Focus 580; Black Ice: the Invisible Threat of Cyber-terrorism

Here in this part of focus 580 we'll be talking about the threat of cyber terrorism. And our guest for the program is Dan Burton. He's a senior writer and veteran investigative reporter with Computerworld magazine. And we'll be talking about some of what you'll find in a recently published book titled Black ice the invisible threat of cyber terrorism. Let me just read to you a paragraph here to start us off to kind of introduce the idea. He writes in the introduction to his book All the things that we take for granted in our everyday lives such as electricity telephone and internet service. The Nine one one emergency system air traffic control systems banks and ATF machines credit card systems real time financial market transactions waterways and railroads hospitals and critical lifesaving medical equipment. A large percentage of the Pentagon's National defense capabilities and a host of other so-called critical infrastructures rely on computers and computer networks for their management and continued operation and increasingly these networks are becoming more connected and more dependent on each

other creating a situation where a failure in one network can cause cascading failures throughout many other networks. It's a system that he argues is quite vulnerable to attack and that is what we'll be talking about here this morning. He has written thousands of stories on computer security national security national defense topics for a variety of publications. He is also a former intelligence officer in the U.S. Marine Corps. And he's joining us by phone as we talk. Questions are welcome as always. 3 3 3 9 4 5 5 we also have a toll free line that's good anywhere. You can hear us. So if you would be a long distance call use that number that has 800 to 2 2 9 4 5 5 and the local number here 3 3 3 9 4 5 5 at any point. If you have questions you should feel welcome to call Mr. Burton. Hello. Good morning. Thanks very much for talking with us. Thank you. We appreciate it. I guess I'd like to start this way because you also in the introduction write that a cyber terrorism may

be one of the most misunderstood and misused terms ever to come out of the information age. Right. So I guess that maybe we should start with a definition if indeed it's misunderstood misused. What is cyber terrorism. Well cyber terrorism generally speaking most people think of cyberterrorism as somebody sitting behind a computer terminal for example and launching some sort of attack over the Internet. While that is true while a cyber terrorist attack can come in that form in other words you can you can potentially manipulate the levels of chlorine in tricky water and make it toxic by hacking into a water systems network. Cyber terrorism is also a very physical phenomenon that a lot of people have not thought about. In other words you can physically destroy through traditional terrorist attacks critical cyber infrastructures that power our economy or that our critical infrastructures that are key to public safety. And you can have the same sorts of impact that you would sitting behind a computer system and doing

something over the Internet. So my argument is that the reason it's so misunderstood and misuse is that most security experts have not thought about the physical traditional terrorist attack and where it fits into this overall scheme of cyber terrorism. I think you also as far as just the way that people think about terrorism you say you know we think about terrorism particularly big dramatic events we think about right. Oklahoma City we think about 9 11 but that we don't really think about this or particularly the way that cyber terrorism could be paired with a more this more conventional kind of terrorism and that could create a result that perhaps would be more devastating great either of those two things if they were done in isolation. Right. And you know that really stems from. The picture that we all have in our minds when we think of groups like al Qaeda you know the first picture that comes to our mind when we when we think about Osama bin Laden and al Qaeda is this mindless horde of thugs who are

living in a cave somewhere in Afghanistan but we don't think about not only this smaller cadre of individuals who are very technologically advanced and sophisticated who we know are working on behalf of al Qaeda. We don't think about the laptop computers that we found in those caves. When we started the war on terrorism that contained detailed information on the computer networks and systems that control dams and waterways and the electric power grid in the United States. And we don't think about the young people around the world who are not only being radicalized to a certain extent by groups like al Qaeda but are also being taught mathematics computer science and engineering. So today for threat while to a certain extent it does look like that group of mindless thugs that are sitting in a cave in Afghanistan. Tomorrow's threat may look very different and may be capable in different ways. But we need to think of it in those terms in the very first chapter of the book you create

