices with embedded computers.
YOSHI KOHNO: So, let's say that you have a children's toy, and you suddenly start to add some computer capabilities to it; or a light switch, and you start adding computer capabilities to that; and it's the introduction of computation and the ability for someone, if they have the ability, to connect to those computers, to force those computers to misbehave. That's the first step in creating potential for an attack scenario.
NARRATOR: Cyberattack scenarios against critical infrastructure have been a concern for the Department of Homeland Security, at least since 2007, when the agency commissioned an experiment called "Aurora."
The question experts wanted to answer was a simple one: "Could a purely digital cyberattack disrupt or disable a large generator connected to the power grid?"
PERRY PEDERSEN (Department of Homeland Security, 2006–2007): I was the director of the control system security program at the Department of Homeland Security. And during that time, I ran the project that many people are familiar with, called Aurora.
NARRATOR: A team of electrical engineers brought a 27-ton, heavy-duty diesel generator to a specially built testing facility at the Idaho National Lab. After connecting the generator to the power grid, they challenged a team of computer security experts to use computer code to knock the generator off line. The test was monitored via closed circuit T.V.
PERRY PEDERSEN: In the video, you'll see it running, humming along normally. And then you see the first hit, the first jump. You see the generator shudder.
NARRATOR: The jump occurred almost immediately after the would-be attackers sent the first packet of malicious computer code.
PERRY PEDERSEN: We wanted to hit it, and then wait and collect data and see what was happening, and then hit it again, collect some data and kind of watch the progression of the damage to the generator.
NARRATOR: After the second attack, the generator lurched again, belched ominous smoke and ground to a halt. Not only was it knocked off the grid, it was rendered completely inoperable.
JOE WEISS: What they found when they opened the generator was just failures with almost all parts of the generator, both mechanical and electrical. So, what you're really talking about is, essentially, what you would do with pieces of dynamite.
PERRY PEDERSEN: This was a tough machine. This was heavy duty, and it was designed to run in severe conditions. If you were actually doing that attack, there's no reason to pause and wait in between. You simply put your software on a loop, and you just keep hitting it until it breaks.
NARRATOR: An attack like this could take less than a minute but leave consequences that would last for months.
JOE WEISS: If you damage or destroy these, you can't just go down to your neighborhood hardware store and buy another. It could take you maybe six to nine months to get another one of these.
NARRATOR: And according to a government study, a coordinated attack on fewer than a dozen power stations could cause a massive outage, far more devastating even than the historic blackout that hit the Northeast in 2003.
NEWS REPORTER: The brightness of car headlights is the only visible sight on 42nd Street tonight, as thousands wait under a cloud of total darkness.
KIM ZETTER: All you would need to do is take out about nine substations, in an attack that could result in a blackout for the majority of the U.S. that could last weeks or months, depending on how the attack was designed.
NARRATOR: And it's not only the power grid that's at risk. In 2014, seven years after Aurora, D.H.S. inexplicably released an 800-page report on the Idaho demonstration. Inside were three alarming maps, perhaps included by mistake.
JOE WEISS: These were never supposed to be declassified.
NARRATOR: The maps identify targets like refineries and gas and water lines that could be destroyed by rapidly disconnecting and reconnecting them to the power grid.
JOE WEISS: This is using the electric grid as a means of attacking the industries connected to the electric grid. You now have, essentially, a hit list of critical infrastructure.
NARRATOR: Surprisingly, our most critical facilities, like this electric power plant, must fend for themselves when it comes to defending against cyberattack. Less than a third of electricity-generating facilities are big enough to be required to abide by the strictest cybersecurity rules, yet the threat from cyber is so worrisome that few power company executives are willing to discuss the problem on the record, for fear of being targeted by hackers.
UTILITY COMPANY EXECUTIVE: I don't know how real or how probable a cyberattack is. What I do know is that protecting against it is prudent. Just because I don't know how likely something is—I don't know how likely an earthquake is; I don't know how likely a tornado is—I want to make it as hard as possible for someone to attack our generators and disrupt our society.
