# Cyber attack 'could fell US within 15 minutes'



## Colin1 (May 8, 2010)

_The Daily Telegraph_ 8 May 2010

*By Alex Spillius
in Washington*

The United States must prepare for a full-scale cyber attack that could cause death and destruction across the country within 15 minutes, a former anti-terrorism official has warned.

Richard Clarke, an adviser to Bill Clinton and George W Bush, claimed that America's lack of preparation for the annexing of its computer system by terrorists could lead to an 'electronic Pearl Harbour'.
Mr Clarke's new book, _Cyber War: The Next National Security Threat_, written with Robert Knake, warns that tens of thousands of Americans could die in an attack comparable to a nuclear bomb. Yet it would take no more than 15 minutes and involve not a single terrorist or soldier setting foot in the US.

The book outlines a doomsday scenario in which the problems would start with the collapse of one of the Pentagon's computer networks. Following the attack, internet service providers would be in meltdown while chemical plants malfunctioned, releasing lethal clouds of chlorine.

Planes would collide in mid-air and underground trains crash in New York, Washington and Los Angeles. More than 150 cities would be hit by power cuts. As the chief anti-terrorism adviser to Mr Clinton and then Mr Bush, Mr Clarke issued warnings of the need for better defences against al-Qaeda and wrote about his futile campagin on the 2004 book _Against All Enemies_. Now he argues that a similar lack of preparation could exact a tragic price.

In part, the US has been hampered by the success of the internet and expansion of computerised networks, which have led to a hazardous degree of over-dependence. The belief in the internet as the free-wheeling epitome of American free speech has made government intrusion politically difficult, leaving the private sector particularly vulnerable to well-trained hackers.

Mr Clarke and Mr Knake believe that successive administrations, including President Obama's, have failed to get to grips with the scale of the problem.

The armed forces have yet to open the new US Cyber Command Centre amid disagreements about what role different agencies would play. At least 30 nations have created offensive cyber war capabilities which enable them to plant a variety of viruses and bugs into the key utility, military and financial systems of other states.

The authors are convinced that there will at some point be a cyber war between two nations and are concerned that such a conflict would 'lower the threshold' for a conventional war.

The US is currently far more vulnerable to cyber war than Russia, China or even North Korea, because those countries are less reliant on the internet. Britain, as a state more tolerant of government interference, is also thought to be far better prepared than its ally across the Atlantic.

"We must have the ability to turn off our connection to the internet and still be able to continue to operate" Mr Knake, a senior fellow at the Council on Foreign Relations told the _The Daily Telegraph_. "Relying on a system as precarious as the internet is a big mistake. It is a fundamentally insecure ecosystem that is ripe for conflict and gives countries with disadvantages in conventional weapons an asymmetrical advantage".

The US has already experienced two major cyber warning shots. Hackers from Russia or China successfully planted software in the US electricity grid that could be used to sabotage the system at a later date. In 2009, North Koreans succeeded in bringing down the servers of the Department of Homeland Security, the US Treasury and several other government departments.

Most dramatically, the attack saturated the internet connections of a Pentagon server on which military commanders would rely for logistical communications in an armed conflict.

"We need to rethink the premise that just because this took place with bits and bytes it wasn't a dangerous and destabilising action" said Mr Knake.


----------



## Colin1 (May 8, 2010)

I wonder if this guy was consulted for the Die Hard franchise..


----------



## BombTaxi (May 8, 2010)

It does seem a little extreme, to my mind. Surely there are fail safes in all of these systems? Certainly, if all the railway signals were to shut down in the UK, all the trains would simply stop. Likewise, I'm sure Chemical plants have secondary safety systems (mechanical perhaps?) to prevent a disaster occurring if the computers fail? The bit about ATC failure is quite scary, and certainly very dangerous, but I think a body count of tens of thousands is a little steep...


----------



## RabidAlien (May 8, 2010)

I'm sorta caught in the "how to" of Internet providers melting down causing chemical plants to spew lethal clouds of chlorine? Are all IP's run from chlorine-production plants, and somehow utilizing excess chlorine gas (you know how overzealous those darn chem-plant workers are) to run their servers? That *could* explain why those of us who use PC's on a regular basis are so pasty-pale white.....