a scenario and. I wonder if you could give me a reduced kind of sketch of what she plausible based on what we know based on the information that we have a kind of a plausible scenario of the kind of terrorist attack that you are thinking about than you're encouraging her to consider. Well let me give you example it's even even more recent and some of the information that I base my scenario on in my book which is the August 14th blackout one of the key scenarios that most government leaders are very concerned about is this combination of physical traditional terrorist attacks combined with a cyber terrorist attack Seoul for example. If you were to have a cyber attack that targeted some of the key infrastructures like the electric power grid for example which we know have multiple avenues of approach and a connection to the public Internet you could

potentially take down letter power throughout a more applied state region such as what we saw on August 14th and also what actually an exercise that might be titled My book is based on. Called black ice proved it is possible. You can then from that point on go ahead and physically target in other words you have destroyed through the bombing or some other method. Key telecommunications facilities. So what you have now is you have this massive blackout. Lots of electric power that's not only causing economic damage but it's also causing some chaos fear and confusion among the general population and you can follow that up quickly with your traditional style terrorist attack so what we saw in August 14th the perfect example where you've you've got people coalescing on the streets of major cities or being stuck in subway systems. They are basically sitting ducks for your traditional style terrorist attacks. Everybody realizes and knows. Could be could happen here in United States.

But when you when you've got that cyber element thrown into the mix where you're disrupting communications. Now you've got mass casualty. He attacks where the government and emergency services can't necessarily respond as effectively and efficiently because they can't communicate. You've got a situation where information is not getting out. Where is the cascading effect that you mentioned in the setup for this interview where electric power and causing the failure in the telecom system the telecommunications system ends up causing failures in not only government services and emergency services operations but also in the banking system in that region in the financial areas in that region and we saw in August 14th for example that electric power also has implications for drinking water. There are you know waterways and wastewater treatment facilities that depend on electric power for all these operate so you have one infrastructure failure. Skidding out of control and it could come in the form of a physical attack or in a cyber disruption. So that's the really the scenario that

the government is most concerned about because you know this whole this whole nexus of physicals traditional terrorist attacks and cyber terrorist attacks create the very situation that terrorists would love to be able to create which is which is this uncertainty fear and doubt that they can take advantage of. You know I'm sure that the problem is magnified by the fact that these all these elements of infrastructure that we depend on they're not secret they're out there right out there in the open. And I'm sure have minimal security if any. Well getting better I mean security certainly getting better but you're absolutely right that the genie is out of the bottle. One of the things that I document in black ice is. You know the amount of information that's available about our critical infrastructures that's available on the Internet. You know you name it and you can find it basically on the Internet and you know all these groups they've proven you know al Qaeda has proven that for years they've been studying these things and we found that that evidence on

various laptops that we've confiscated when we not only went to Afghanistan but also in other places around the world so they have been actively studying collecting intelligence on all these things we call critical infrastructures. Let me introduce again the quickly our guest We're talking with Dan Burton. He's a senior writer and investigative reporter with Computerworld magazine. If you're interested in reading on this subject he has a new book out that's titled Black ice the invisible threat of cyber terrorism and it is published by McGraw Hill and should be out there in the bookstores if you're interested in reading and questions are welcome. 3 3 3 9 4 5 5 toll free 800 to 2 2 9 4 5 5. Perhaps you could talk a little bit more about black ice the the operation that the title of the book comes from. Yeah it's very interesting in that you know the scenario I just painted for you is actually a scenario that was the centerpiece of an

exercise called. What I said took place a couple years ago in the Pacific Northwest region of the country. Various government agencies the private sector and three Kadian provinces up there in the Pacific Northwest all got together and created this exercise that they code named black ice and they used it to basically you know practice their response to this major sort of terrorist attack that combines physical attacks with cyber attacks and the results are really startling and very scary because the scenario was not only based around the at that time the Winter Olympics were taking place in Salt Lake City. So they wanted to be prepared for any major sort of attacks that took place when thousands and thousands of people were flowing into the region. They also asked the actual owners and operators of all of these private infrastructures which is another key point by the way that you know all these things we're talking about are not defended by the government. They're owned and operated and defended by private companies

