Ted Koppel, anchor of ABC TV’s “Nightline” for 25 years, from 1980-2005, is the author of “Lights Out,” which argues that not only is the nation’s critical infrastructure at grave risk of a catastrophic cyber attack that could leave as much as a third of the nation without electricity for months or even a year, but that there is no government plan to respond to such an attack.
[ ALSO ON CSO:Read our review of the book and if the industry agrees with Koppel]
科佩尔上周早些时候发表了简短讲话与民间社会组织对这些问题:
What kind of feedback on your book are you getting from information security professionals? Do they think you’ve overstated the risk or not?
如果他们这样做,我没有听到他们呢。但我不知道,所有的消息都得到通过,因为我在巡回售书活动。那第一个迹象是在芝加哥今天,当电力公司的前任CEO说,他不认为我是对的SCADA(监控和数据采集)系统的脆弱性。但在本书中,一个CEO告诉我同样的事情,但后来给我打电话说他错了。
根据你的结论 - 即三分之一或更多的国家可能被削弱了几个月甚至一年以上由执行良好的网络攻击 - 这是否使最近的核对付伊朗至少在一定程度无关?谁需要核武器,如果在笔记本电脑上敲几下键盘可以尽可能多或更多的伤害呢?
Frankly it’s not even the fact that it’s a few keystrokes. It’s the anonymity of the person delivering the keystrokes. I wouldn’t say nuclear negotiations are irrelevant, but the Iranians know they don’t have to come after us with a nuclear device. That’s an exchange they would lose anyway. Cyber is an arena where we are more vulnerable than any country. And you can’t respond if you don’t know who attacked you.
年代hould the U.S. put more of a priority on negotiating cyber agreements than nuclear agreements with hostile nations like Iran and North Korea?
I’m not sure what a cyber agreement is going to accomplish. What is the point of having agreements if an attack is not verifiable? We shouldn’t trust because we can’t verify.
[ ALSO ON CSO:Kaspersky: ‘A very bad incident’ awaits critical infrastructure]
在最近的一次采访查理·罗斯,他问,如果美国有造成像俄罗斯,中国,伊朗和朝鲜对手的基础设施造成更多的伤害比他们可能对我们造成的能力。你说这是一个“公平的说法”?在每个对手都有消灭对方的能力这是否量更现代版的“恐怖平衡”?
It does not. For MAD (Mutual Assured Destruction) to work, you have to know where the attack is coming from, and the party attacking you has to be sure that the response is going to be worse than the attack. I’ve heard that Russia has placed people into positions all around the world to cover the origin of a cyberattack. How in heaven’s name are you ever going to prove where it came from? You can’t retaliate if you don’t know where it came from?
Did you interview penetration testers who have experience in the electric generation/transmission sector for this book?
No, I did not.
你写的它的成本,以对抗EMP(电磁脉冲)攻击强化我们的防御是一个估计为$ 2十亿。这不是即使在数万亿美元预算舍入误差。为什么会有对它产生耐药性?
这些东西一般要付出的成本比原先估计多。但是,让我们说,对保护环境管理计划,并制定了食品和其他物资每个成本$ 100十亿仓库。我们有这个不是非常有效的机构,其中人据称守护着我们的机场和航班的访问,并且已经花费$ 100十亿。然而,在测试今年春天,95%的假炸弹和武器的打通。
I think it goes back to what Tom Ridge (first secretary of Homeland Security) said: “We are not a preemptive democracy. We are a reactive one.”
[ ALSO ON CSO:How ‘Power fingerprint’ could improve security for ICS/SCADA systems]
Do you think the U.S. Senate’s recent passage of the Cybersecurity Information Sharing Act will lead to the kind of threat information sharing needed to reduce the risks to our critical infrastructure?
CISA is not worth the paper it’s printed on. Private industry is worried about privacy, therefore (before it shared any information) the power industry would be allowed to scrub it of any privacy concerns. Then, the DHS (Department of Homeland Security) could scrub it again before they hand it over to the NSA (National Security Agency). That could take months. In an environment in which milliseconds count, what’s the point?
Do you think those privacy concerns are justified, given the, as you put it, “radioactivity” of the NSA after revelations of its data collection?
I think the radioactivity is misplaced in an era when companies like Google and Apple gather material on us to sell it to other parties. I’m less concerned about the NSA having my private info than Russia or North Korea.
你会推荐大家做你做了什么 - 购买和储存几个月值得食物和水的几个为自己和家人?
I don’t want to present myself as the solution to the problem. But my theory is that those who can afford to take care of themselves for a couple of months ought to do it, and the government should take care of those who can’t afford it.
This story, "Ted Koppel discusses the inevitable cyberattack on U.S. infrastructure" was originally published byCSO .