At 03:41 PM 10/21/1997 +0100, Sandy J. Wong wrote on Cyberia-L

Buried in Tuesday's Wall Street Journal was a small three-paragraph article mentioning that the U.S. may be vulnerable to a cyberspace version of the Pearl Harbor attack. A futile suggestion--in my opinion--was made by the President's Commission on Critical Infrastructure Protection spend $1 billion during the next seven years on cyber-security research. that suggestion followed a 15-month study of the nation's critical infrastructures.

The story, in shorter or longer form, has been in most of the major papers. The InfoWar crowd has been lobbying and running conferences about this one for a couple of years, and it sounds like they're making political progress. The longer versions of the articles make the connection between infrastructure risk and the need for encryption to prevent attacks, with various FBI spokecritters talking about how we obviously need FBI access to all communications to ban InfoTerrorists. I've got mixed feelings about it; on one hand it seems like a bunch of Defense Department wonks trying to find a way to keep their jobs now that the world isn't threatened by Commies any more, but on another hand, some of them may have looked at the problem seriously and said "<Expletive deleted>! Disabling the country's critical infrastructure really does look pretty easy! Fixing it is probably our job." The new direction for the electric power industry in California replaces the current monopolies with an Internet-technology-based running auction with buyers and sellers trading electricity in half-hour chunks. I don't think it's out on the open Internet, unless one of the hundreds of players gets careless with computer security, but it's certainly a vulnerability issue. Denial of service attacks are much harder to block than privacy cracks - how secure are the protocols? The regulatory process will probably require revealing most of the information anyway; I doubt we'd end up with anonymous buyers and sellers of power :-) (Actually, anonymity is probably fairly easy; just use corporations instead of remailers to provide your pseudonyms. (This message is brought to you by Californians For A Secure Electrical Infrastructure.)) The recent San Francisco power failure appears to have been sabotage - somebody turned off a bunch of switches around 6am taking out 1/4 of the city's power for 2-3 hours; the papers don't say if it was just that one substation (in which case they should have been able to bring it up much faster) or whether it cascaded to a bunch of the other substations as well. Is it just another disgruntled employee? An organized Ecoterrorist Conspiracy? Or a government provocation to reinforce their report's impact? In either case I'm sure the government will take political advantage of it. Thanks! Bill Bill Stewart, stewarts@ix.netcom.com Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639 [I'm currently having hardware problems with my main email; send Cc: billstewart@att.com if you need to reach me in a hurry.]