which is you know another another issue that needs to be dealt with. But they asked all these private companies to come in and give them their worst case scenarios that worst fears in terms of security and they thought the scenario for the exercise around those four spheres and the results were that a five state region in the Pacific northwest of the country including three Canadian provinces lost electric power for several months. Due to a combined physical and cyber terrorist attack on critical infrastructures telecommunications found the internet failed. The emergency services were more hampered significantly and the end result was that they showed that all of these various private companies that owned the electric power grids that own the waterways natural gas systems telecommunications facilities all these companies they demonstrated at best a surface level understanding of how they depended on other infrastructures and how other infrastructures depended on

their companies and their facilities. And so you know the lesson the bottomline lesson is that they really didn't quite understand how to get all these infrastructures back up and running at the same time and you know whenever you have a power outage that lasts more than a month and in some cases where we were looking at several months outage you got mass chaos and some in some major urban areas you've got. That will not recover. They will go out of business for you know for good. And there you have massive massive economic damage so that's just one example of how of how you know bad it can get. I suppose some people would say that that kind of scenario would ask this question given the fact that to do that you would have to have a terrorist organization that was reasonably good size that had that level of technical expertise that was very well organized. And as far as the terrorists are concerned when they were carrying out what it is they wanted to do that everything would have to go the way they expect and the way they would

want. How likely what is the probability of actually all of that coming together to result in as again as far as the terrorists are concerned. A successful attack of that magnitude. Well again you're absolutely right that there's this. This is whole you know equation that has to be met and that is you know in terms of intent and capability have to be there. And also we're talking about a situation where probably individuals have to be here present in the United States but that the key point is here is when you combine a physical and terrorist cyber terrorist attack is that you only have to have a small portion of the infrastructure terrorist infrastructure here in the United States to carry out the physical portion of my report. It can be carried out from anywhere on the globe and so that's that's a key a key point to keep in mind. And the reason that's so important is because you know Al-Qaeda while it's while would be very difficult for anybody to go and claim that they can find an al Qaeda sophisticated al-Qaeda hacker in

within the ranks about hate although they are there I document that Al-Qaeda also has various support infrastructures all over the globe where these this type of capability is present and out of work Russian nuclear scientists out of work Russian intelligence agents in Malaysia where there's a major upswing in cyber crime and support for groups like al Qaeda and in various other areas such as the Pakistani intelligence services so they can they can actually go out and hire this talent to do some of the work for them. But you know getting the terrorists here in the states is it's probably not. The difficult part is you you know everybody has learned through recent news on border control on airline security but you know they're probably already here. So you know that's really not the showstopper for them. You know they only have to have a few cells you know one of two cells they're able to identify the proper A key facilities and knows that they can attack physically and

the rest can be done through a side to side or means and you know there you have the this combined cocktail if you will one of the things that you mentioned a couple moments ago why this is a difficult thing to deal with is that there are kind of two levels you got to work on there's the level of the federal government but there's also the level of private industry because so much of this intra infrastructure is owned by private companies that either want to maintain a certain kind of openness or in the way that they do business that that's important for them to have a certain kind of openness. And for them obviously there's a bottom line that they have to consider. Security can be expensive and they're going to they're going to try to figure out what's the what's the way that they can do the best to meet the need but do it with spending the least amount of money. Right. Is that the case. Do you think that is the case that private business is not taking this the this the possibility of this kind of attack seriously enough.

Well but you know they were right after 9/11 like everybody else. They weren't taking it seriously. Unfortunately we seem to have a very short memory span in this country and right now you know I've actually had people comment to me that September 11 seemed so far in the past. And so there's been this sort of backing off of security and it's a you know it's quite disturbing for me I don't know why we would. You know just over two years now down the road and we were still you know thinking that the threat is gone it's not like no longer exists. But you're absolutely right this is this is unprecedented in American history that such key facilities and infrastructures that we depend on not only for economic viability but for public safety applications as well are in the hands of private companies and the government can no longer defend us on their own from these sorts of attacks. And you're absolutely right when you say the private sector has some financial concerns in terms of deciding how much they can afford to do

protect against. But they're also very much they've been very much lobbying the government over the last several years to you know take a hands off approach in other words not to inforce not to enforce any sort of regulatory controls. But the private sector to force security on them because you're right they want to they want to be able to do business in new ways and use the technology at the vailable. And because they don't see an imminent threat because they don't necessarily see a massive sort of attack coming they think if they can get away with that and they're not investing the money and they're they're succeeding in lobbying the government to not impose any new regulations and unfortunately the general consensus is that it's going to take a nother major event of some sort. Maybe not on the scale of 9/11 but certainly you know from an economic perspective maybe something approaching that very devastating sort of series of events that will force some sort of legislation or regulation on the private sector.

