Risks of Terrorism to Information Technology and to Critical Interdependent Infrastructures

Abstract

Coupled with the improved economic efficiency that information technology (IT) has generated are the adverse national impacts. A markedly increased reliance on IT and on the Internet has increased the complexity of our information systems because of the added interconnectedness and interdependencies between and among the infrastructures. This reliance has reduced the operational buffer zone in most infrastructures because of the ever-increasing adherence to the “just-in-time” philosophy as a vehicle for cost reduction and efficient operation, and it has enhanced accessibility of would-be terrorists to our telecommunications, defense, banking and financial institutions, as well as to other critical infrastructures.When the operability of IT-based controls and equipment is affected by acts of terrorism, then the performance of critical interdependent infrastructures such as railroads, electric power grids, or oil and gas pipelines is profoundly affected. Such information technology includes supervisory control and data acquisition (SCADA) systems, the global positioning system (GPS), and satellites.A detailed discussion is presented on the SCADA system and its use by railways. Hierarchical holographic modeling (HHM) and control objectives for information and related technology (CobiT) are introduced and used to identify sources of risk to SCADA systems in the railroad sector. The vulnerabilities to terrorist attacks of IT, SCADA, GPS, and satellites are explored. The risk assessment and risk management process is demonstrated on a railway system. In quantifying the probability of an attack, the intent and capabilities of terrorists are used as surrogates. The following terms are defined: vulnerability, threat, risk, intent, and capability.Given the growing interdependency among our critical infrastructures and sectors of the economy, increasing Internet capability and user reliance on it, and on commercial-off-the shelf (COTS) products, SCADA, geographical positioning systems (GPS), and satellites systems, the trade-offs between efficiency (reliance on technology) and reliability, availability, and security may have to be reevaluated, and appropriate risk assessment and management strategies must be developed.