What I don't know are the benefits we reap from putting our infrastructure online that make exposure to the range of vulnerabilities discussed and more ominously only hinted at in this program worthwhile?
The scada system apparently compromises our power grid, but at least the owners of the power grid save on the labor that would otherwise be necessary to go out in the field and monitor and repair the grid? But how does that make sense if the utilities earn a set rate of return? Wouldn't it be more economic to supplement the cost of labor than what is certainly a much higher cost of developing and sustaining a national defense operation monitoring the power grids? Something doesn't add up. There seems to be an attitude towards technological momentum that assumes inertia and the inability to back track. It wasn't that long ago that email was a novelty introduced to college kids (about 15 years to be exact). I am no luddite, but sometimes the benefit of technology simply doesn't justify the cost or potential cost (risk).
A quick example to illustrate. There is currently a small but consolidating swell of a movement to marry credit cards with mobile devices (cell phones). Credit cards are already mobile last I checked, and aside from the economic benefit for the mobile operaters, the benefits espoused by this movement for consumers and merchants are that consumers can point their phone 4cm away from a reading device rather than swiping a card through the same device, and that ques at merchant stores will move more quickly. The public good of saving the consumer the effort of extending his/her arm another 4cm is dubious for obvious reasons. The good to the merchant is patently false, since it will not make a transaction any quicker than the use of a traditional card. This is a benign example but illustrative of the sometimes dubious benefits from "technological advances". And what do we get in exchange? Another vulnerability in our financial system that needs to be monitored...
How can we get this program to be shown on CNN, ABC, CBS, NBC and the BBC. I feel that all of America needs to know this. I beleive that very few people realize the internet vulerability. Just this program alone should inform people of just how much effort we must put into monitoring and defeating terrorist around the world, by what ever means or resourse necessary.
Thanks for being there.
Security is the responsibility of ALL of US! I look after MY PC's and I expect YOU too look after yours. Our biggest vulnerability is the thousands of computers running Windows 9x OS's connected to Broadband ISP's. Its the Night of the Living Dead out there, thanks to the greedy irresponsible ISP's who will sell and connect Broadband to any CPU with a hard drive.
Zombie attacks are a real possibility, I receive Spam and contaminate attachments from Zombie computers all the time, I trace the DNS and see that they are coming from Broadband accounts.
I thought it was paticularly interesting to hear experts say that in fact, we could be withought power for up to 6 months in some scenarios. 6 months?!!
I tried to picture how chaotic a big city like Houston would be without their power grids for 1 week let alone months. Its hard to eat when 4 million people all need to hunt to eat tonight!
I watched the Cyberwar Special and found it disgusting. It was so bad I don't even know where to start. The guests they had were annoying, but journalistic dishonesty story was infuriating.
The program went to great pains to make a statement that Al-Qaida was planning a cyber-attack. They noted that they found diagrams of dams in Al-Qaida training camps. The editors pushed the idea that Al-Quaida was planning to launch a cyber attack on the electronic sluice gates for these dams, because "it would take tons of explosives to destroy the dams". Um, the truck bomb driven by Timothy McVeigh had about 4000 lbs of explosives - two tons.
The terrorism portion of cyberterrorism is a lie. It is simply cyber mischief. Even the supposed "dollar losses" from hackers is fairly suspect. If some hacker keeps me from shopping at Amazon for a few days then in those two days Amazon loses money from me, but after I get my internet back, I buy whatever I was going to buy anyways, so there is no net loss.
Thank you for this program.
Now with outsourcing of U.S. Engineering R&D/QA and replacement of American engineers with foreingers on H-1B, L-1 VISAs simply to obtain cheaper labor, we are even more vunerable. The corporate boardrooms have dismissed professional ethics and loyalty as something too costly for their bottom line.
What few are discussing is engineering itself is a skill as powerful as an AK47 in terms of sabotage. Outsourcing products to foreigners to build instead of Americans leaves even more vunerabilities in US systems. Not only does US law not cover other countries, but these very foreigners have no vested interest in America itself. They are not Americans. It's amazingly naive, both of the US government/DoD and the private sector to just assume that foreigners would adhere to engineering ethics with a nation they have absolutely no loyalty to.
While I was impressed to see some training exercises in defense system penetration, still most engineers will announce in no
uncertain terms there is much work to do. I'm with Clarke on wishing for once, solutions are made before the disaster happens, not after.
One way to assist is to keep American engineers
employed and not cast aside for cheaper foreign replacements.
Not only is it immoral, it completely weakens the technical superiority of the US and reduces the number of Americans
capable of protecting their country from just the topic of this program.
Agree, in principality, with the post by Mark McMurtry. Thank you for your show!!
