Information Security News
mailing list archives
Black Ice scenario sheds light on future threats to critical systems
From: William Knowles <wk () c4i org>
Date: Fri, 19 Oct 2001 14:06:25 -0500 (CDT)
By DAN VERTON
October 18, 2001
WASHINGTON -- A little-known exercise held last year to help federal,
state and local officials in Utah prepare for a possible terrorist
attack during the 2002 Winter Olympics may hold some of the most
important lessons for critical-infrastructure protection in the
aftermath of the Sept. 11 terrorist attacks, according to a key
official involved in the exercise.
Next month marks the one-year anniversary of the first regional
critical-infrastructure protection exercise, known as Black Ice.
Sponsored by the Department of Energy (DOE) and the Utah Olympic
Public Safety Command, Black Ice demonstrated in frightening detail
how the effects of a major terrorist attack or natural disaster could
be made significantly worse by a simultaneous cyberattack.
"The terrorists in the Sept. 11 event had the patience to plan [and]
the foresight and the understanding of the infrastructure that could
be used to simultaneously or sequentially disrupt the infrastructure
electronically and that could cause a major regional failure in this
country," said Paula Scalingi, director of the DOE's Critical
Infrastructure Protection Office and a central figure in planning the
exercise. "There's no question that that's doable."
The Energy Department is preparing a report detailing the impact of
the Sept. 11 terrorist attacks in New York on various critical
infrastructure sectors. Despite a few minor differences between the
Black Ice scenario and the actual disaster that unfolded on Sept. 11,
the exercise proved to officials that future terrorist attacks could
be far worse if they include a major cyberdisruption.
The Black Ice scenario takes place on Feb. 14, during the second week
of the Olympics. A major ice storm topples power lines across seven
counties and disrupts microwave communications in the Salt Lake City
area. It also damages the high-voltage bulk transmission lines in
several states, including transmission lines north and south of Salt
The damage to the transmission system isn't extensive, but the ability
to import electricity to the seven-county area is hindered
significantly. The lack of power generation forces authorities to
conduct rolling blackouts.
That's when the Supervisory Control Data Acquisition systems, which
control the power grid, are further damaged by a cyberattack. The
source of the disruption is unknown; it could be a hacker, a
terrorist, an insider or the result of storm damage. Regardless, the
failure begins to ripple throughout the rest of the regional
"Communications were one of the first things to go," said Scalingi.
"What was discovered is that if you have a prolonged power outage that
goes on for several hours, your infrastructure starts to degrade.
Power backup only lasts so long."
And it's not just telecommunications. Water systems rely on electric
power, as does the natural gas industry and the natural gas-powered
electric utilities in the region. Emergency responders struggle
through the chaos that results from Internet outages, cell phone
overload and telephone failures.
"You get the idea," said Scalingi.
The ice storm could easily have been replaced with scenarios of
multiple bombs, hijackings or other physical catastrophes, she said.
The important lesson is that Black Ice showed how interdependent the
various infrastructure systems, including telecommunications,
utilities and banking, are to one another and to the combined effects
of cyber- and physical attacks, she said.
"The infrastructure system providers did not understand the
interdependencies among their systems," Scalingi said. "If you talk to
state and local government and local utilities, they'll tell you they
have great response plans. The problem is, they write them in
One recommendation was to develop a template for private-sector owners
of critical-infrastructure systems to use to identify the various
levels of interdependency among their systems. Utah emergency planners
also proposed developing a secure database to store information
provided by the various infrastructure owners. However, concerns about
the security of proprietary industry data put the project on hold,
said Scalingi. A report on the lessons learned and recommendations on
how to prepare for such disaster was released in May.
The database would have included geographic information system
technology that would have enabled officials to view a graphic
representation of the status of various infrastructure systems and how
they connect, she said. Getting protection from Freedom of Information
Act requests remains a key concern to most infrastructure companies
and a main sticking point in information sharing, said Scalingi.
"It would have been real useful to have that database," she said. "You
have to be able to share information with the other infrastructures.
That's exactly where we need to go in the post-Sept. 11 world."
[ http://www.dtic.mil/ndia/2001wmd/scalingi.pdf ]
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- Black Ice scenario sheds light on future threats to critical systems William Knowles (Oct 19)