NARRATOR: There is a fix available to defend against an Aurora-style attack. The cost for new equipment is relatively low, but not many utilities have installed it. Security remains alarmingly lax at many power stations.
UTILITY COMPANY EXECUTIVE: I was at a conference and one of the engineers showed me how he had his iPhone set up so he could control multiple power plants at the same time.
I went to look at it, and he said, "Be really careful. If you push that button, they'll all trip off." I was speechless. I asked him, "What do we do about security?" And he says, "I make sure no one gets this."
NARRATOR: Until recently, controls at power stations were mechanical switches and immune to cyberattack, but now, the drive to put everything on line has created a hole in our defenses that no one seems able to plug.
RICHARD CLARKE: I think the public believes that the U.S. government—Cyber Command, N.S.A., F.B.I., Homeland Security—have the capability to defend the electric power grid, pipelines, trains, banks that could be attacked by other nations through cyber. The truth is, the government doesn't have the capability, doesn't have the legal authority and doesn't have a plan to do it.
MICHAEL HAYDEN: It's not a question, yet, of resources. It's a question of policy. What do you want these guys to do? What is it you will tolerate them doing to defend you, on a network in which your emails and mine are skidding about freely?
NARRATOR: Policymakers have not given the N.S.A. and Cyber Command the mission of securing the Internet, which may be fine with them, because these agencies are deploying ambitious offensive programs that exploit common security weaknesses.
N.S.A. documents contain references to programs with fanciful codenames, like TREASUREMAP, an attempt to identify and track every device connected to the web anywhere, all the time; and QUANTUMTHEORY, a suite of programs that aims to insert malware implants into computers and networks around the world.
SHANE HARRIS: Quantum, you can think of, is almost this, sort of, industrial-scale spread of computer virus. It's a system that the N.S.A. developed that allows it to, in a very quick and efficient manner, implant viruses, what are known as malware or "malicious software," on computers around the world. Think of it sort of as a big launching platform for cyberweapons.
NARRATOR: The ultimate goal is to establish hundreds of thousands of stealthy access points globally to spy, or to deal a devastating cyber counterstrike. But the emphasis on offense comes at a price. To ensure they will always have a back door into their targets' systems, the N.S.A. and Cyber Command keep the computer vulnerabilities they exploit secret.
But that leaves the same backdoors open everywhere, even here at home, undefended against attack. Which raises a question: "What's more important, a good offense or a good defense?"
EDWARD SNOWDEN: Defending ourselves from Internet-originated attacks is much, much more important than our ability to launch attacks, because when it comes to the Internet, when it comes to our technical economy, we have more to lose than any other nation on Earth. So we shouldn't be making the Internet a more hostile, a more aggressive territory. We should be making it a more trusted, a more secure environment.
NARRATOR: The U.S. economy depends on the Internet. Failures to defend it are already costing us dearly. Every day foreign hackers make thousands of digital forays against targets inside the U.S. Some of these are like spying-on-steroids and can do real military damage, something kept hidden from the public.
A secret document in the Snowden archive reveals that the Chinese have stolen "many terabytes of data" related to the design of one of America's most advanced fighter planes, the Joint Strike Fighter.
SHANE HARRIS: And when they investigated this, they found that hackers were stealing this information, not from military networks, but from the companies that are building these systems for the military. The extent of damage was pretty significant.
NARRATOR: And it's not only defense contractors. There's a new kind of attack: a nation-state going after a purely civilian business, using cyber as a weapon of intimidation and blackmail.
In late 2014, Sony Pictures releases a trailer for a political comedy called The Interview.
JAMES FRANCO AS DAVE SKYLARK, The Interview/Film Clip): Three weeks from tonight, I'll be traveling to Pyongyang, North Korea!
JAMES FRANCO AS DAVE SKYLARK, The Interview/Film Clip): Hello, North Korea!
NARRATOR: The absurd premise involves an assassination plot against Kim Jung Un, leader of North Korea.
SETH ROGEN AS AARON RAPAPORT, The Interview/Film Clip): You want us to kill the leader of North Korea?
LIZZY CAPLAN AS AGENT LACEY, The Interview/Film Clip): Yes.
