by CSO, Salted Hash – IT security news analysis, over easy!
My instinct is almost always to look at something scary and tell you why there's no real reason to be afraid. But when it comes to malicious insiders working in nuclear power plants, a little fear may be justified.
I bring this up after reading all the reports about how Osama Bin Laden was planning an attack for the 10th anniversary of 9-11. The Department of Homeland Security issued a report that malicious insiders sent by the terrorists may already be on the inside at nuclear and other facilities essential to maintaining our energy supply, in positions of deep responsibility.
And so here we are, on guard like we've been so many times before, with the TV news people telling us to be afraid -- very afraid.
Exhibit A: This ABC report featuring Brian Ross, who is, in my opinion, one of the biggest doom-and-gloom-we're-all-gonna-die reporters out there:
Sabotage by an insider at a major utility facility, including a chemical or oil refinery, could provide al Qaeda with its best opportunity for the kind of massive Sept. 11 anniversary attack Osama bin Laden was planning, according to U.S. officials.
A new intelligence report from the Department of Homeland Security issued Tuesday, titled Insider Threat to Utilities, warns "violent extremists have, in fact, obtained insider positions," and that "outsiders have attempted to solicit utility-sector employees" for damaging physical and cyber attacks.
"Based on the reliable reporting of previous incidents, we have high confidence in our judgment that insiders and their actions pose a significant threat to the infrastructure and information systems of U.S. facilities," the bulletin reads in part. "Past events and reporting also provide high confidence in our judgment that insider information on sites, infrastructure, networks, and personnel is valuable to our adversaries and may increase the impact of any attack on the utilities infrastructure."
By the way, purely by coincidence, I discovered that this report is all the more ominous when you play the song "Making the Bombs" by the Circle Jerks in the background.
I've learned to be skeptical of a lot of things mainstream media reports, because much of what was reported on years ago never came to pass. For example, in the days after Hurricane Katrina in 2005, as New Orleans' lower ninth ward continued to be submerged in putrid water and death, ABC decided it could get a lot of mileage from a series of reports on all the potentially catastrophic threats we face.
One show dealt with what would happen if a nuclear bomb were detonated in a major American city. Another segment focused on a strain of bird flu that was killing people in Cambodia, Vietnam and other nations in that part of the world.
If the virus were to mutate so it could easily pass from human to human, a huge percentage of the global population could be killed off, as happened with the 1918-19 Spanish Flu pandemic, Ross reported. After that report, the world spent the next year on edge as human cases were found elsewhere in the world. Doom was imminent. Modern medicine was ill-equipped to stop it. And then -- nothing.
We did have a flu pandemic in 2009, but it wasn't the bird flu we had been watching for. This was a much milder pandemic.
So here's Ross again, warning that we're in for some potentially nasty stuff. I want to shrug and change the channel as I've learned to do.
But this time, I stop and watch the whole report. And, I find myself taking it very seriously.
Why?
Because I've done a lot of writing about the insider threat in recent years. I've reported on malicious insiders stealing critical intellectual property and selling it to their employer's biggest competitors.
I've seen a lot of smaller cases where disgruntled insiders tampered with computer systems and damaged data.
The insider threat is real.
So when I see reports that potential terrorists may be working inside energy plants with evil intentions, I'm inclined to worry a little more than I normally would.
Not that I'm going to go hide under the living room couch. I wouldn't fit, anyway.
The good news is that the government is on to this potential plot, so a surprise attack is less likely. The bad news is that the government has demonstrated remarkable incompetence in the face of disaster before. I again refer you to Hurricane Katrina.
The greatest opportunity to avert disaster can be found where it usually is, in the private sector.
Now would be a good time for all our critical infrastructure suppliers to keep a sharp eye on the workforce, monitoring for any unusual behavior.
That may not be enough in the end. But we already know these companies have plenty of room for improvement.
This is an excellent opportunity to work on that.