And that's the dangerous part because because they're not doing anything proactively they may end up being forced to accept some regulations that they don't necessarily like and they may you know they it might be better for them to go ahead and take the lead and be proactive in this in a sense rather than wait for something to happen and unfortunately I think it's going to be you know. The latter the going away for something to happen. We're going to take that we're going to something here that the 50 weeks out of the year that we do the show we never do. We're going to take a short break and I hope Dan you would mind holding on for just a second because we're coming near the end of our fall fundraising week and it's really important. We want it in just mentioned folks once again just how important their financial support is to the station. If we're going to make the goal that we've set for ourselves for just this week a hundred fifty thousand dollars we need to have a big finish to the week. So oil like to remind you again that we have folks waiting to take that call. If you're not a financial

supporter of the station it's very very important because over time the money the tax based sources of funding have continued to erode and we expect that that's just the way it's going to be in the future. And they were thinking about a different way of approaching this whole matter of funding public broadcasting relying to a greater and greater degree on listeners 2 4 4 9 4 5 5 is the number to call to make a pledge. If you haven't we hope that you will do that. And we have been talking. We talk all the time about challenges. We have a couple going this morning and I think we have even a new one sometimes gets all confusing. We'll see if we can make it as clear as possible. Jack Brighton former producer occasional host on the show is here in studio with me and I think also joining us in pledge Central is Dave teal. He is the program director for W. ILO TV. Right now it's been a flurry of activity this morning given I think people are realizing oh it's friday. I haven't called yet I've been meaning to do that all week so now is the last day that we'll be

talking to you on focus on video about supporting the show. The station the service etc. so don't wait. Don't miss out. Get in on the flurry of action by making your pledge call to 1 7 is the area code 2 4 4 9 4 5 5. And David Theall we do have I guess three challenges going right now and I think two of those are really very close to being met. Where do we stand. Yes indeed we have. We had a challenge we've been working on all morning from a couple in Champagne who will add $250 to our pledge total when we hear from 100 pledges by noon. There was a second challenge from another couple in Champaign. It was adding $10 to every pledge this morning again. Well up until noon up to a total of $1000 now we're about I believe six calls away six calls away from retiring those. But we have a new one and this is specifically for focus this is a another champagne couple champagne is very good to us who are loyal focused listeners and believe so

strongly in the variety of topics that focus brings them each week they will add two hundred fifty dollars to their annual contribution when we hear from 25 more callers. So right now the next you know half a dozen callers or so will help us to meet three different challenges and you know realize it adds about 25 bucks to each pledge that comes in because of all of the combination of these challenges. If you haven't done it yet folks you know it's a good show you listen to the show. It's an important program that we do here we've invested a lot of effort into it over the years we've been doing the show for two 22 years or something like that. And in fact we're talking about cyberterrorism this morning. Not a pleasant topic but you know what. It's really important and we've been covering this issue actually way before 9/11 we were covering issues really relating to international security terrorism weapons of mass destruction Iraq we're talk about Afghanistan talking about Islam talking about United States foreign policy all these issues we've been covering in that for years and it's the kind of show where we can really do a good job of doing

that and get you the perspective that you need to understand what's going on so if this is kind of thing that you think ought to be on the air then help keep us on the air with your pledge call 2 1 7 2 4 4 9 4 5 5. All right thank you very much Dave and Jack and we will talk a little bit more at the end of the program. I'd like to introduce Again our guest for this hour Dan Burton he's a senior writer and veteran investigative reporter with Computerworld magazine in Washington D.C. and has written many stories on computer security and national defense topics and national security he's also a former intelligence officer in the U.S. Marine Corps and is the author of a recently published book exploring this issue that we're talking about here this morning. So if you'd like to read more you can look for the book it's titled Black ice the invisible threat of cyber terrorism and the publisher on this book is an oz born which is an imprint of McGraw Hill. I'm sure if you just go out there to the bookstore and look for black

