Nothing seemed out of the ordinary the morning Massoud Amin stood before top U.S. officials warning about the threat of catastrophic attacks. But the meeting, held less than a mile from the Pentagon, was cut short when cell phones and beepers rattled with news that two planes had hit the World Trade Center towers , one had hit the Pentagon and another was missing. Amin, director of the University of Minnesota Technological Leadership Institute (TLI), immediately worried about the nationâÄôs electrical, cyber and energy infrastructure, all of which could have been the next victims. âÄúA determined, multi-pronged attack on these systems can cause many troubles for our nation,âÄù he said, âÄúan economic impact as well as on our security and quality of life.âÄù More than eight years after 9/11, the amount and severity of cyber attacks âÄî incidents that can leave their victims defenseless against further modes of attack âÄî have risen dramatically, prompting the approval of a new Master of Science in Security Technologies (MSST) program slated to begin this summer. Amin, director of MSST, designed the 14-month program, aimed at preparing future business leaders, policy makers and public health, science and technology professionals to carry out the grave responsibility of protecting national infrastructure. âÄúWeâÄôve been pushing in this area for close to 12 years now,âÄù Amin said, âÄúand we still have a long way to go.âÄù âÄòWe are all connectedâÄô Societies have become increasingly dependent upon networks of critical infrastructure âÄî energy, the electricity grid, cyber communication, finance, transportation and others âÄî thatâÄôs underlying interdependence makes countries like the United States more vulnerable to massive attacks. If one part of the nationâÄôs infrastructure goes unprotected, that vulnerability quickly cascades into the other networks, putting every individual at risk, Amin said. âÄúWe are all connected,âÄù he said. âÄúWhether itâÄôs sneezing when we have a flu and propagating it to everybody in the room or whether itâÄôs our computers.âÄù Scott Borg , director and chief economist of the U.S. Cyber Consequences Unit , a nonprofit research institute that informs the government about cyber attack hazards, said this type of attack opens the door to a whole realm of attack possibilities, such as the entire âÄúshut downâÄù of a country due to a massive power outage. Such a power outage would have little economic impact for the first three days, but after eight to 10 days, 70 percent of all economic activity would come to a halt, he said. âÄúWe have a lot of things that cause us to lose sleep,âÄù he said. Attacks on the nationâÄôs cyber networks, including viruses, information theft and hijacking of controls, have been on the rise for the past 15 years, Amin said. In 1990, Congress issued a report on terroristsâÄô ability to sabotage critical power networks, rendering the nation âÄúvulnerable to saboteurs with explosives or just high-powered rifles.âÄù A late 1997 report issued by the Clinton administration stressed the need to develop security measures for the complex, interactive networks. At the time, experts identified eight areas of critical infrastructure. That number has since risen to 18, each of which will be examined in the MSST program, Amin said. In 2001, there were about 30,000 attempts per day to penetrate vital U.S. government Web sites, such as the Federal Bureau of Investigation and Central Intelligence Agency , Amin said. By 2003, that number had risen to over 80,000. TodayâÄôs average is substantially larger but canâÄôt be revealed out of consideration for national security, he said. The July attack on United States and South Korean government sites, including U.S. agencies responsible for monitoring cyber crime, was a reminder of national vulnerability and proof of the underlying linkage of those private sites, Amin said. A few months before the attack, the Government Accountability Office released a report on nearly 17,000 threats or attacks on federal sites in 2008, which is three times that of 2006. âÄúThe number of cyber attacks has increased, the speed has increased and the severity of the successful ones has increased,âÄù Amin said. Perpetrators of such attacks range from disgruntled employees and computer hackers to foreign governments or domestic and foreign terrorists with a plot to cause sweeping harm. The dependence on information technology renders the United States vulnerable to physical forms of attack âÄî such as radiological bombs, aerosol anthrax dispersal or bombings using large vehicles or explosive vests âÄî if the countryâÄôs vital communication networks are disabled, Amin said. âÄúItâÄôs not just the cyber information leakage,âÄù he said, âÄúitâÄôs a multi-hazard, multi-prong attack that we worry about, whether itâÄôs a combination of cyber, physical together with biological, radiological or chemical weapons.