Under Attack 4: Cyber Threats to Critical Infrastructure

Gordon Corera and his interviewees dwell in this part of the series on cyber attacks targeting components of critical infrastructure, and their consequences.

Everyone says they’re under attack in cyberspace. But they all have different ideas of what that means. Part of this is about nations finding their feet in this new world which has transformed our way of life, including how we conduct spying and warfare.

Now about our dependency on the Internet, the battle over the control of cyberspace, and how vulnerable we’ve all become and about the extent to which cyberspace is now being used to spy, steal and to wage war.

It is easy to lose sight of how much our daily lives are dependent on the Internet, leaving us vulnerable to those who wish to do us harm. But every now and again there is a reminder.

– Hello, this is Breakfast with Bill Turnbull and Sian Williams.

– The Games are about to begin. Welcome to our first special program from here, the Olympic Park, as London prepares for the spectacular opening ceremony happening right here in just a few hours time.

Oliver Hoare On July 27th 2012 the world was preparing to watch the opening ceremony of the London Olympics. But what the world did not know was that behind the scenes those involved in securing in the Games had a fear. What if half way through the ceremony everything went dark? Oliver Hoare in charge of cybersecurity for the Games was tucked up in bed when he was woken early.

– I had a foreign call at 4.45, which is always disturbing, particularly on your day off, but more disturbing was the fact that the foreign call was from GCHQ and there was a suggestion that there was a credible attack on the electricity infrastructure supporting the Games. First reaction to that is: goodness, I must get a strong cup of coffee and get into the office.

– After 7 years of planning and waiting, the moment is here: we are just hours away now from the opening ceremony of London’s Olympics.

– We have a bird’s eye view here, so let’s…

London 2012 Olympics opening ceremony was at risk

London 2012 Olympics opening ceremony was at risk

The Olympics were a showcase to the world, designed to display Britain at its best. The damage to the country’s reputation if a hacker turned the lights off would be enormous. This is the first time anyone’s talked about those fears.

– My first response actually was: “Is it credible?” It was my day off, and I was looking forward to enjoying the opening ceremony, and so on. Luckily, not luckily, I think by design, we had tested and exercised ad nauseum. We had also tested no less than 5 times the possibility of an attack, a cyber attack on the electricity infrastructure, or the power infrastructure. In a sense, I think we felt pretty well prepared. But there’s always an amount of concern, particularly when you’ve only got 8 or 9 hours before the opening ceremony.

– The clock was ticking, wasn’t it?

– The clock was absolutely ticking, so it was a fast moving a) investigation, but b) how do we put the mitigations in place? And I distinctly remember about an hour or so before the opening ceremony a conversation: “So, what’s the situation?” And you know, good news is that if the lights go down, we can get them up and running, regardless, within 30 seconds. Now, on the surface you might say: “Wow, that’s great.” 30 seconds at the opening ceremony with the lights going down would have been catastrophic in terms of reputational hit. So I watched the opening ceremony with a great deal of trepidation.

– Where did you watch the opening ceremony?

– I did actually watch it from home, but at that stage, you get to a stage where there’s only so much you can do.

– Were you biting your nails?

– I was very much on the edge of my seat and, being a good government official, had not said anything to my wife and children about this event. So we’re sitting there sort of being very nervous, but thankfully it went through…

– Every time the lights must have dimmed in Danny Boyle’s opening ceremony, you must have thought it was a cyber attack.

– There was always a twitch.

Richard Clarke The attack never materialized. A false alarm this time, but the risk was real. A country relies on its critical infrastructure for everyday life: power, water, financial services, telecoms, government, services which are increasingly controlled and accessible through the Internet. 50 years ago espionage or even sabotage might have involved someone sneaking into a power station and perhaps planting a backpack full of explosives. Today it could simply involve sitting at a computer thousands of miles away. President Clinton woke up to the danger in America during the mid-1990s, appointing Richard Clarke as the country’s first cyber czar.

– The President had appointed a commission in 1996 to look at the protection of critical infrastructure. We were thinking bridges, dams. The commission took a year or more and came back and said: “Critical infrastructure is increasingly being controlled by software and on the Internet.” And there are threats on the Internet of hackers, therefore the commission said the government needs a policy and needs to start thinking about the threats to critical infrastructure through cyber attack. That all sounded nice; it didn’t seem to have anything to do with me until President Clinton said: “We need someone to worry about this, and since you worry about other forms of protection and other threats, you get to worry about this as well.”

– And how worried were you about what you found at that stage?

– I was shocked, frankly, because I knew so very little about it, but most people knew little about it. And when I learned how vulnerable these things were, how vulnerable the software was, how vulnerable the hardware was, and how easy it was to hack into very important systems.

That was more than 15 years ago. Since then more and more systems have gone online, everything from power stations to banks are now hooked up to the Internet.

Here at the White House cybersecurity has moved to the very top of the political and policy agenda. This is the country where the Internet was born. But there is a sense that perhaps something has been unleashed, which America can’t control and which poses real threats. Those fears were articulated in President Obama’s State of the Union address earlier this year.

– Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.

So, who is probing America’s infrastructure and why? Richard Clarke:

– Well, if you think about the air traffic control system and the electric power grid, there’s very little intelligence value in getting into those. You don’t learn anything that you can then apply in China or Russia. The only real point of getting into the power grid control system or the air traffic control system is to have a cheap deterrent – it’s a lot cheaper than nuclear weapons. It’s not very credible that you would ever use nuclear weapons. It’s slightly more credible to suggest that you might one day under a crisis situation destroy parts of the electric power grid.

– The Chinese would probably say: “We’ve seen the Americans in our infrastructure.”

– They’ll probably be right.

Read previous: Under Attack 3: Who Spies on Whom?

Read next: Under Attack 5: Massive DDoS Attacks and Stuxnet

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: