Verizon's chief technology officer surveyed a flooded major switching facility in lower Manhattan and put it bluntly: "There is nothing working here. Quite frankly, this is wider than the impacts of 9/11." Damage from Sandy is estimated to reach $20 billion, and interrupted phone service is among the least of it. Flooding in New York's century-old subway system is without parallel. Bridges and roads, homes and businesses have been destroyed. Days after the storm, many businesses remain closed, their employees out of work. And tens of thousands are suffering -- cold and in the dark.
Storms and floods are not the only infrastructure threats that invoke comparisons to 9/11. Secretary of Defense Leon Panetta made headlines recently when he noted that the economic consequences of a successful cyber attack on our financial system, electric grid, or other infrastructure could dwarf the economic consequences of 9/11. Actually, this wasn't news. Former Director of National Intelligence Mike McConnell had said the same thing five years earlier. They're both right. And the consequences of that kind of attack might not be merely financial. A cyber attack causing an explosion at a chemical plant, for example, could cause grievous loss of life.
This is not fantasy. We know we can blow up an electric generator using nothing but a keyboard and a mouse. Water systems have been polluted using a laptop. Centrifuges in nuclear plants have been physically destroyed with software. In August, a computer virus called "Shmoon" wiped all the information off 30,000 computers at Saudi Arabian Oil Co. The virus came from Iran. Today, half a dozen U.S. banks are under attack, almost certainly also from Iran. We know our electric grid is being probed from abroad.
Who's paying attention?
The Senate can't pass even watered down legislation that would simply require that critical infrastructure sectors develop their own security standards. In early August a bill sponsored by Senators Collins and Lieberman went down to defeat when the owners and operators of the electric grid objected vehemently about government-mandated standards. The objection was frivolous. The bill called for voluntary standards to be promulgated by industry, not government. Still, the owners demanded liability protection. From what? From the risk of observing their own standards! This is ironic, because if disaster struck, rate-payers (that's us), insurance (we pay the premiums through our rates), and the government (that's us again) would be stuck with the tab -- not shareholders. No wonder the grid's owners and operators have a higher taste for risk than the businesses that depend on them.