Report: Cyberattack Could Harm U.S. Infrastructure

WASHINGTON--The country's cybersecurity efforts may not be sufficiently coordinated to protect the United States from an attack on its critical computer systems, a new government report says.

The U.S. General Accounting Office issued a report Monday urging the government to better define the relationships among the 50-plus agencies that currently protect what it calls the country's "cyber critical infrastructure": fundamental national lifelines such as dams, utilities, and communications systems, many of which are increasingly controlled by computers.

"Without a strategy that identifies responsibilities and relationships for all cyber CIP [critical infrastructure protection] efforts, our nation risks not knowing whether we have the appropriate structure to deal with the growing threat of computer-based attacks," the report says.

Homeland Security Evolution

The report comes one week after President Bush outlined a national homeland security strategy. According to Bush's plan, the proposed Department of Homeland Security will develop a cybersecurity plan after the executive branch releases a comprehensive strategy in the next two months.

While the new department would consolidate a number of existing operations, the GAO says the government still needs to bolster communication among its tangle of cybersecurity groups.

"Five or six of these entities are proposed to be moved to the Department of Homeland Security. Forty-six or so of them are not," says Robert Dacey, director of information security issues at the GAO, the investigative arm of Congress.

Ripe for Attack?

The report was requested by Sens. Joseph Lieberman (D-Connecticut) and Robert Bennett (R-Utah) last October. "We have learned from the tragedy on September 11 that our enemies will increasingly strike where they believe we are vulnerable," says Lieberman. "As this report shows, our cyberspace infrastructure is ripe for attack today."

Last fall, Bennett introduced legislation that would create a hub for information about threats to the critical infrastructure. "This report reaffirms our call for information sharing," he says.

Dacey says GAO was pleased by the President's strategy, which classifies new industries--for example, chemical processing and pharmaceuticals--as critical infrastructure components. "The president's plan coming out [last] week is the first document saying these things are a part of our critical infrastructure," Dacey says.

Techno Terrorism

As Congress discusses the creation of a Homeland Security Department, increasing concerns have surfaced about the possibility of strikes against the nation's physical infrastructure using computers. Some experts feel that cyberterrorism will be the next step.

According to Carnagie Mellon's CERT Coordination Center, the number of computer security incidents either caused by a hacker or a virus more than doubled in 2001 from the previous year. And this year's numbers are on a pace to be even greater.