'60 Minutes'--Cyberwar: Sabotaging the system

Nothing has ever changed the world as quickly as the Internet.

Less than a decade ago, "60 Minutes" went to the Pentagon to do a story on something called information warfare, or cyberwar as some people called it. It involved using computers and the Internet as weapons.

Much of it was still theory, but we were told that before too long it might be possible for a hacker with a computer to disable critical infrastructure in a major city and disrupt essential services, steal millions of dollars from banks all over the world, infiltrate defense systems, extort millions from public companies, and even sabotage our weapons systems.

Today it's not only possible, all of that has actually happened. And there's a lot more we don't even know about.

It's why President Obama has made cyberwar defense a top national priority and why some people are already saying that the next big war is less likely to begin with a bang than with a blackout.

"Can you imagine your life without electric power?" Ret. Adm. Mike McConnell asked "60 Minutes" correspondent Steve Kroft...

Watch CBS News Videos Online

Read more of "Cyber War: Sabotaging the System" at CBSNews.com.

[C0mmanderB0nd]

Remind me why again any utility control computer system needs to be connected to the internet????

[Lerianis3]

For monitoring from a centralized location and changes from a centralized location as power needs increase and decrease. The fact is that utility control computers do need to be online.... but the passwords should be 512-bit or more with numbers, letters, special characters, etc. out the wazoo and in large numbers.... so many of them, in fact, that NO ONE would be able to guess the password.

[dog0saur]

So Joe the tech can get his email and check his Facebook while sitting at the PC.

[Kasar99]

You have a point.. they've gotten by for decades with their own intranets, some with microwave links or lease lines, some run over 1200 baud simplex, whatever it takes to send a small amount of data to a central server.

I saw one not long ago move from that sort of antiquated system to a full-on fiber network running all Cisco gear, where the $20 hubs in rarely used garages were replaced with equipment closets stacked with gear, and they're all now connected to the world.

In the end, their monitoring and control isn't any more robust or reliable, and now they have to worry about intrusions.

[Super2online]

I watched this last night. It was very informative. We have a long way to go before we can feel secure as a nation from Cyberwar attacks.

[Lerianis3]

We will never feel 'totally secure' from Cyberwar attacks. The fact is that with our world mainly running on Microsoft (it would be the same if we ran mostly on Linux or OSX), it would be VERY EASY to attack computer systems and do some severe damage.

[Super2online]

While I agree we can never let our guard down, we haven't even begun to try in many areas because costs would stiffle the economy of operation. That was what you learned last night if you had watched. However, something will have to be done or we could see power outages in cities vital to defense allowing more severe attacks to be delivered immediately afterwards.

Companies working on this say attacks number in the thousands daily, multiple cities have been taken down for days and all areas of defense have been completely compromised. One attack allowed a foreign country to rob banks simulltaneously worldwide to the tune of 100 million dollars in 24 hours. The problem is immense and very scary.

[iptofar]

I work with control systems and I just don't believe what they are saying is possible. Most of the controls that can damage equipment are contained in a local operating panel that is not accessible by the network and not overrideable. Some of the more advanced systems may be completely computer controlled with adjustable set points but i would like to believe the systems have absolute minimums and likely are not accessible remotely. I keep thinking i might be wrong but it sounds like a bunch of gov't bureaucrats and IT prof. who really know nothing about machinery crying the sky is falling.

[WhistlingPig]

http://catless.ncl.ac.uk/Risks/24.44.html#subj2.1

[icscyberguy]

I also work with control systems. What they say is not only possible, but has already happened numerous times in the US. Control systems that can damage equipment OFTEN are remotely connected to devices such as dial-up modems - have you heard about Aurora? This is not just a new technology problem, it is also a legacy problem. And yes, there have already been several control system cyber incidents in the US that have killed people.

[dog0saur]

Remember the last big blackout in NYC? It wasn't from terrorist, but a squirrel jumping on some branches in the midwest that hit some lines, that cascaded into a major blackout. We are worried about a major terrorist attack, yet we can't protect our aging infrastructure from a squirrel. Maybe AQ is training squirrels in Pakistan as we speak.

[tech_crazy]

Hahaha! Good one!

[ordaj]

And it's not going to get any safer. And that's because the big, entrenched interests are going to keep the money flowing to themselves. They'll lobby, get the contracts, maintain the status quo...and nothing will change.

[Rick Cavaretti]

Why should this change? It's always been this way, look around you at the trouble we face. Money speaks.

