Report warns of al-Qaeda's potential cybercapabilities

An obscure report issued Dec. 21 by the Canadian Office of Critical Infrastructure Protection and Emergency Services raises the specter of a possible future cyberattack by agents or sympathizers of Osama bin Laden's al-Qaeda terrorist organization.

The Canadian threat analysis of al-Qaeda's cybercapabilities concludes that although there have been no examples to date of cyberterrorist attacks conducted by al-Qaeda, "Bin Laden's vast financial resources, however, would enable him or his organization to purchase the equipment and expertise required for a cyberattack and mount such an attack in very short order."

In the wake of the Sept. 11 attacks, bin Laden reportedly gave a statement to an editor of an Arab newspaper indicating that "hundreds of Muslim scientists were with him who would use their knowledge ... ranging from computers to electronics against the infidels," according to the Canadian study. If true, the statement suggests that bin Laden may have been planning to use cyberbased attacks against the West at some point in the future, the Canadian study concludes.

Despite bin Laden's use of telecommunications-deprived Afghanistan as his base of operations, the Canadian study doesn't rule out the possibility of al-Qaeda agents or sympathizers in other countries carrying out sophisticated and coordinated cyberattacks against critical infrastructure facilities, such as the U.S. telecommunications grid, electric power facilities and oil and natural gas pipelines.

According to the CIA World Fact Book, Afghanistan's capital of Kabul had only 21,000 main phone lines in use in 1998. In addition, the CIA estimates that there are telecommunication links between the cities of Mazar-e Sharif, Herat, Kandahar, Jalalabad and Kabul through microwave and satellite systems. There are reportedly very few links abroad, however. Bin Laden's agents reportedly go to Peshawar, Pakistan, to maintain phone, fax and modem communication with terrorist cells outside of Afghanistan.

Bin Laden's foot soldiers, such as Ahmed Ressam, who was convicted of attempting to place a bomb at Los Angeles International Airport on Jan. 1, 2000, have stated that they were trained specifically to attack critical infrastructures, including electric power plants, natural gas plants, airports, railroads, large corporations and military installations.

The Canadian assessment comes as government and private sector officials in the U.S. scramble to better understand the interdependencies between the various systems that control critical services. There have been more than a half dozen exercises and conferences held over the past few years focusing exclusively on how physical and cyber attacks against one key infrastructure could have a ripple effect throughout the economy. A cyberattack that cripples key energy facilities, for example, could severely hamper the distribution of natural gas throughout the U.S. and could even lead to cascading failures of the electric power grid and telecommunications systems.

"This is the situation in which there may be a physical attack impacting one or more infrastructures and a simultaneous or subsequent cyberattack, or other type of disruption impacting a key infrastructure," said Paula Scalingi, the former head of the Department of Energy's Critical Infrastructure Protection Office and now president of consulting firm The Scalingi Group in Reston, Va. "Such multiple contingency events could cause a domino effect throughout an entire region, incapacitating interdependent infrastructures and exacerbating attempts to rapidly respond and reconstitute services."

Joe Weiss, technical manager of the Enterprise Infrastructure Security Program at the Electric Power Research Institute, a nonprofit organization in Palo Alto, Calif., said the IT security requirements of the electric power industry have repeatedly fallen on deaf ears throughout the security community.

"The Web sites will be safe but the lights will be out, and water and oil won't flow," said Weiss. "There have been vulnerability assessments done and these important control systems have been shown to be vulnerable. This is not in any way, shape or form hypothetical."

Ron Ross, director of the National Information Assurance Partnership, a Washington-based government-industry consortium led by the National Institute of Standards and Technology and the National Security Agency (NSA), said he agrees with Weiss that there is an education and awareness gap with regard to computer and information security and the potential vulnerabilities in some of the systems and networks that comprise the critical infrastructure.

Although the Sept. 11 attack increased the focus on physical security, "we now have to begin to delve into a variety of areas that need significant attention with regard to computer security," said Ross. The real-time control systems that manage the electric power grid and other energy facilities "are fertile areas for our attention," he said. "In fact, operating system security, both general purpose and real-time, should be a high priority."

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Dan Verton

PC World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?