Government computer systems would be a prime target of terrorist organizations in a coordinated cyber/physical attack, computer crime expert Mark Rasch said in an interview with Investor's Business Daily. Rasch, the former head of the Justice Dept.'s computer crime unit, said he's discovered that Al Qaeda and foreign governments are seeking out hackers to attack computer systems. While a cyberattack in itself is unlikely to create "terror," when coordinated with a physical attack, say on a power plant, the one-two punch could be quite serious. Here are a few of Rasch's comments:
Q: Are terror groups really recruiting hackers?
A: It's not just terror groups but also foreign governments. For example, there are cases where Chechen rebels with hacking skills were being paid to hack into computers in the U.S. and steal money. In other cases, former Eastern bloc intelligence agents with technical skills have been retained by groups because of their hacking skills.
Q: What about cyberattacks that are coordinated with physical ones?
A: These are more serious. Simultaneous physical and electronic attacks impair the ability to respond to a terror attack. If you cripple power to hospitals while casualties are being treated, the result is more terror.
Q: Can groups like al-Qaida pull off simultaneous attacks?
A: We know al-Qaida has recruited people with skill sets to carry out this type of attack. Plans were recovered in Afghanistan that showed al-Qaida wanted to attack networks in the U.S. that controlled so-called SCADA [supervisory control and data acquisition] systems.
Q: How can you defend against such attacks?
A: You want to be taking reasonable precautions to survive attacks like this. You want to have disaster recovery and business continuation (technology) in place. You also want redundant systems (to replace the ones destroyed) and to have a better network of sharing information in the wake of an attack.