According to articles on ZDNet and ABC, NSA chief Admiral Mike Rogers said in testimony before the US House Intelligence Committee that China and probably one or two other countries could shut down critical computer networks that could force U.S. power and water grids, aviation systems and financial systems offline.
Let that sink in for a minute.
The reason this is possible is that over the last 10 years, all of these industries have moved their communications from private networks or unnetworked to the Internet without much thought about security – only about cost and convenience. And, as I have often said, when security comes up against cost, security almost always loses.
On top of that bomb, Rogers said that it is a matter of when, not if.
Although the details of all of this are classified, what has come out is that most of the critical infrastructure has been infected with malware and if or when that malware is activated, the poop is going to hit the rotating air movement device.
AND, at this point, there is no reasonable way to undo the damage. It will take decades of work to fix the decades of poor security practices.
Let’s hope we stay relatively friendly with those nations.
Of course, the thing that Admiral Rogers did not say is that we can likely do the same thing to them, so we have the cold war all over again – mutually assured destruction.
EXCEPT, that other countries – like China – are probably way less sophisticated in how they network their critical infrastructure (CI), so taking that CI down requires much more sophistication. Let’s hope we can do that and declare a stalemate.
I do have to give Admiral Rogers credit for admitting what we in the security community have known about privately for years. It does take cojones.