Harvey Drucker
Argonne National Laboratory
A long time ago, a perfectly respectable bomber would cost a few million dollars, and now they cost hundreds of millions. When you would attack infrastructure, such as electrical power stations, refineries, and oil production facilities, you would bomb them. There was a weapon worth protecting. With a hundred million dollars for a bomber, you could get rid of technology that was worth one to two billion dollars. The whole thing was a very expensive business.
Now things are quite different. Four or five buckets in hand and two bucks of chemicals give you toxic chemicals you can dump in the subway and create havoc. A few million electrons put in the right place, zipping through the right semiconductors, can take out a massive computer network that regulates the flight patterns over (Chicago’s) O’Hare Airport. It’s very, very easy to do. No declaration of war, no noise, no nothing, just bang. It’s untraditional warfare. This situation is now being better recognized. You may know of the recent Presidential report on infrastructure protection. I won’t read it but, basically, it says that messing with infrastructure can create real problems.
What is infrastructure? It supports our exceedingly complex modern lives. It’s the stuff by which, when you wake up in the morning on the 70th floor of your apartment building, you are assured that water will come out of the tap. You are assured that when you return home the elevator will take you to the 70th floor. You are assured that the subway you ride and the airplane you get on will be controlled properly by any number of circuits, controlled by any number of computers. All this infrastructure, public and private, makes life in developed nations work.
There are three major points we need to be concerned with. First, our dependence on technology has made our infrastructure more important to our daily lives, and our lives considerably more vulnerable. Second, the bad news is that the technology available for attacking infrastructure has changed, and you can get it very easily. You do not have to be a member of the CIA or FBI. Finally, the technology for defending infrastructure has not kept pace with the technology for destroying infrastructure.
Why are we more vulnerable? I think that vulnerability increases with deregulation, especially with regard to the electrical transmission systems that power your house. The companies that produce and transmit power are trying to save dollars; they weren’t so much in the past because they were more regulated industries. Also, we are more vulnerable because they are becoming increasingly centralized. We don’t have small transformers all over the place, but gigantic transformers. A high-voltage transformer is so expensive that companies don’t want to have extras on hand because of their costs. These transformers can only be shipped by a limited number of special railroad cars. When one of the transformers goes out, the power companies route power around it as best they can until they replace the transformer. Power companies right now don’t want to have any more capacity than they must. The result is that there’s not a lot of reserve built into the system.
There was a lot of concern during the summer of 1997 in the Midwest. If it had been a really hot summer, given that three of Commonwealth Edison’s nuclear reactors were down and Wisconsin Power was having problems, it would have resulted in brownouts throughout the Midwest, including Chicago. I heard someone from one power company say, “We’re going to end up having to start our own telephone system because the power at Bell Systems will be off.” But we didn’t have a very hot summer. The moral of the story is that there’s not a lot of duplication built into the system. What’s more, the systems are becoming more and more computer-controlled. Substations are all controlled from distant points, from computer screens; there is no one at the site. This opens the door to computer hackers, and there are examples of mischief occurring.
Look at the oil and gas industry. In the winter of 1992-93, the systems in a number of major cities came very close to closing down, not because they didn’t have gas, but because the infrastructure, the piping system, was losing the ability to pump at the rate that was required to get gas into people’s homes.
Refineries are exceedingly complex plants; up to a million valves and switches route the various fluids. In one plant they were producing a lot of hydrogen sulfide, removing it from crude oil, which they would concentrate and sell. This process produced a lot of toxic material. Someone was thinking about blowing it up, and, had they done so, it would have caused a significant loss of lives.
The number of refineries, the number of nodes in which you get gasoline and petroleum, has come down. They operate at higher and higher capacities. From 300 nodes in 1980, today they are down to 161. What does that mean? An oil shortage is not caused by a refinery turning off the oil. In fact, one shortage came from a lack of refinery capacity. Oil prices don’t always reflect the amount of oil but the amount of refinery capacity. If one refinery is out, if an area has gone from five to four, there will be a shortage in refinery products.
We don’t have a lot of good faith in the pipelines. Fifty percent of what goes into New York and New Jersey comes from one pipeline. Six lines carry all the natural gas that comes into the city of Chicago. If you take one out, the house goes cold, and it’s not that difficult to take them out.
The United States is a democracy. Information about taking out a pipeline is easy to get. Anyone dig a hole in their backyard recently? You can call the government, and they tell you where every pipeline on the property is. It is trivial to know where the nodes are to disintegrate, if you want to knock out electricity, oil, or natural gas to a city. It is not difficult at all.
Let’s turn to transportation systems. We all know that airlines are considerably concerned because someone, in forty-five minutes, with the right equipment, can take down a hundred-million-dollar aircraft without any trouble.
