It was a wacky week, as this summer of our discontent neared the Labor Day finale. But watching the responses to the two separate crises left me wondering how prepared we are for a really serious attack on the cyber-infrastructure.
When the juice got cut, the electricity blackout was treated as a national emergency. This was fitting and proper, and power returned within 24 hours. What's more, in the aftermath of the blackout, state and federal executives promised steps to upgrade the grid in order to prevent a reoccurrence.
The response to the MSBlast Internet worm was more problematic. Something along the lines of a bad hair day: unsightly but not urgent enough to get exceptionally bent out of shape. (Unless, of course, you were numbered among its unhappy victims.)
President Bush was understandably too busy playing horseshoes out at the Crawford ranch to break away from his summer vacation routine. But how do you explain the silence at the U.S. Department of Homeland Security? Not a peep was heard out of the department until Aug. 14, a full three days after press began circulating that something big was afoot.
How do you explain the silence at the U.S. Department of Homeland Security?
The resulting chaos and downtime was very real and should have been enough to set off alarm bells in the upper reaches of the U.S. government. After all, it makes no difference whether the author was a mischievous hacker or a more serious no-goodnik. But why the powers that be still don't get particularly exercised by cyberattacks remains a mystery.
The folks in government who are supposed to worry about this sort of stuff have done a lot of talking since computer worms and viruses became a regular part of the computing landscape. Maybe the hired help in Washington, D.C., would get more fully engaged if Osama bin Laden emerged from his cave to declare open season on the infidels' cybernetworks.
If they somehow need more immediate incentive, they should consider the recent revelation that the "Slammer" worm hit a nuclear plant near Lake Erie this past January. So far, there's no indication the worm put the plant's safety in danger--though it did shut down its monitoring system for almost five hours.
Microsoft has a legitimate beef, in that Windows does not get shipped out to customers with a timer rigged to open the system to Internet worms.
But that avoids the core issue: whether you believe this was a one-off example or a more troubling harbinger. When the Clinton administration published the results of a six-month study of power grid cybersecurity in 1997, the insouciant conclusion was that electronic intrusion posed "an emerging, but still relatively minor, threat."
Would Uncle Sam still reach the same conclusion today? I doubt it.