We’ve all read a lot about the potentially devastating impact of a pre-emptive, nation-state backed cyber attack on our critical infrastructure in recent years. Why, it wasn’t more than two weeks ago that Defense Secretary Leon Panetta warned about the dire consequences of a “digital Pearl Harbor.” An “aggressor nation or extremist group,” he warned “could use these kinds of cybertools to gain control of critical switches … [and] derail passenger trains, or even more dangerous, trains loaded with lethal chemicals,” according to a report in Stars and Stripes. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
It’s scary stuff, for sure. But not unprecedented. In fact: anyone on the Eastern Seaboard of the United States can look out their window right now and see a major dry run (more like a wet run) of a massive attack on U.S. critical infrastructure. It’s called “Hurricane Sandy.”
Indeed, this Category 1 hurricane-wrapped-inside-a-‘Noreaster has already surpassed Panetta’s worst Digital Pearl Harbor scenarios: forcing mass evacuations as it swamped parts of lower Manhattan, New Jersey and Delaware, knocking down power lines and plunging hundreds of thousands into darkness and stranding hundreds of thousands of passengers at airports and train stations up and down the East Coast. The storm even forced the official keeper of the Statue of Liberty from the island, after waves swamped his home in the shadow of the famous monument, according to The New York Times.
The real impact of the storm, for businesses, will be felt in the days ahead, as business continuity plans are put to the test. At least one expert warned that companies counting on employees working from home until roads are cleared and public transit lines are operating again in cities like New York and Boston may be disappointed; working from home only works when workers have power and Internet access at their homes – no guarantee in the days ahead.
Once the storm dies down, the federal government’s response to Sandy will be huge, as FEMA and other federal agencies rush in to help state officials respond to the disaster. However: the response to a massive cyber attack is uncertain. In his speech, Mr. Panetta sent the message that the U.S. has the means to figure out who was behind an attack. Figuring out who was targeted, however, may be just as big- and as important a concern. Unlike natural disasters, the victims of a cyber attack can remain nameless if they choose, complicating the government’s response to an attack that will likely span both the public, private and commercial spheres.
Sandy should remind us both of the resiliency of our government and society to disruptions – even large ones. However, it should also get folks within the beltway thinking about all the careful planning that goes into response to a major disaster such as this – all the hard learned lessons from past storms. After they’ve done that, it’s time to think of all the ways that a cyber attack is like a hurricane – and all the ways it isn’t – and preparing to be prepared!