Railroads are vulnerable, too. We know that people derail trains for the hell of it. Incidents have happened where people have derailed trains containing toxic chemicals. But now, the systems are more computerized. There is more information available, if you know the system, about what is going where, and we are transporting increasingly hazardous materials. You can carefully map the national route of a train carrying toxic chemicals.
Telecommunications are a concern, too. In 1988, at one site in Chicago, one fire took out all of our long-distance communications. At the time, at Argonne National Lab, there were something like ten cellular phones on the site, and if you wanted to call anywhere in the country outside Chicago, you had to use a cellular phone. One small fire did that. In 1990, one bug at one station caused 114 long-distance switches to go out. This is very frightening. One person could inject a virus into the 911 system in a major urban complex in the United States to prevent all emergency calls—no fire, no police response, nothing.
As far as financial systems are concerned, we are increasingly dependent on centralized computers for providing all the goodies we enjoy. Smart cards are increasing: four hundred and fifty million will be in use by 2005. Thus, even dollar bills will be replaced by pieces of plastic that hackers love to get into.
Our water systems are complex, too. We have the best water/sewage system in the world; no other country comes close. Water flows constantly and continuously because people can find out where the pumps are, where the valves are, where the lines are. But it’s easy to introduce material into that system.
Infrastructure, then, is very vulnerable, easy to get to, easy to mess with.
Second, we have better technology for messing it up. We presume that certain events will occur on a regular basis, and we can plan around them. We know about the financial risk of earthquakes, hurricanes, tornadoes, and floods. We handle them very well, as a nation, better than most nations. We also know about human error. “Total Quality Management” consists of predicting what people will do wrong and managing situations to have them come out right. By designing a plan we can do a magnificent job of decreasing the number of weak links in a given system.
But this is what is hard: when someone decides to screw up a system, either by physical damage or, increasingly, by meddling via communications and computer systems, it can be easily done. A very small number of players can take down a 747. Now, people know how easy it was to get the fertilizer and diesel fuel to blow up the Federal Building in Oklahoma City.
A Japanese religious group finds out how to make nerve gas. Fortunately for the Japanese, they were really lousy terrorists. The net result was that they didn’t kill anywhere near as many people as they could have. Only eleven died, and about 5,500 were injured. Why look at this incident? Can you imagine what would have been the case if they had been really good at terror?
There is a lot of concern over nuclear terrorism. But it’s hard to make a bomb. To do that, you’re going to expose yourself to radiation, and there will be materials flying all over the place that can be detected with proper tools; it’s difficult to do. It takes a lot of money to make an atomic weapon. In contrast, it is trivial to make chemical gases. It is trivial to make chemical poisons. It is trivial to get your hands on significant biological weapons. This is much more of a threat than anything involving nuclear material.
As far as toxins are concerned, there are simple synthetic processes that can be found in any number of handbooks from your local medical library. Toxins can kill lots of people. Books will tell you how to make nerve gas and other toxins. The information is there. Some things you can mail-order, and they’ll arrive at your house by Federal Express. Tell a company you’re an investigator, and they will send you anything you want, without any constraints.
Let’s turn to biologics. People like to talk about how much botulism toxin placed in a certain pond will kill how many millions of people. But if you put botulism toxin into a water system, within two seconds it becomes glop. It’s a protein that loses its activity when diluted in large amounts of water. But we now have biotechnology as a tool, and I think it’s only a matter of a few years before we can make perfectly stable, infinitely dilutable, botulism toxin. Once you have done it, the technology for making the toxin is trivial. Anybody can do it.
Nuclear material is even easier to get and is widely available. For example, I was recently in an ex-Iron Curtain nuclear installation, and I happened to see through an open door what I recognized as a vault con-taining what looked like two or three cans full of plutonium. I said to my host, “Is that plutonium?” He said, “Yes.” I said, “Where are the locks and security system protecting it?” He said, “Oh, we don’t really have locks. In the past our security consisted of the following: if the KGB even thought you were thinking about laying a finger on a can of plutonium, you were gone.” The problem, now, is in the former Soviet Union, where the nuclear scientists are poor. The one I saw had no soles in his shoes; he had no money for soles. A nuclear engineer who has no soles in his shoes just might decide to move some plutonium.
The weapon of choice for a lot of terrorists is cyber. These are some frightening numbers. Almost every top Fortune 500 company reports that its computer networks have been successfully attacked. Forty percent of the companies have incurred costs of over half a million dollars because of intrusion; eighteen percent saw costs of more than one million dollars. One agency tested how easy it was to break into specified computer systems. They found that eighty-six percent could be easily penetrated by the use of shared networks.
It’s becoming considerably easier to be a hacker. There are tools available, almost off the shelf, for someone who wants to get into databases or the computer control systems for refineries, electrical power generation facilities, or shipping guides. You get on the Internet and find bulletin boards and newsgroups that will tell you how to get into the systems. It’s very, very difficult for us to prevent that.
