the CIA “put on the radar” the possibility that there might have been some terrorist tampering.
I heard today the confusion why no one at the Ohio plant did nothing that first hour their were warning signals. We have yet to hear who was manning that plant, why it wasn't averted when it could have been. Who sabtoged Ohio should be the headline!
Washington Post Staff Writer
Thursday, June 27, 2002
One al Qaeda laptop found in Afghanistan, sources said, had made multiple visits to a French site run by the Societé Anonyme, or Anonymous Society. The site offers a two-volume online "Sabotage Handbook" with sections on tools of the trade, planning a hit, switch gear and instrumentation, anti-surveillance methods and advanced techniques. In Islamic chat rooms, other computers linked to al Qaeda had access to "cracking" tools used to search out networked computers, scan for security flaws and exploit them to gain entry -- or full command.
Most significantly, perhaps, U.S. investigators have found evidence in the logs that mark a browser's path through the Internet that al Qaeda operators spent time on sites that offer software and programming instructions for the digital switches that run power, water, transport and communications grids. In some interrogations, the most recent of which was reported to policymakers last week, al Qaeda prisoners have described intentions, in general terms, to use those tools.
Specialized digital devices are used by the millions as the brains of American "critical infrastructure" -- a term defined by federal directive to mean industrial sectors that are "essential to the minimum operations of the economy and government."
The devices are called distributed control systems, or DCS, and supervisory control and data acquisition, or SCADA, systems. The simplest ones collect measurements, throw railway switches, close circuit-breakers or adjust valves in the pipes that carry water, oil and gas. More complicated versions sift incoming data, govern multiple devices and cover a broader area.
What is new and dangerous is that most of these devices are now being connected to the Internet -- some of them, according to classified "Red Team" intrusion exercises, in ways that their owners do not suspect.
Because the digital controls were not designed with public access in mind, they typically lack even rudimentary security, having fewer safeguards than the purchase of flowers online. Much of the technical information required to penetrate these systems is widely discussed in the public forums of the affected industries, and specialists said the security flaws are well known to potential attackers.