âÄù In nearly all modern conflicts, physical attacks are made possible through cyber attacks, Borg said. If an enemy wanted to damage an American refinery, for example, it would be very difficult to do so with a physical attack alone, he said. âÄúBut with an appropriate cyber attack, the attackers could have their names added to the list of people to be given access into the facility,âÄù he said. âÄúTheir counterfeit badges would be read by the scanners as credentials giving them priority treatment. They could drive in with full teams of assistants and equipment.âÄù A protected U Like any large organization, the University of Minnesota is not immune to cyber attacks. While it has yet to suffer a crippling attack, the issue âÄúseems like itâÄôs getting more difficult all the time,âÄù Ken Hanna , Information Technology Manager in the Office of Information Technology , said. Given that the University is such a large network âÄî there are about 60,000 to 70,000 computers on campus âÄî itâÄôs constantly a target, Hanna said. The implications of a successful attack on the University are far and wide. For students, it can mean having to re-install a computer operating system. For the institution, it can mean having private data stolen or the entire network becoming unavailable, Hanna said. OIT takes several measures to protect against cyber attacks, and students play an important role, Hanna said. In residence halls, for example, they canâÄôt get on the network unless they install free Symantec AntiVirus software. Although this tends to help, Hanna said, âÄúcomputers in the residence halls come from all over the world, and some are already infected when they get here.âÄù Various spam filters constantly weed out potential spam or viral e-mails. About 80 percent of e-mails that come to the University are rejected before theyâÄôre read, Hanna said. Most importantly, students must make sure their computers have the appropriate âÄúpatches,âÄù software designed to fix security issues and improve performance, he said. Password protection is key, Alok Gupta , professor in the Carlson School of Management and future MSST professor, said. Human mistakes, such as choosing an obvious password or posting it where others can see, are responsible for over 76 percent of successful cyber attacks, he said. Gupta said itâÄôs important to learn how to manage the risk of attacks before they occur. âÄúNothing that is connected to a network is completely secure,âÄù he said. âÄúThe only secure computer is one that is locked up and never turned on.âÄù Solutions for the future The idea behind the MSST program is to bring together experts from a number of different disciplines that wouldnâÄôt normally communicate, Jeff Bender , director of UniversityâÄôs Center for Animal Health and Food Safety and future MSST professor, said. Despite being long overdue, the program provides an important collaborative approach to finding solutions. âÄúWeâÄôve got food science, epidemiologists and public policy folks coming together to develop a program in an area that unfortunately, in this day and age, we really need to develop,âÄù he said. The program, a division of the TLI, will include professors from the UniversityâÄôs Institute of Technology , Carlson School, the Humphrey Institute of Public Affairs , the Law School and the School of Public Health , among others. With the program, approved by the Board of Regents earlier this year, Amin intends to build upon his concept of âÄúself-healingâÄù infrastructure, grids of sensors that would monitor the precursors to attacks and include multiple layers of defense, rather than leaving critical infrastructure exposed. If the United States could break the grid into separate sections and allow them to operate independently, that would greatly reduce the harm from an attack, Borg said. âÄúIf we have a greater diversity of generation facilities, then weâÄôre less vulnerable to scalable cyber attacks,âÄù he said. The 9/11 Commission cited a âÄúfailure of imaginationâÄù as one of the root causes of that disaster. Amin said he agrees, and urges the nation to envision possibilities, rather than simply focus on the obvious. âÄúInstead of being reactive,âÄù he said, âÄúWe need to create a proactive culture that is strategically preparing for these things.âÄù
Threat of multi-agent attacks on United States increasing, experts warn
Upcoming graduate program will train students to protect national infrastructure.
by Tara Bannow
Published October 6, 2009
0