President Trump’s National Infrastructure Advisory Council (NIAC) releases a report to the U.S. National Security Council (NSC) warning of an imminent 9/11 level cyber attack crippling the United States. The NIAC advises the President of the United States on the security of information systems in transportation, energy, emergency government services, banking, finance, and manufacturing. The report released by the Department of Homeland Security’s (DHS) website states, “There is a narrow and fleeting window of opportunity before a watershed, 9/11-level cyber attack to organize effectively and take bold action.”
The National Security Council (NSC) requested the report from the NIAC in support of Presidential Executive Order 13800. In May of 2017, global level cyber attacks occurred as a result of a malicious ransomware hack.
The forty-five-page report addressed the inabilities of the U.S. Government and private sector companies to handle a large-scale cyber-terrorist attack with 11 recommendations.
The NIAC interviewed 38 cyber security experts and reviewed hundreds of studies to analyze the capability of the U.S. Government to prevent and respond to debilitating cyber attacks on critical infrastructure.
The NIAC fully believes the U.S. Government has the available means to prevent and perform well during a national emergency resulting from a cyber attack on critical infrastructure. However, the NIAC states that the U.S. Government and private companies effectiveness to combat a widespread cyber attack is severely hampered by several mitigating reasons.
The NIAC lists those dire reasons as being,
Private sector knowledge of these capabilities and incentives to use them is limited. Access is hindered by multiple legal and administrative constraints. Government capabilities are scattered across a wide swath of agencies, departments, and their subunits—a complicated labyrinth comparatively few can navigate effectively. Classification of essential threat information can delay and hinder coordinated response.
An action item recommended for the U.S. Department of Energy (DOE), U.S. Department of Homeland Security(DHS), Office of the Director of National Intelligence (ODNI), NSC, and the Strategic Infrastructure
Coordinating Council (SICC) was the development of what is termed a “dark fiber” communications network for national crisis situations.
The report states, “the U.S. Electricity Sector consists of over 3,300 facilities—a mix of publicly- and privately-owned businesses or municipalities—responsible for the generation, transmission, and distribution of electricity throughout the country. These systems are all interconnected, and a disruption in one small utility can potentially cascade into a widespread and long-term outage.”
The NIAC report cited a cyber attack on the electrical power grid in the Ukraine as a poignant reason for concern.
Such an cyber attack on the U.S. electrical power grid has the potential to create fatal scenarios for millions of Americans in cold environments during the winter, or in hot environments during summertime heat-waves. It would also adversely affect public mass transit systems, and the ability of hospitals to provide health care adequately for those requiring medical care.
The BBC is currently reporting that “operations have been cancelled after hospitals and GP practices run by NHS Lanarkshire were hit by a cyber-attack” in Glasgow, Scotland. A spokesperson for the hospital is advising potential patients that they may be turned away if their health problem is not deemed an urgent emergency.
The Scientific American interviewed grid cyber-security expert Robert M. Lee. Lee is the CEO of Dragos, Inc., an industrial cyber-security firm. Lee told the Scientific American,
Now, the scary side of it is [twofold]. One, our adversaries are getting much more aggressive. They’re learning a lot about our industrial systems, not just from a computer technology standpoint but from an industrial engineering standpoint, thinking about how to disrupt or maybe even destroy equipment. That’s where you start reaching some particularly alarming scenarios.
Lee also cited the lack of man power to perform manual operations on industrial systems as a concern.
The NIAC has been in the news frequently the last few weeks, as several members have resigned. The resignations resulted from the members developing concerns over President Donald Trump’s ability to govern.
The NIAC was formed in October 2001 by President George W. Bush, following the 9/11 terrorist attacks.
[Featured Image by Carolyn Kaster/AP Images]