ice you will be able to find it. Questions on this program too are welcome 3 3 3 9 4 5 5 toll free 800 2 2 0 9 4 5 5. One of the things that happened I think right after 9/11 was there was a great concern voiced about how much information about infrastructure was easily available in the public domain and and through the Internet. So right after that there started to be a number of restrictions put in place that information that was available before suddenly now was not. Right. And there was a lot of concern voiced by people who are worried about the issue of free exchange of information. Journalists were concerned. I think scientists and researchers were concerned. And the question was raised as well. Ken is it possible that will go too far in the direction of restricting information and not have the kind of free exchange for information that we think is important and

have become used to. And I guess that's the big question is Where do you draw that line between having something be classified and closed and. Writing something to be easily available. Well you know sometimes it's not as difficult as you might think. Let me give you some examples that I outline in the book that really are kind of no brainers as far as I can tell but right after 9/11 as you said there was this massive scrub of websites all over the country to determine whether or not we were giving the people who were trying to kill us a little too much information to help them in that effort. And one of my sources is a former CIA psychological profiler who now works for a security firm in Manhattan and some of the largest firms in Manhattan came to him and and asked him to perform a basically a scrub of their websites to find out to what extent the information that was available made them targets of al Qaeda and some of the information he found was just mind blowing he found

for example the load bearing capacities of elevators and major office buildings in Manhattan. He found the locations in maps and things of other nature things of other nature and of all air conditioning ventilation systems for major office building so you can imagine somebody who might have been planning a an anthrax sort of attack of some sort. Being able to find the location of the air conditioning vents and stuff and stuff like that. He found the numbers of people working in any one building at any any given time. He found banking facilities that. Advertise basically the al Qaeda bank accounts that they had frozen on behalf of the US government that were available but available on the Internet. And he also found websites that had basically support for issues such as globalization which we know from past experience has been an issue that has motivated certain portions of the al-Qaeda network to target individuals for attacks.

So there was a lot of information that had absolutely no business value to the businesses that were posting it that was available online. And it really did nothing but make them more of an easy a soft target if you will. Now you're absolutely right that there's a sponsor has to be struck because there is certain information that the public has a right to know and a need to know. For example one of the things that I document is the interactive maps of all of the locations for spent nuclear fuel in the United States. And I found these maps on the Internet that were published by the Department of Energy. And you know the argument goes that obviously neighborhoods and communities around the country have a right to know where you know sensitive sort of. Cities are located such as chemical processing facilities and these nuclear waste storage facilities because they want to know people want to know that you know if their children are in danger of their communities and drinking water are in danger. So they have a right to know that information but by posting this on the internet for so many years we now are

providing this sort of this tool for the for our enemies around the world that would make it that much easier for them to find this particular area or to target this material so on the one hand we you know we do need to have the information out there on the other hand we need to you know ensure that we're not giving too much detail that would enable somebody who's trying to do us harm to use it as a as an attack tool. We have a caller to bring into the conversation let's do that then the listeners in champagne. Online number one. Well hello good morning and I have four comments. How why is that. I haven't read the book by the way. I'm a 67 year old woman with three boys and I have my question is how can we help in a personal way. We have all kinds of challenges personal and professional. And that's my question how can we help in a practical way. How hung up of the year can you tell us.

Well I think it. That's an excellent question I guess we've talked about what we might do on the level of government and we've talked about what might be done and the level of private business. But the listener raises this question well as. Is there something that an individual citizen can do or do. It's really a great question and in fact it's a question that is really not getting enough attention in my opinion. One of the things that the average person can do is when he or she goes and buys a new computer for home use for example and they move to these things such as cable modems and broadband DSL connections that help them surf the web faster. These are systems that become targets of people who are trying to do more malicious things to other portions of the Internet because they're not protected so they become targets where an attacker can take over that computer and use that computer to attack other portions of the infrastructure rather than going directly to them. And one of the reasons they do that is because it's. Able they're able to hide their tracks

they're able to conceal their tracks on the Internet. And you know guess who the FBI comes looking for. When they finally do the first search you know where the attack came from they come from that they go to the computer owner where the attack seems to have come from but meanwhile it's really kind of from somebody who's sitting in another country somewhere so one of the key things that home users can do in a very practical sense is then ensure that they have the proper security software the proper anti-virus software and maybe even a personal firewall device that prevents their computer from being broken into and used to attack other computers. And that's just think that's the kind of continual advice that people get with their using the Internet. Just terrorism aside because there are there are viruses out there. There are people who are interested in hacking. There there's all sorts of issues like that and this just seems to be common sense that you should have some kind of protection right before you know about my going to be on the Internet.

