More attention should be given to this possibility, warns Dr. Jim Kennedy, MRP, MBCI, CBRM, CHS-IV
One of the first principals of warfare is to strike an opponent at their weakest point and today the world’s weakest points are its financial infrastructures and markets and al-Qaeda knows this all too well. In fact, many of the past terrorist attacks have actually targeted financial institutions with the hopes that they could create government instability and prolonged damage to the regions where the attacks took place.
Al-Qaeda’s attacks of the World Trade Center in 1993 and then again on September 11th 2001 succeeded not only in destroying symbols of America’s financial strength but in the latter case actually brought a halt to NY Stock Exchange operations for almost a week: a feat that cost the US economy billions of dollars.
Given the motives and intent of al-Qaeda coupled with the almost daily reporting of security breaches in banks, credit card companies and other financial institutions in the US and across the globe, I believe that a ‘cyber attack’ by al-Qaeda is a very real possibility.
We have all heard or read about the results of cyber attacks on companies and government entities. The CIA has admitted that power plants in Europe have been taken off line by cyber attacks. We have read how one of Europe’s most prestigious financial firms (Société Générale) was hacked and lost more than $7 billion dollars. In fact this hack actually may have been the cause of a financial panic which led the US Federal Reserve to drop interest rates in January of 2008.
So we all know that it is only a matter in time when another hack, due to poor information security management and/or poor business continuity practices could lead to another financial loss. With proper planning, technical knowledge and resources it is an almost certainty.
Now some might question whether terrorist organizations like al-Qaeda have the necessary knowledge of the US financial and banking system or the technical savvy to be capable of pulling off a cyber attack capable of bringing down financial markets and/or institutions.
Let us explore that very point. The 1993 World Trade Center bombing was planned and implemented by Islamic extremists who were educated in mathematics and engineering here in the US and in Europe. Many other al-Qaeda operatives or those who might be recruited in future are educated at prestigious universities and colleges all across the US and the world.
So, the knowledge of financial institutions and systems or technical knowledge of computers and telecommunications is no barrier to terrorist groups.
If you believe that al-Qaeda and its leaders are all hunkered down, isolated in remote areas of the world and cannot mount another attack, think again. The US military may have driven them to remote locations, but with the technology available today they can still effectively communicate with each other and other terror cells all over the world. They could be actively planning a most sophisticated cyber attack on one of the world’s critical financial markets right now.
These plans could include attacks on the stock market or other now very fragile financial markets. Their attacks could be directed to intercept, delay, or corrupt some of the many financial transactions that take place over the sophisticated network of computers interconnected via the Internet. They (terrorist groups) could launch ‘denial of service’ attacks to delay or deny access of credit markets to money needed to keep businesses functioning. They could also break into large credit organizations and eliminate transactions already completed and erase or corrupt databases thereby blocking financial transactions from taking place or being completed. With today’s unstable financial markets any cyber attack that further exacerbates the problem could cause catastrophic consequences. In reality, with financial markets already weakened by the credit crisis, terrorists who desire to do the US harm could inflict economic damage using techniques that would not require any advanced technical skills or financial knowledge (e.g., hack and shut down ATM systems, hack a train system and shutdown passenger operations, shut down a electric power generation plant in mid-winter or etc.).
So who is protecting us? In the US the US Department of the Treasury is the leading government agency tasked with protecting the US financial system. Several agencies within Treasury such as the Secret Service electronic crime task force are responsible for the review of international transactions and investigating fraud and terrorist activities in the financial sector. In the US the FBI is responsible for cyber crime investigation and enforcement. In fact there are over 1100 employees in the FBI’s Cyber Division, but as we all know despite all of this government intervention there continues to be massive increases in the cyber crime rate, especially over the last two years. Now funding and staffing levels for cyber crime enforcement are due to be cut in 2009.
We as corporate or governmental IT security or business continuity experts need to make sure that we are ever vigilant and that we continue to communicate with our organizational leaders so that they have the necessary information to make proper choices for the security and protection of critical and sensitive financial systems and critical infrastructures. Only then will we have given them the tools they need to make an informed decision on whether they want to act now to implement adequate controls and safeguards to protect against risks or to possibly pay later in reparations and lost confidence to those who have placed their trust in them.
About the Author
Dr. Jim Kennedy, MRP, MBCI, CBRM, CHS-IV is the Business Continuity/Security Services Practice lead and a principal consultant for Alcatel-Lucent. Dr. Kennedy has over 30 years' experience in the information security, business continuity and disaster recovery fields. He is the co-author of two books, Blackbook of Corporate Security and Disaster Recovery Planning: An Introduction and author of an e-book, Business Continuity & Disaster Recovery – Conquering the Catastrophic. firstname.lastname@example.org
•Date: 17th March 2009• Region:US •Type: Article •Topic: Terrorism
Rate this article or make a comment - click here