Crammed into a small building in Idaho Falls, Idaho, a group of about 50 cyber security experts and researchers are working around the clock to protect American infrastructure from debilitating attacks.
As The Associated Press reports, much of what goes on at the Idaho National Laboratory, once known as the country’s primary nuclear research facility, isn’t discussed. But what is known is that those who fill the dimmed rooms full of wires, cables, computers, and detection gear are diligently trying to guard against the unthinkable: Attacks on power grids, water treatment facilities, financial institutions, and even traffic lights that could bring large sections of the country to a standstill.
Followed by chaos.
The lab’s director of cybersecurity, Scott Cramer, admits that the task at hand is a difficult one and that the United States is playing catch-up, of sorts. He describes the cybersecurity work as “bolting on” protections for infrastructure control systems that are decades old with the belief that many of them have already been infiltrated by malicious actors — nation-states and non-state actors alike — who are waiting for the time to launch attacks.
“This is no joke — there are vulnerabilities out there,” Cramer told the AP. “We’re pretty much in reaction mode right now.”
That’s not hyperbole. A recently released report from the President’s National Infrastructure Advisory Council lays out a similarly dire warning. After interviewing “dozens of senior leaders and experts” as well as conducting an in-depth review of existing studies and statues, the NIAC “found that existing national plans, response resources, and coordination strategies would be outmatched by a catastrophic power outage,” the report noted.
“This profound risk requires a new national focus,” the council’s report emphasized.
The panel concluded that “significant” action in the public and private sectors is required without delay to both prepare for a catastrophic power grid outage that would last for weeks or months and to recover from such an event.
We’re not just talking about a solar storm here
A large-scale outage — from a cyber attack, an electromagnetic pulse caused from a nuclear detonation or a major solar storm, or other natural disasters — “could leave the large parts of the nation without power for weeks or months, and cause service failures in other sectors…including water and wastewater, communications, transportation, healthcare, and financial services…that are critical to public health and safety and our national and economic security,” the NAIC report found.
Potential natural disasters in addition to solar storms include a large-scale wildfire or massive earthquake, the report found. Acts of war such as direct cyberattack are also possible, as Cramer and his cybersecurity program participants are well aware.
In fact, the risk is so serious that the government is building a much larger facility called the Cybercore Integration Center near the Idaho Falls building that will house 20 labs and 200 workers in 80,000 square feet of space. Another 67,000-square-foot building will house the Collaborative Computing Center featuring one of the country’s fastest and most powerful supercomputers.
Both facilities are expected to cost a combined $85 million. They are scheduled to open in the fall of 2019.
The AP noted:
The lab’s focus is on what are called critical infrastructure control systems, as opposed to cybersecurity systems intended to protect information, such as banking or personal health records.
Cyber workers at the lab are also looking to prevent threats like one that occurred to the controls of a dam in the New York City suburbs in 2013. The Justice Department said seven Iranian hackers gained access to the controls, but they were disconnected at the time because of maintenance.
“The risk posed by a catastrophic power outage, however, is not simply a bigger, stronger storm. It is something that could paralyze entire regions, with grave implications for the nation’s economic and social well-being,” the NIAC report noted.