My point is that everybody is somebody else's weakest point because we're all interconnected we're all using the same infrastructure and if I don't take the proper steps to make sure my computer secure somebody potentially could come and make use my computer to attack somebody else and I that point I'm just part of the prom. The link we certainly know that even before September 11th there were people who were trying to wave the flag of the Webb flag and say look we're vulnerable to various kinds of attack. We should think about this. It's a problem. So then when September 11th came that everybody was shocked. Some people were shocked. And then we started thinking seriously about those issues then as time as you say has someone you knew said Gosh it seems like such a long time ago interest it initially peaked. It was everything anybody could think about or talk about. Then you got to kind of get back to your your life. And so the interest sort of trailed off. This is again this is the issue of cyber

terrorism. It's something that has been on the you know on the agenda it's been discussed for some time. I guess I wonder too to what extent on the federal government level people are actually addressing this and thinking seriously about it and perhaps going going beyond just talking about it. Well they're trying to do quite a lot. Fortunately Here's where the problem comes in. You know one of my good sources for this book was Richard Clarke who is the former. Presidential advisor for cyber security and that the nation's first basically cyber security czar. He was also the former national coordinator for counterterrorism So he was there throughout three administrations. He just left earlier this year left government service but when he left a lot of other individuals left and so went a lot of corporate knowledge if you will an experience and a lot of credibility. Now we've got a whole crop of new individuals who are taking over the Cyber

Security Division at Department of Homeland Security. New blood not necessarily tested or trusted by the private sector which we've just determined owns and operates all these things we're trying to protect. So I think the jury is still out as to what they can or will try to do. You know right now they are trying to form this partnership between the government and the private companies that own the things that we depend upon for our day to day lives and the trying to ensure that proper information is shared on incidents and on pending incidents things that are indications and warning sorts of things that we that we missed prior to 9/11 so they're trying to form. Partnership but there is still this very high level of distrust between the private sector and the government. The private companies that we're talking about are very nervous that the information they share on proprietary and you know proprietary data from their companies will not be protected by the government from inadvertent disclosure. So you know they

there are very much nervous that some of their trade secrets might end up getting out to competitors and others around the world and so there's this hesitancy. It's their reluctance to share the proper information with the government and this is where this this challenge I mentioned earlier comes in where I Do we have to regulate this. Do we have to legislate it force them to do it. Or do we continue with this you know sort of ad hoc voluntary structure we've got in place. So there's movement. We just don't know if it's going to move fast enough before the next incident occurs. You mention that one of your important sources for the book was Richard Clarke who is the former chairman of the president's Critical Infrastructure Protection Board senior adviser for cyber security he's the cyber czar is is there. Is there someone in that position now is who is the new is the current cyber czar. Well I want to. Hard to say. There is nobody like Richard Clarke in the current administration because Richard Clarke was a

senior member of the National Security Council who had to direct ear of the president. There is no longer somebody other than Tom Ridge who's got a direct line got a direct line to the president. And this is where the problem comes in when Richard Clarke left and you know my sources tell me he left for a number of reasons one of which was that he saw his position in the cyber security critical infrastructure protection arena arena being watered down. And that's exactly what has happened. They have an individual who is now responsible for cyber security throughout both the government and private sectors that is at least four to five levels beneath Tom Ridge. In this overall new Department of Homeland Security that is very. Very much you know way out of the out of the ballpark in terms of getting information to the president. It's like playing a game of telephone you know who knows whether his advice and this is an individual who really knows what he's doing is name is. I mean you're on the former executive for Samantha cooperation. He really understands the issues but