[sartor1]

Frankly,
I've been worried about a major power loss here in the upper midwest, during frigid winter months. That really scares me.
(yes, I could get a portable generator.. if I'm really interested in having a safe backup system, but then how long would that last??)

[DragonWizard]

Just how long do you think they would let it stay off and how long before they patch the hole...??? Really....

[SenorFrog]

Even if the power was going to be down for an extended amount of time, the National Guard could, at the very least, open the highways enough for you to travel to a warmer climate in the SW United States. We're a big nation.

[biffhenerson]

The solution is simple. Disconnect the internal network from the external network. Thus no communication is possible. The only access to the internal network would be people. There are any number of ways to identify people, work in teams, monitor activities, checks and double checks, prevent insertion of code or USB keys, etc. The bottom line is that the solutions cost money and they do not want to spend any money cuz the government will not let them raise prices. I hear it all of the time from our network Customers. "knowone would want to hack into our systems. Our company is boring." If only their Customers knew that their vendor doesn't care. You see, these companies may not care that 100,000 charge card numbers are stolen from their system. Hey as long as it wasn't their card number, who cares, right? But their Customers do care and they are making flawed assumptions about the level of service that their vendors are providing. The power company may not care if they go offline. Heck it may make their job exciting for once. But we who subscribe to their service DO care and would be very upset if we lost power for -n- days, weeks, months... So its time for these corporations to step up and do it right. If they choose not, then we the people will have no choice but to step up and take control away from them.

[DragonWizard]

Right.. Revolution.. revolution.. revolution.. I have been hearing that same old tired answer since the 1960's and nobody has busted a grape once.. NOPE.. not even one time.. everytime some NUT does something they get caught and everyone hates their guts except some other NUTS... the only way to change the system is from witin.. The way to BREAK the system is revolution... take over the system and see how long YOU keep the power flowing.. what a LOAD....!!!!

[biffhenerson]

Perhaps you misunderstood me. I am not talking about a revolution by a few nut jobs to take control of open computers, I am talking about the government taking control of "out of control" companies that jepordize our nation. In other words, if corporations dont mind their store, the government (we the people) will have no choice but to take control of their store. Not a rogue group of nut jobs. The nation protecting itself.

The power producers can clean up their act and secure their computer systems. If they don't, we (the government is we) will force them to do so or take the power company away from them and hire people to do it ourselves.

[n3td3v]

"Cyberwar" is just being used so Cybersecurity folks can get funding and be taken seriously. There is no actual real cyber war threat, its just a buzzword to get the big business executives to take Cybersecurity seriously.

The actual threat they want funding for is not Cyberwar related, the Cyberwar story just sounds better as a doomsday scenario, its never going to happen in reality.

The CIA can't even one instance of evidence to back up the claim that Cyberwar attacks _have_ taken place.

All they (The CIA) did was release some press release at a SANS SCADA conference, saying hackers have blackened out cities, but could not give a single instance of evidence, apart from hear say words.

No names of cities, no name of the victim company, no name of hacker group or government responsible, absolutely no evidence the CIA put into the public domain.

So either the CIA should release evidence to backup the claim that hackers have taken out critical infrastructure on a Cyberwar scale or don't mention it again.

We're all waiting for a CIA covert operation though that will carry out a Cyberwar attack on the United States. It's not a matter of *if* the CIA are planning such a false flag op, its just a matter of when they do it.

And the reason they will carry out a covert op, is as I mentioned at the start.

[cnetcamstone]

Call me when this actually happens.

[n3td3v]

It won't happen, the NSA and CIA are monitoring every possible security researcher, security expert on the planet who is remotely interested in computer security and/or computer hacking.

The only time its going to happen if its an inside job by elements of U.S Intelligence.

[gysgtusmc74]

More worried about what Maobama and his commie czars are going to do to this country than any cyberattack.............our treasury has never been fleeced this hard this fast ever...........

[SenorFrog]

Our treasury hasn't existed for years...decades. Just a bunch of IOUs from Congress and an Archie magazine left by the guard.

[Loki gamer]

dish out long prison sentences 10 years at least

[FF2009]

Cyber threat is very real, indeed. Did you all forgot the attack a few months ago by the Chinese hackers?

[n3td3v]

_Alleged_ chinese hackers, its all hear say western propaganda.

No evidence released to the public domain means the credibility of The CIA and others corrode everytime they make claims about hackers without backing any of it up with publicly released evidence.

[n3td3v]

News just in:

01:59 GMT, Wednesday, 11 November 2009

Major power failures hit Brazil

http://news.bbc.co.uk/1/hi/world/americas/8353878.stm

Conspiracy theories anyone?