Simulated Cyberattack Provides Tips

A little-known exercise held last year to help federal, state, and local officials in Utah prepare for a possible terrorist attack during the 2002 Winter Olympics may hold some of the most important lessons for critical infrastructure protection in the aftermath of the September 11 terrorist attacks, according to a key official involved in the exercise.

November marks the one-year anniversary of the first regional critical infrastructure protection exercise known as Black Ice. Sponsored by the Department of Energy and the Utah Olympic Public Safety Command, Black Ice demonstrated in frightening detail how the effects of a major terrorist attack or natural disaster could be made significantly worse by a simultaneous cyberattack.

"The terrorists in the September 11 event had the patience to plan [and] the foresight and the understanding of the infrastructure that could be used to simultaneously or sequentially disrupt the infrastructure electronically and that could cause a major regional failure in this country," said Paula Scalingi, director of the DOE's Critical Infrastructure Protection Office and a central figure in planning the exercise. "There's no question that that's doable."

The Energy Department is preparing a report detailing the impact of the September 11 terrorist attacks in New York on various critical infrastructure sectors. Despite a few minor differences between the Black Ice scenario and the real-world scenario that unfolded on September 11, the exercise proved to officials that future terrorist attacks could be far worse if they include a major cyberdisruption.

Simulated Crisis

The Black Ice scenario takes place on February 14, during the second week of the Olympics. A major ice storm topples power lines across seven counties and disrupts microwave communications in the Salt Lake City area. It also damages the high-voltage bulk transmission lines in several states, including transmission lines north and south of Salt Lake City.

The damage to the transmission system isn't extensive, but the ability to import electricity to the seven-county area is hindered significantly. The lack of power generation forces authorities to conduct rolling blackouts.

That's when the Supervisory Control Data Acquisition systems, which control the power grid, are further damaged by a cyberattack. The source of the disruption is unknown; it could be a hacker, a terrorist, an insider, or the result of storm damage. Regardless, the failure begins to ripple throughout the rest of the regional infrastructure.

"Communications were one of the first things to go," said Scalingi. "What was discovered is that if you have a prolonged power outage that goes on for several hours, your infrastructure starts to degrade. Power backup only lasts so long."

And it's not just telecommunications. Water systems rely on electric power, as does the natural gas industry and the natural-gas-powered electric utilities in the region. Emergency responders struggle through the chaos that results from Internet outages, cell phone overload, and telephone failures.

"You get the idea," said Scalingi.

Learning, Preparing

The ice storm easily could have been replaced with scenarios of multiple bombs, hijackings, or other physical catastrophes, she said. The important lesson is that Black Ice showed how interdependent the various infrastructure systems, including telecommunications, utilities, and banking, are to one another and to the combined effects of cyber- and physical attacks, she said.

"The infrastructure system providers did not understand the interdependencies among their systems," Scalingi said. "If you talk to state and local government and local utilities, they'll tell you they have great response plans. The problem is, they write them in isolation."

One recommendation was to develop a template for private-sector owners of critical infrastructure systems to use to identify the various levels of interdependency among their systems. Utah emergency planners also proposed developing a secure database to store information provided by the various infrastructure owners. However, concerns about the security of proprietary industry data put the project on hold, said Scalingi. A report on the lessons learned and recommendations on how to prepare for such disaster was released in May.

The database would have included geographic information system technology that would have enabled officials to view a graphic representation of the status of various infrastructure systems and how they connect, she said. Getting protection from Freedom of Information Act requests remains a key concern to most infrastructure companies and a main sticking point in information sharing, said Scalingi.

"It would have been real useful to have that database," she said. "You have to be able to share information with the other infrastructures. That's exactly where we need to go in the post-September 11 world."