JAMES FRANCO AS DAVE SKYLARK, The Interview/Film Clip): Whaaat?
NARRATOR: Shortly before the movie's release: a cyberattack.
CBS NEWS REPORTER: The F.B.I. is investigating that destructive cyberattack at Sony Pictures.
NARRATOR: Hackers, calling themselves the "Guardians of Peace," reveal that they have broken into Sony's corporate computer network and seem to threaten a 9/11-type attack on theatergoers if Sony releases the film.
Within weeks, the F.B.I. claimed to have top-secret intelligence that pointed to North Korea as the culprit.
JAMES COMEY (Director, Federal Bureau of Investigation): There is not much in life I have high confidence about. I have very high confidence about this attribution, as does the entire intelligence community.
BARAK OBAMA (President of the United States/news clip): They caused a lot of damage. And, we will respond. We will respond proportionally, and we will respond in a place and time and manner we choose.
SHANE HARRIS: The hard part for the White House was not attributing the Sony attack to North Korea, the hard thing is, what do you do about it? Because if the president of the United States is going to come out and publicly point a finger at a country for being behind a cyberattacker, there are going to have to be consequences.
NARRATOR: But calibrating that response is difficult.
DAVID ROTHKOPF: The White House has suggested, in fact, that one centerpiece of their response to cyberattacks would be what they called "naming and shaming." Well, you know, naming and shaming may work in a kindergarten class when somebody steals cookies that were intended for another child, but it's not going to work with Vladimir Putin, the Supreme Leader in Iran, or the Chinese.
NARRATOR: Cyberwar has plunged the world into chaotic, uncharted territory. Today, a single spy can stealthily steal secrets in volumes larger than all the books in the library of Congress. And nation-states are playing a dangerous game, using cyberweapons that could trigger a wider war.
KIM ZETTER: There have been officials in the past that have said, "If you take down our power grid, you can expect a missile down your smokestacks."
RICHARD CLARKE: I think it's highly likely that any war that began as a cyberwar would ultimately end up being a conventional war, where the United States was engaged with bombers and missiles.
NARRATOR: The number of nations armed with cyberweapons is in the dozens, not to mention terrorists and criminal hackers. And unless we find a way to counter their use, there is a very real danger that we will turn one of our greatest inventions, the Internet, into a dangerous battlefield.
Philip L. Geyelin Jr.
BBC Motion Gallery/ Getty Images
AP Archive/ Press Association
National Geographic Network International, LLC
Institute for Science and International Security
National Security Agency
U.S. Department of Defense
Channel 1 Russia
Stone Way Cafe
A NOVA Production for WGBH Boston
© 2015 WGBH Educational Foundation
All rights reserved
This program was produced by WGBH, which is solely responsible for its content.
Original funding for this program was provided by Google, Cancer Treatment Centers of America, The David H. Koch Fund for Science, the Montgomery Family Foundation, Millicent Bell through the Millicent and Eugene Bell Foundation and the Corporation for Public Broadcasting.
- Image credit: (Washington D.C.)
- © WGBH Educational Foundation
- James Bamford
- Author, The Shadow Factory
- Eric Chien
- Richard Clarke
- Former Pres. Advisor, Cybersecurity
- James Comey
- FBI Director
- Shane Harris
- Author, @War: The Rise of the Military-Internet Complex
- Michael Hayden
- Former Director, NSA Director (1999-2005), CIA (2006-2009)
- Tadayoshi Kohno
- University of Washington
- Ralph Langner
- Principal, Langner Group
- Liam O'Murchu
- Senior Development Manager, Symantec
- Temitope Oluwafemi
- University of Washington
- Perry Pederson
- Department of Homeland Security (2006-2007)
- David Rothkopf
- Editor, Foreign Policy
- Edward Snowden
- Former NSA Contractor
- Alex Takakuwa
- University of Washington
- Joe Weiss
- Control System Cybersecurity Expert
- Tariq Yusuf
- University of Washington
- Kim Zetter
- Author, Countdown to Zero Day
Preview | 00:30
Full Program | 53:10
Full program available for streaming through
Full program available