----------



## RabidAlien (May 8, 2010)

...double-post...maybe someone read my snarky comment and sent a little bit of extra chlorine down my Cat5?


----------



## Colin1 (May 8, 2010)

RabidAlien said:


> ...double-post...maybe someone read my snarky comment and sent a little bit of extra chlorine down my Cat5?


...was thinking that and please, don't drive anywhere tonight. If you must, don't believe a word your satnav tells you...


----------



## BombTaxi (May 8, 2010)

I don't believe a word my satnav tells me anyway. According to that thing, all roads lead to the North Circular... or an equivalent traffic jam


----------



## Glider (May 9, 2010)

The important word is Could, I suspect that he is trying to sell his book. Safety protocols would kick in to stop all the major events he listed from happening and key security systems are deliberately not attached or linked to the Internet in any way. Those that are linked to the internet have what are best described as electronic dead ends to ensure that the data goes to a certain point and are not allowed any further.

Backups are stored at least every night and there are cold start sites available. So if the network is compromised to any degree the cold start sites which are totally separate sites which duplicate the live network but are switched off can be started up with clean hardware/software and backed up data. Before you have to use the cold start sites there are Primary Networks and Back Up Networks and these are separate. Often the back up network uses a satellite so there is no dependency on hardware. 

There would be disruption as there are not enough cold start sites available but in the UK and no doubt other countries the Government departments have plans so that they know the minimum requirements needed to maintain operations to make the best use of the sites available. So everything would work but it wouldn't be business as usual but neither would it be a total disaster.

To use power stations as an example, if all the power stations in the UK fail which is pretty much a worst case scenario, then plans/equipment exist so that certain stations can self start normally using gas turbine generators, these can then be used to start other stations and the grid can be up within 24 hours. 

Re computer data, all data centres have their own independent power generators which have back up generators which can take over and as a further back up batteries to keep things going in case of problems with the switchover.
I have seen a couple of independent data centres and they are very, very impressive. The two sets of generators are in different buildings and are cross linked so that each building is producing 50% of the power with 50% capacity switched off. As a result both buildings which are more like bunkers would have to be destroyed to cut power. If this happens then the batteries are on standby and there are links to two other data centres for both power and data.

I could go on but I think you get the picture


----------



## timshatz (May 9, 2010)

Glider. Thanks for the post. It is interesting. Glad to see somebody out there is thinking about it.

It is interesting this thread came out. It kinda links into the drop in the Dow on Thursday. I haven't heard much about it, but I'm pretty sure that was an inside/outside computer genereated event. The "thick finger" call that is running around out there doesn't seem to be true. if it were, they'd be hanging the guy from a light post in Times Square right now and it hasn't happened. But dropping the down 1,000 points in 10 minutes was a setup. I am sure. I watched it happen and was thinking the whole time, "This isn't right, something is going on here".

Question I have is, was it an inside job by people who knew the mechinations of the code/algorithims (keep in mind that Goldman Sach's programs were sold off last year by one of their tech guys, I do not know if they caught him before it got out) where they exploited a down trend day and ran an algorithym inside the system to start a cascading failure for the sole point of making billions or if it was a foriegn country doing the same thing to crash the markets. 

I am not as well versed in this as many people on the board and would like some feedback. My thought is by knowing the way the programing is done, could somebody hack into several systems and place a program in there set to fire off if certain paramenters were met in the market (several sell orders in for a certain stock well below the market price). The intent of getting the program to cascade down faster than anyone can stop it? After it is done, can the program delete itself and destroy traces?

Is this possible or am I being paranoid?


----------



## Glider (May 9, 2010)

I am more than ready to believe that someone entered the wrong amount and the checks failed, it happens all the time. It used to be the case that different broking houses programmed their systems to sell a certain stock if it fell by a certain amount or percentage but this has caused a crash in the past, as a waterfall effect took place. This practice is now outlawed and there has to be a manual check before the order is placed.
However maual checks can fail, people are human and humans make mistakes. The important thing is that the price soon recovered and no lasting damage was done.

Its a balance, you have to give flexibility and allow markets to trade but you have to have checks and balances in place to pick up and resolve the problem.


----------



## RabidAlien (May 9, 2010)

Some good points put forth there, lots of food for thought! But I'm stickin with my chlorine explanation.


----------

