Terrorism 2.0 - Is Coffee Still More Important Than IT Security?



Oil & Gas IQ
03/03/2011

In April of 2009, the Wall Street Journal reported that the US National Power Grid had been infiltrated by cyber attackers and was vulnerable to future digital incursions.

cyber security

Amidst a barrage of media criticism and headlines like "Cybersecurity: Is the U.S. Government doing enough?" SCADA systems were firmly in the spotlight and the Obama administration ordered a "top-to-bottom review" of electronic infrastructure systems in the US.

The 2009 invasion, was not by any means the first in regards to cyber security breaches affecting critical systems.

As early as 1992, a disgruntled Chevron employee managed to disable emergency alert protocols spanning 22 states in the contiguous USA. In 2000, hackers in Russia managed to seize control of Gazprom's entire natural gas pipeline network, and 2003 saw the Slammer and Blaster computer worms shutting down safety systems at Ohio's Davis-BesseNuclear Power Station's for 5 hours, and contributing to a the blackout of the North-Eastern American that affected 55 million people in the US and Canada.

It was after this combination of events that America's first "Cybersecurity Czar", Richard Clarke, stated: "If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked."

Fast-forward to July 2011 and the Stuxnet computer worm infected vital systems controlling the Iranian nuclear reactor at Bushehr and up to 12 million computers and many thousands of essential infrastructure systems across China. If there needed to be a wake up call for energy companies across the world as to the danger of SCADA system, Stuxnet was it.

Just prior to the Stuxnet attacks, the US Senate started discussing the Protecting Cyberspace as a National Asset Act of 2010, whose advocates decried "the federal government's efforts to secure cyber networks" as "disjointed, understaffed, and underfinanced", stating that: "wecannot wait for a cyber 9/11."Senator Joel Lieberman of Connecticut professed that: "This bill was prompted by growing concerns that public and private sector networks have become increasingly vulnerable to attack from cyber warriors, spies, criminals and terrorists."

While incidents like Stuxnet highlight the possibilities of a "Digital Armageddon", the probabilities of such an event are still remarkably slim.

To date, not a single person has died as a result of cyberterrorism, and we must believe that the international terrorist's motive is still to kill and maim and not cause digital disruption.

While Terrorism 2.0 represents a huge threat in the Information Age, it is simply not as logistically feasible or impactful in the short-term as conventional terrorism for extremist purposes. Although an alleged "Al Qaeda Online" cell was discovered in 2003 to have SCADA systems information relating to dams in the US, there has been no solid evidence of a concerted attack plan then or since.

Post-Stuxnet, the prevailing mood of preparation for imminent attack does seem to be prudent if not a little alarmist in nature. Be under no illusion, coffee is now a secondary consideration for oil and gas companies.

[eventpdf]