The slicing of four fiber optic lines in Silicon Valley yesterday,
along with the recent revelations of hacks against the U.S. electric
grid, underscore the interconnectivity of the digital and physical
worlds and the potential to disrupt daily life through coordinated
attacks.
Authorities in the San Jose area say the deliberate cutting of fiber
optic lines carrying landline, cellular and data streams to tens of
thousands of homes and hundreds of businesses—including two IBM
facilities—in a three-county area in Silicon Valley yesterday afternoon
was an act of vandalism or, perhaps, sabotage. The lines are owned and
operated by AT&T and Sprint, and at least one is leased to Verizon.
"Someone purposely cut these cables," AT&T spokesperson John
Britton told the San Francisco Chronicle. "They didn't have concern for
anyone. We will find who did it."
Voice and data services were restored early Friday morning, according to published reports.
Over the past two weeks, the digital world has been fixated by the
potential impact of digital threats by hackers and malware writers. In
the days leading up to April 1, security experts and vendors were
issuing a steady stream of warnings of widespread Internet disruptions
when the variant of the Conficker.C worm activated. In recent days,
revelations that foreign operatives have hacked the U.S. power grid and
planted malware for future use has struck alarms over the vulnerability
of the country’s critical infrastructure.
"The more we connect these systems to the Internet, the greater the
risk to coordinated attacks," says Pete Lindstrom, research director at
Spire Security.
Since the Sept. 11 terrorist attack eight years ago, the federal
government has acknowledged the potential for mass disruptions to
communications, commerce, emergency services and military operations by
a coordinated attack against physical and logical assets. When the
Nimda worm struck just days after the Sept. 11 attack, federal
officials issued an alert fearing that it was a cyberspace follow-up
strike; the worm was quickly determined not to be connected to 9/11.
In recent years, the Department of Homeland Security has sponsored
Cyber Storm, an annual exercise to test the responsiveness of
government agencies and private sector assets to coordinated attacks.
Many Cyber Storm participants have reported that the government has
significant gaps in command and control of response to such scenarios.
"Physical security of our infrastructure is a tough thing to
provide. It's like trying to put up a fence on our border; there's just
too much opportunity for attack," Lindstrom says.
In his 2003 book Beyond Fear, security evangelist Bruce Schneier—now
the chief security technology officer at BT—described a coordinated
attack, in which a switching station in the Northwest was taken out by
a truck bomb, effectively knocking out telephony and telecommunications
services to much of the Pacific seaboard. Simultaneously, hackers
pounced on digital assets to further disrupt government response
efforts and cause economic disruptions.
There is no evidence that the Silicon Valley incident is the act of
hackers or foreign operatives. And there are no reports of a
coordinated digital attack following the cable breaks. However, the
disruption to phone and data services caused by the incident forced
officials in the three affected counties to deploy additional police,
fire and emergency medical services.
"We're having a more visual presence out there in the field," Sgt.
Don Morrissey, Santa Clara County sheriff's spokesman, told the San
Francisco Chronicle. "We're out there to be the conduit, if you will.
We're trying to bridge that communication gap between emergency
services and citizens."
Following reports of the compromise of the U.S. power grid by
Chinese and Russian spies, the North America Electric Reliability
Corporation issued an advisory to its member organizations warning
against security threats of both a physical and digital nature, as well
as the potential for disruptions caused by intentional and accidental
actions.
“One of the more significant elements of a cyber threat,
contributing to the uniqueness of cyber risk, is the cross-cutting and
horizontal nature of networked technology that provides the means for
an intelligent cyber attacker to impact multiple assets at once, and
from a distance. The majority of reliability risks that challenge the
bulk power system today result in probabilistic failures that can be
studied and accounted for in planning and operating assumptions. For
cyber security, we must recognize the potential for simultaneous loss
of assets and common modal failure in scale in identifying what needs
to be protected. This is why protection planning requires additional,
new thinking on top of sound operating and planning analysis,” wrote
Michael Assante, vice president and chief security officer of NERC.
Some speculate that the cable sabotage may be connected to a labor
dispute between AT&T and the Communication Workers of America,
which authorized a strike against the telecom carrier in March. CWA has
denied that it or its members were involved in the cable incident.
As of this report, repair crews were still working to restore
service. AT&T has issued a $100,000 reward for information leading
to the capture and arrest of the responsible parties.
While the recent U.S. power grid hack and the Silicon Valley cable
sabotage incident are serious incidents, Schneier tells Channel Insider
that such incidents should be put into perspective. He says that more
telecom damage and disruptions are caused by falling trees and errant
backhoe operators than deliberate sabotage. "These reports sound just
like reports after a winter storm in Minnesota. These events rarely
happen and AT&T knows how to repair this. The lesson here is that
it's something not to worry about," Schneier says.
