At risk: computers that run power grids, refineries.
By Nathaniel Hoopes, Contributor to The Christian Science Monitor
Buried deep in America's new energy legislation is a requirement
that power companies step up their safeguards against computer attack.
Why does a law aimed at boosting energy production address the dangers
of hackers, software "worms," and computer viruses? Because the
automatic networks that run so-called "critical infrastructure" are
emerging as a vital - and weak - link in America's defense against
Networks run everything from water-treatment plants and oil refineries
to power grids and transport networks. They constantly read data and
adjust, opening a valve here, closing a tank there, often keeping the
facility operating 24/7. In the wrong hands, however, such systems
could be compromised.
"People downplay the importance of cyber-security, claiming that no
one will ever die in a cyber-attack, but they're wrong," says Richard
Clarke, a former terrorism and cyber-security czar in the Bush
administration. "This is a serious threat."
In March, for instance, hackers gained access to the electronic
control systems of the nation's electric power grid, says Dave Powner
a cyber-security specialist at the US Government Accountability Office
(GAO). In 2003, a computer "worm" on the Internet may have helped
delay power companies' response to the major Midwest and Northeast
power outage, although the electric industry says it has found no
evidence of a cyber-related effect. In all, the first half of 2005 saw
237 cyber-attacks worldwide - a 50 percent rise from the same period
last year, according to IBM's global security intelligence team.