there's this big question hanging over body head whether or not he will be able to get the right information to the people who make the decisions because he's so far down in the structure so that you know therein lies the challenge there's nobody covering cyber security critical infrastructure protection that has a direct your the president other than Tom Ridge and Tom Ridge quite frankly is just too senior to really understand all the details of this issue. We have about five minutes left in this part of focus. Denver is our guest he's a senior writer for Computerworld magazine authored a book Black Ice invisible threat of cyber terrorism someone of the call real quick here. If you have a question we'll get you on but don't wait until the very end of the program. 3 3 3 9 4 5 5 toll free 800 2 2 2 9 4 5 5. You talked about the fact that we that we are aware that terrorist organizations like al Qaeda are interested in exploiting this this possibility. And also we're told periodic only when the question of Homeland Security is raised we're told by the government says

well you know we're doing things that you don't hear about. And and occasionally you hear news about a third potential attack. Do we know if in fact the people have tried to have it have attempted things like cyber terrorism or that they've been caught before they could actually do it. Well we certainly know that there have been incidents that if they had been successful may have risen to the level of cyber terrorism. For example we know that there have been incidents of juveniles who have been able to hack into air traffic control systems that have been able to knock out power to critical air traffic control facilities who have been able to overload emergency NINE ONE ONE systems using the Internet so that important emergency calls couldn't get through. And we also know that recently somebody a group of individuals hacked into the California power grid for 12 days undetected. And we don't know if they were juveniles who didn't quite understand what they had

gotten into or if they were more sophisticated individuals who were doing some sort of reconnaissance or intelligence gathering but they were there for you know 12 days undetected and there's an example of how they could have made a very already bad situation out in California in terms of the stability of the power grid much worse. So we needed to know that that's happening and one last point I'd like to make is that if we if we learn anything from this let's go away from. This discussion understanding that there has been and this is something I document individuals within al-Qaeda who have been sent to electronics training and I guess how it is owned by a solid blonde in Pakistan and they have been turned away from this electronics training because they did not have degrees in engineering. So here's an organization that we think of as mindless hordes Majlis horde of thugs who is turning away their own members from electronics training because they're not degreed engineers. So this is a very technologically sophisticated organization that

we underestimate at our own peril. We have just couple of minutes we have two calls we'll try to get it at least one if not two. Urbana first one one. Hello. Yeah I want to point out that people like that people out of certain organizations like global security dot org. I defend the armchair reading here. The MIT dot com. You know what you're saying. Marcus Raynham. Who walks over networks for the White House even went so far to say he wouldn't be until 20 years before cyber warfare could pose a substantial danger and I would kind of alluded to earlier in the conversation I just want to put some names to it but I want. I had a question and since there are plenty of organizations who are against the government I'm on different different many different policies

excluding environmental groups racist groups extremist political groups wouldn't we see home grown attacks long before we see these foreign based attacks. Absolutely yeah it's a great that's a great question to actually in the opening fictional scenario that I give in my book I actually include a portion of this attack I attribute to a homegrown organization that as you mention is certainly disses much against our government as other international terrorist groups so the one thing they would have to do. Kate it might not have is insider access to key facilities and key systems that control things like the power grid and other things so you're absolutely right that is certainly a possibility and very few. Very few energy companies these days do detail background investigations of their employees who have access to these key facilities and infrastructures. So that's definitely a possibility and one quick note that I'll say regarding some of the folks who have as you

say pooh poohed this whole notion is that my whole my whole point is that we need to think differently. After 9/11 one of the things that we missed prior to 9/11 was the fact that al-Qaeda was for eight years prior to that trying to use commercial airliners as precision strike weapons. And we for some reason were surprised by 9/11. My point is let's not do that in the cyber Oma at this point. All right well we're going to have to stop there I'm sure that we can get back to the subject and we'll get back to the subject in future but for right now we need to leave it. First of all with our thanks to Dan Burton. He's a senior writer a veteran investigative reporter with Computerworld magazine in Washington D.C. and author of the book Black ice the invisible threat of cyber terrorism published by morning which is division of grow health. Mr. Burton thanks very much for thank you very much for having me.