FOR IMMEDIATE RELEASE: February 17, 2002

SCHUMER: NEW YORK DANGEROUSLY UNPREPARED FOR CYBER TERRORIST ATTACK

New Government Evidence of Cyber Terrorist Activity Could Mean Rolling Blackouts, Dead Phone Lines, Subway, Train, Air Traffic Control Shutdowns in NYC, LI; Virtually Every Local Business Would Be Affected By Internet Shutdown

With Iran, Iraq, North Korea, Al Qaeda, Hamas, Hezbollah All Developing New, Deadly Cyber Weapons, New York Facing New Cyber Terrorist Threat

Schumer Announces Plan to Increase Cyber Security at Vulnerable Local Targets

Joined by leading cyber security experts, US Senator Chuck Schumer today said that New York is dangerously unprepared for a cyber terrorist attack that could mean rolling blackouts, dead phone lines, and sudden subway, train and air traffic control shutdowns. With new government evidence showing increased cyber terrorist activity by rogue nations like Iran, Iraq and North Korea, as well as terrorist networks like Al Qaeda, Hamas and Hezbollah, Schumer said that local power plants, phone systems, water treatment plants, banks, airports and train stations across New York City and Long Island are all vulnerable to attack. As the nation's largest metropolitan area and as the epicenter of commerce, technology and transportation, Schumer said that New York is the nation's most vulnerable target.

"The odds and danger of a cyber attack grow by the day and we're doing virtually nothing about it," Schumer said. "We're not just talking about losing email for a few hours. Terrorists like Hamas or Al Qaeda could gain access to our power plants, our air traffic control systems, our utilities, and our banking systems, which translates into rolling blackouts, dead phone lines, and wiped out bank accounts. Some experts have described us as being vulnerable to a digital Pearl Harbor. Frankly, I fear we're on the verge of a digital Armageddon."

At a Courts Subcommittee hearing convened and chaired by Schumer this week, Dr. Richard Clarke, the top White House adviser on cyber security, unveiled new evidence showing that the likelihood of cyber terrorism is greater and potentially more dangerous than ever anticipated. Clarke revealed that:

Many key infrastructure systems including utilities, power grids, banking systems, and air traffic control systems have already been penetrated, and cyber terrorists may have created trap doors and left logic bombs allowing them to easily bypass security systems.

Terrorist organizations like Al Qaeda, Hamas and Hezbollah, who previously used the Internet for fundraising, communication and propagranda, are now suspected of using the Internet to develop advanced cyber weapons to attack US systems.

Rogue nations like Iraq, Iran, and North Korea, as well as superpowers like China and Russia, are in the process of developing deadly, advanced warfare information systems.

In 2001, cyber attacks caused $12 billion in damage and economic loses, with the NIMDA virus alone taking over more than 350,000 servers.

Cyber terrorists have already penetrated security systems for a dam in Arizona and an airport in Massachusetts.

Schumer's proposed legislation would create a special task force made up of representatives from the Office of Homeland Security, National Security Council, the Department of Defense, the Federal Bureau of Investigations, State Department, Justice Department, Commerce department, Treasury Department and other key agencies to conduct an immediate red team analysis that would:

Identify every digital area where our government and economy's critical electronic infrastructure is most vulnerable – ranging from the digital controls for power and communications sources for military bases to the digital controls for the electricity lines and fiber optic cables the New York Stock Exchange or the NASDAQ rely upon to operate.

Identify the physical locations of key electronic hardware like undersea wire facilities connecting New York and the entire nation with Europe (all of the fiber optic wires connecting the US to Europe and the Middle East – known as Submarine Fiber Optic Communications Systems – funnel into just two locations in lower Manhattan) and telecom hotels that store thousands of servers that comprise the electronic backbone of the local economy (roughly 80% of Internet traffic routes through fewer than a dozen facilities across the country).

Identify websites that provide information that, when compiled with other publicly available information, could provide terrorists with critical information about the best ways and places to exploit US cyber weak points. When US troops confiscated Al Qaeda computers found in caves in Afghanistan, they learned that Al Qaeda had already used the Internet to learn the locations of key utilities.

Provide funding to upgrade security at physical and digital weak points, and work with the private sector to narrowly limit access to information that could assist or expedite a cyber attack

For example, the task force would examine the key sources of power, water, and communication for highly populated areas for like New York City or Long Island, identify the areas cyber-terrorists would most likely attack to disrupt or destroy those sources, and then provide funding to upgrade cyber-security to eliminate weak points. If a combination of innocent information about power grids and electricity lines on Con Ed, LIPA and Keyspan's websites ultimately provides cyber terrorists with information about the best place to attack our main power sources, the legislation would direct the taskforce to provide ways to protect the information.

At the press conference, Schumer performed a computer demonstration, showing how easy it is for terrorists to gain access to information about US nuclear power plants, utilities, water plants and communications systems. Schumer pointed out one website – http://www.animatedsoftware.com/environm/no_nukes/nukelist1.htm#NewEnglandStates – that lists every nuclear power plant in the North East and estimates potential number of casualties and property damage.

"During the Persian Gulf War and military action in Bosnia, offensive target analysis teams performed pre-and post-attack vulnerability assessments of enemy targets," Schumer said. "The same needs to be done for physical and digital infrastructure within the United States, so we can identify our weaknesses and address them before the terrorists do it for us."

Schumer also called on Congress to pass the Cyberterrorism Preparedness Act of 2002, legislation authored by Senator John Edwards (D-NC) that directs the National Institute of Standards and Technology (NIST) to develop cyber-security best practices and conduct long-term cyber-security research and development. The bill – co-sponsored by Schumer – would help develop new ways to protect the nation's physical and digital cyber infrastructure, complementing Schumer's red team analysis legislation.

Schumer was joined by Alan Paller, Director, SANS (System Administration, Networking & Security) Institute.

# # #