The 'threat' is more than possible, it is inevitable. As we develop more dependance on technology, we also increase our own vulnerability. There IS no going back there is ONLY learning to protect and defend our 'brave new world'! (as is part of our heritage as a nation)
It is disturbing that our 'enemies' are learning our frailties at our own universities or from our own creations! But this is to be expected as 2 of their tools are deception and subterfuge.
Please continue to keep us informed and (for those who care) apprised of tools and methods in which we can help to defend against these kind of attacks.
Americans, take up your muskets (tools of defense)...!!
Thanks again for your programming,
(as for understanding, validity or experience: I am now over 20 years with the computer industry)
The threats shown on this program are disturbing. It was reassuring to hear the voices and views of the cyber experts that are preparing a defence/offense. I am going to view the entire program on-line and prepare a summary that I can use to spread these ideas within my cyber corner of the cyber world. If many of us in this cyber corner talk and spread these ideas among our peers it will help those who are directly responding to cyber attacks.
Thank you Frontline! Repeat this program in the near future.
If man's mind can conceive it......it can be done......beware of the unknown for it will be the downfall of all who don't head the warnings that we see everyday.
I am a network security officer that deals with fortune 500 companys. It is sad to say this but like most of our security practices in the USA, we take the reactive approach and are always worried about cost. I would have hoped that this changed after 911, but I guess not.
Do I think that a techno doomsday is imminent ? Probably not, but also taking a more proactive appoach to newer technologies that exist could PREVENT a cyber attack (and is a lot cheeper than just waiting for it to happen).
Rochester, New York
I viewed your program with interest. I felt that even in a virtual world, the psychology of the perceived threat can hinder your daily routine. If not by a significant amount now but, as the virtual products proliferate our social fabric i.e. games, cell phones and wireless PDAs, there will be nothing to prevent a hacker to use existing and future market products and platforms to assail the critical control systems of a nation.
Using the guise of a video game for example; think of it, game systems can be used to access the internet can be designed to allow gamers to attack some systems without the knowledge of the user. Our imagination is the best defense/offense.
The government, the military, and the computer industry will have to come to grips with this problem. But a significant component of this problem occurs in your viewer's homes and on their desks at work. Although much of the hardware and software we use have security problems, many of these problems can be fixed, and the solutions are easy to apply! So before you criticize Microsoft, be sure to run your Windows Update. Install a virus checker. Be smart about passwords. This won't solve all problems, but it can go a long way.
Wake up America!
Hopefully your show will help to sound the alarm.
We are warm and safe in our beds now, but that faint, odd sound is the sound of the barbarians at the cyber gates.
There appears to be two camps in the opinion of this episode: Those who are dismissive of the threat and those who take the threat very seriously. One side seems to be crying wolf, and the other side seem to have their heads in the sand. But it seems to me that the main argument is the same as it was in "Missle Wars:" Is the threat to the US really probable or merely possible?
Overall, I would have to agree with Richard Clarke's position because I saw a few things in the report that were very troubling. ...
If the alarmists are wrong, then we may spend billions of dollars to make our infrastructure more secure and reliable. If the doubters are wrong, it could be as one person put it a "cyber Pearl Harbor." I would rather err on the side of caution.
The Cyberwar discussion, like the new plagues SARS, Ebola, etc suggest the 21st century is the opposite of the rosy utopianism of technolibertarians like the Electronic Frontier Foundation. Security, property and life, classic social values, and social cohesion as a backup, trump excessive claims to liberty and privacy. Not recognizing this fundamental ethical priority in values is not intelligent. It is to voluntarily throw away your weapons and rigidly stick to 18th century myths, as you face the daunting risks of a starkly different epoch. Thanks for the program, it was truly a FRONTLINE early warning.
Vincent di Norcia
Barrie, Ontario, Canada
Computers aren't stupid. It's the people who build them, program them, sell them, and use them. Oh, yes let's not forget the people who run the companies that employee those people.
Perhaps you have heard that most of the USA's software development and programming work is being shifted to India, Russia, and many other emerging nations where the cost of labor is cheaper.
Since the problem is people based, how can we trust a cheap worker in a foreign country to ensure that the piece of software code he is working on will be secure? What if it has a backdoor built into it? What if that worker is secretly a member of Al Quida or some other terrorist network?
Do we have the time to check every line of code that is written by someone else to make sure it is secure? No, we can't even get it right in our own country Microsoft.
Will American programmers remain loyal to their employeer and review every line of code that they get back from India, while they nervously await their job to be outsourced?
Will American network administrators try half as hard to secure their networks and systems, as their country turns into a welfare nation without jobs?
It was a great program, the threat is very real, but unfortunately it won't affect anything even after the major cyber war event happens.
We're humans, you can't fix us.