If a cyber 9/11 were to occur, the most likely targets will be industrial control systems that operate the nation's electric grid and other critical infrastructure. And chances are it won't be initially noticed, partly because the IP address of the attacker will originate in the U.S., two top experts told a Senate Judiciary subpanel today. "There are no networks in the U.,S. that haven’t been broken into and in many cases you can break into the equipment and break that," former NSA and DHS official Stewart Baker told the Senate Judiciary subpanel on crime and terrorism.
From that perspective, the most likely scenario for a cyber 9/11 to take place is an attack on critical infrastructure where true equipment damage occurs. "The real risk is that the attacker can hack into industrial control systems and hack into power systems, pipelines" and other essential systems, Baker said.
"I don’t think the first attack, if it’s truly remote will be noticed…it will come from an IP address in the U.S.," Kevin Mandia, CEO of security firm Mandiant said, noting the propensity of attackers to route through vulnerable U.S. systems. "Almost every single attack we currently respond to there are hop points in the U.S." But, even the best devised cyber attack is not a sure thing. "Even from the attacker's perspective, the results will be unpredictable," Mandia said.
Mandatory cybersecurity requirements for critical infrastructure helps boost security, Mandia said. "It has been my experience if there is a standard imposed on your industry, the cybersecurity is better." Even then, though, threats get through. "When it comes to critical infrastructure, the majority of cybersecurity programs [Mandiant has been called in to examine] were mature…but they were still breached."
The hearing, aimed at examining law enforcement and private sector response to cyber threats, follows the introduction yesterday of a bi-partisan Senate bill, the Deter Cyber Theft Act, which requires the Director of National Intelligence to produce an annual report listing foreign countries who conduct cyber-espionage in the U.S. Both Mandia and Baker clearly identified China as the top foreign country engaging in cyber spying and other activities, with Russia a very distant second. "China is the reason my company doubles in size every year," Mandia said.