FOR IMMEDIATE RELEASE: February 17, 2002
SCHUMER: NEW YORK DANGEROUSLY UNPREPARED FOR CYBER TERRORIST
ATTACK
New Government Evidence of Cyber Terrorist Activity Could Mean
Rolling Blackouts, Dead Phone Lines, Subway, Train, Air Traffic
Control Shutdowns in NYC, LI; Virtually Every Local Business Would
Be Affected By Internet Shutdown
With Iran, Iraq, North Korea, Al Qaeda, Hamas, Hezbollah All
Developing New, Deadly Cyber Weapons, New York Facing New Cyber
Terrorist Threat
Schumer Announces Plan to Increase Cyber Security at Vulnerable
Local Targets
Joined by leading cyber security experts, US Senator Chuck Schumer
today said that New York is dangerously unprepared for a cyber terrorist
attack that could mean rolling blackouts, dead phone lines, and
sudden subway, train and air traffic control shutdowns. With new
government evidence showing increased cyber terrorist activity by
rogue nations like Iran, Iraq and North Korea, as well as terrorist
networks like Al Qaeda, Hamas and Hezbollah, Schumer said that local
power plants, phone systems, water treatment plants, banks, airports
and train stations across New York City and Long Island are all
vulnerable to attack. As the nation's largest metropolitan area
and as the epicenter of commerce, technology and transportation,
Schumer said that New York is the nation's most vulnerable target.
"The odds and danger of a cyber attack grow by the day and
we're doing virtually nothing about it," Schumer said. "We're
not just talking about losing email for a few hours. Terrorists
like Hamas or Al Qaeda could gain access to our power plants, our
air traffic control systems, our utilities, and our banking systems,
which translates into rolling blackouts, dead phone lines, and wiped
out bank accounts. Some experts have described us as being vulnerable
to a digital Pearl Harbor. Frankly, I fear we're on the verge of
a digital Armageddon."
At a Courts Subcommittee hearing convened and chaired by Schumer
this week, Dr. Richard Clarke, the top White House adviser on cyber
security, unveiled new evidence showing that the likelihood of cyber
terrorism is greater and potentially more dangerous than ever anticipated.
Clarke revealed that:
Many key infrastructure systems including utilities, power grids,
banking systems, and air traffic control systems have already been
penetrated, and cyber terrorists may have created trap doors and
left logic bombs allowing them to easily bypass security systems.
Terrorist organizations like Al Qaeda, Hamas and Hezbollah, who
previously used the Internet for fundraising, communication and
propagranda, are now suspected of using the Internet to develop
advanced cyber weapons to attack US systems.
Rogue nations like Iraq, Iran, and North Korea, as well as superpowers
like China and Russia, are in the process of developing deadly,
advanced warfare information systems.
In 2001, cyber attacks caused $12 billion in damage and economic
loses, with the NIMDA virus alone taking over more than 350,000
servers.
Cyber terrorists have already penetrated security systems for
a dam in Arizona and an airport in Massachusetts.
Schumer's proposed legislation would create a special task force
made up of representatives from the Office of Homeland Security,
National Security Council, the Department of Defense, the Federal
Bureau of Investigations, State Department, Justice Department,
Commerce department, Treasury Department and other key agencies
to conduct an immediate red team analysis that would:
Identify every digital area where our government and economy's
critical electronic infrastructure is most vulnerable ranging
from the digital controls for power and communications sources for
military bases to the digital controls for the electricity lines
and fiber optic cables the New York Stock Exchange or the NASDAQ
rely upon to operate.
Identify the physical locations of key electronic hardware like
undersea wire facilities connecting New York and the entire nation
with Europe (all of the fiber optic wires connecting the US to Europe
and the Middle East known as Submarine Fiber Optic Communications
Systems funnel into just two locations in lower Manhattan)
and telecom hotels that store thousands of servers that comprise
the electronic backbone of the local economy (roughly 80% of Internet
traffic routes through fewer than a dozen facilities across the
country).
Identify websites that provide information that, when compiled
with other publicly available information, could provide terrorists
with critical information about the best ways and places to exploit
US cyber weak points. When US troops confiscated Al Qaeda computers
found in caves in Afghanistan, they learned that Al Qaeda had already
used the Internet to learn the locations of key utilities.
Provide funding to upgrade security at physical and digital weak
points, and work with the private sector to narrowly limit access
to information that could assist or expedite a cyber attack
For example, the task force would examine the key sources of power,
water, and communication for highly populated areas for like New
York City or Long Island, identify the areas cyber-terrorists would
most likely attack to disrupt or destroy those sources, and then
provide funding to upgrade cyber-security to eliminate weak points.
If a combination of innocent information about power grids and electricity
lines on Con Ed, LIPA and Keyspan's websites ultimately provides
cyber terrorists with information about the best place to attack
our main power sources, the legislation would direct the taskforce
to provide ways to protect the information.
At the press conference, Schumer performed a computer demonstration,
showing how easy it is for terrorists to gain access to information
about US nuclear power plants, utilities, water plants and communications
systems. Schumer pointed out one website http://www.animatedsoftware.com/environm/no_nukes/nukelist1.htm#NewEnglandStates
that lists every nuclear power plant in the North East and
estimates potential number of casualties and property damage.
"During the Persian Gulf War and military action in Bosnia,
offensive target analysis teams performed pre-and post-attack vulnerability
assessments of enemy targets," Schumer said. "The same
needs to be done for physical and digital infrastructure within
the United States, so we can identify our weaknesses and address
them before the terrorists do it for us."
Schumer also called on Congress to pass the Cyberterrorism Preparedness
Act of 2002, legislation authored by Senator John Edwards (D-NC)
that directs the National Institute of Standards and Technology
(NIST) to develop cyber-security best practices and conduct long-term
cyber-security research and development. The bill co-sponsored
by Schumer would help develop new ways to protect the nation's
physical and digital cyber infrastructure, complementing Schumer's
red team analysis legislation.
Schumer was joined by Alan Paller, Director, SANS (System Administration,
Networking & Security) Institute.
# # #
|