--Bill Brenner
My instinct is almost always to look at something scary and tell you why there's no real reason to be afraid. But when it comes to malicious insiders working in nuclear power plants, a little fear may be justified.
I bring this up after reading all the reports about how Osama Bin Laden was planning an attack for the 10th anniversary of 9-11. The Department of Homeland Security issued a report that malicious insiders sent by the terrorists may already be on the inside at nuclear and other facilities essential to maintaining our energy supply, in positions of deep responsibility.
And so here we are, on guard like we've been so many times before, with the TV news people telling us to be afraid -- very afraid.
Exhibit A: This ABC report featuring Brian Ross, who is, in my opinion, one of the biggest doom-and-gloom-we're-all-gonna-die reporters out there:
Sabotage by an insider at a major utility facility, including a chemical or oil refinery, could provide al Qaeda with its best opportunity for the kind of massive Sept. 11 anniversary attack Osama bin Laden was planning, according to U.S. officials.
A new intelligence report from the Department of Homeland Security issued Tuesday, titled Insider Threat to Utilities, warns "violent extremists have, in fact, obtained insider positions," and that "outsiders have attempted to solicit utility-sector employees" for damaging physical and cyber attacks.
"Based on the reliable reporting of previous incidents, we have high confidence in our judgment that insiders and their actions pose a significant threat to the infrastructure and information systems of U.S. facilities," the bulletin reads in part. "Past events and reporting also provide high confidence in our judgment that insider information on sites, infrastructure, networks, and personnel is valuable to our adversaries and may increase the impact of any attack on the utilities infrastructure."
By the way, purely by coincidence, I discovered that this report is all the more ominous when you play the song "Making the Bombs" by the Circle Jerks in the background.
I've learned to be skeptical of a lot of things mainstream media reports, because much of what was reported on years ago never came to pass. For example, in the days after Hurricane Katrina in 2005, as New Orleans' lower ninth ward continued to be submerged in putrid water and death, ABC decided it could get a lot of mileage from a series of reports on all the potentially catastrophic threats we face.
One show dealt with what would happen if a nuclear bomb were detonated in a major American city. Another segment focused on a strain of bird flu that was killing people in Cambodia, Vietnam and other nations in that part of the world.
If the virus were to mutate so it could easily pass from human to human, a huge percentage of the global population could be killed off, as happened with the 1918-19 Spanish Flu pandemic, Ross reported. After that report, the world spent the next year on edge as human cases were found elsewhere in the world. Doom was imminent. Modern medicine was ill-equipped to stop it. And then -- nothing.
We did have a flu pandemic in 2009, but it wasn't the bird flu we had been watching for. This was a much milder pandemic.
So here's Ross again, warning that we're in for some potentially nasty stuff. I want to shrug and change the channel as I've learned to do.
But this time, I stop and watch the whole report. And, I find myself taking it very seriously.
Why?
Because I've done a lot of writing about the insider threat in recent years. I've reported on malicious insiders stealing critical intellectual property and selling it to their employer's biggest competitors.
I've seen a lot of smaller cases where disgruntled insiders tampered with computer systems and damaged data.
The insider threat is real.
So when I see reports that potential terrorists may be working inside energy plants with evil intentions, I'm inclined to worry a little more than I normally would.
Not that I'm going to go hide under the living room couch. I wouldn't fit, anyway.
The good news is that the government is on to this potential plot, so a surprise attack is less likely. The bad news is that the government has demonstrated remarkable incompetence in the face of disaster before. I again refer you to Hurricane Katrina.
The greatest opportunity to avert disaster can be found where it usually is, in the private sector.
Now would be a good time for all our critical infrastructure suppliers to keep a sharp eye on the workforce, monitoring for any unusual behavior.
That may not be enough in the end. But we already know these companies have plenty of room for improvement.
This is an excellent opportunity to work on that.
--Bill Brenner
No comments:
Post a Comment