We are lagging way behind in our ability to defend infrastructure. Most of the time, quickly after a weapon is introduced, the anti-weapon is also introduced. Machine guns, ballistic missiles—for every weapon there is an anti-weapon. Most of the time, the kinetics of development of both are closely linked. Most of the time, in thinking about security, we think about walls, fences, security guards, monitors, and concrete shells. But a lot of major nodes in American infrastructure are unprotected. For reasons I mentioned earlier, most of the people are involved in infrastructure in order to make money. They aren’t going to put in the money and duplication to harden the systems.
What instrumentation do we have to help us identify threats? How do we find these very inexpensive biologic and chemical weapons? The answer is that we don’t find them very easily. The best detecting is still not quick enough. Locally, detection equipment costs ten or fifteen thousand dollars. That means most major municipal areas have neither the people to train nor the equipment to test for chemical or biological agents.
This quote comes from the FBI: “A select group of ten hackers within ninety days could bring this country to its knees.” That brings me to a true story. About twenty years ago, there was a large company that made consumer products. They said to one of the foremost computer jockeys in the world, “You crack our computer system, you get into our most secure systems, you have a year to do it, and we’ll pay your salary for a year.” About two weeks later, he was seen at a hardware store buying shells to use during the hunting season. He was asked, “Why aren’t you hard at work?” He said he was already done. He spent the remaining fifty weeks drinking Jack Daniels and hunting.
That fall, after fifty weeks of hunting game and two weeks of work, there was the company meeting, and he was there. He said, “Let me now show you, gentlemen, what your product line is for the next ten years.” He just emptied out the bank—everything on the line for the next ten years. “And, if you like that, folks, let me show you all the salaries of all your senior executives, every bonus they’ve ever received, both those that are on record and those that are not.” After he did all this, there were tears and sweating, and they offered him the job of being the computer security guy for the company. He said, “No!” and walked out. They fired their own computer expert.
This is to show you what happened to this Fortune 500 company. There are a lot of people who like doing this type of thing. Computer hackers find joy in going to databases and screwing them up—the cyber equivalent of climbing Mt. Everest. They’re almost unstoppable. There are a lot of them; they’re bright, and they enjoy the challenge of getting into very, very complex systems.
A lot of things can be done to protect computers. But no thing is infallible. We also find that only about two percent of penetrations are detected, and of these only five percent are reported. This is because a company is not going to advertise to anyone that their computer system can be cracked. Most of the time, things like this are not reported. In 1985, of about 250,000 attacks on unclassified computers, the success rate of penetration was sixty percent.
At Argonne National Laboratory, we are doing research and development to try to bring infrastructure -protection up to the same level as that for countering tanks and machine guns in World War I. We have to prevent the attacks, mitigate their effects, respond to incidents, and get the infrastructure systems to recover as quickly as possible.
Argonne is working on a system that might allow us to find specific biological and chemical weapons using a technology that looks similar to the kind of chip technology found in computers. The difficulty with biological and chemical weapons is as follows: a biologic weapon that is exceedingly toxic to people and animals looks remarkably, to a chemist, like a simple pesticide. The difference is not very great. Chemically, it’s hard to make that distinction between pesticides and chemical weapons. It’s very, very difficult to distinguish between natural E. coli that lives in our gut and E. coli that has been genetically engineered to contain a toxin gene. This particular technology allows the next step in making that distinction. It’s about a year or two years away from being first tested.
We need a lot of work in cyber systems, but not a lot is going on. We need it in a lot of different areas. It is important that we do this not just on a technology level but on a systems level. We need to assess where our systems are vulnerable and how. We need to determine how to manage risk effectively. We need to have better ways to respond. We need to share information across all the various agencies and organizations, public and private, that would be involved in any disaster involving infrastructure.
The present administration recognizes that and is interested in infrastructure insurance. They would like to see a national infrastructure research program developed. They recognize that this will take joint efforts by the most knowledgeable, thoughtful people from all sectors—academe, government, and the private sector— with any interest in infrastructure.
We can’t find any well-formed, organized group interested in trying to attack any particular piece of infrastructure. But we recognize that vulnerability is increasing. For a really good attack on infrastructure, you don’t need a really good conspiracy. All it takes is a few people with the right knowledge. If someone wants to get into the business, it can be done.
Especially in a democracy, we cannot easily protect ourselves. This is a very open society. If you are an open society, like most of Europe also is, you can be prey. There’s not a lot you can do about it. The crazies are out there. The best you can do is try to figure out what they have when they have it and try to recover from what they do when they do it. The systems are vulnerable. It’s only a matter of time.
 |
 |
 |