While cyberattacks on businesses are a growing and worrisome problem, attacks on the nation’s “critical infrastructure,” such as water treatment and power plants, are truly frightening, said Henry “Paco” Capello, information systems program manager at LSU’s Stephenson Disaster Management Institute.
“Louisiana has the most critical infrastructure of any other state. For natural gas alone, we account for some ungodly number, 70 percent of the nation’s natural gas,” Capello said.
The state also has massive petrochemical and refining plants vital to the country’s economy, Capello said. Gov. Bobby Jindal has identified the potential threat to those facilities.
Louisiana is one of a number of states partnering with the National Guard to build the capacity to deal with the threats. Capello, a guardsman, leads the cyberprotection team for the state.
“We have to be pro-active, not reactive, because an attack on critical infrastructure could mean thousands of lives,” Capello said.
The cyberprotection team consists largely of volunteers in the Louisiana National Guard, ready-made “cyberwarriors” whose civilian jobs involve cybersecurity. There is some federal funding available, and Louisiana has applied for it. But the federal government plans to fund only 10 teams nationwide, so there’s no guarantee Louisiana will get that money.
Capello said the possibility of a cyberattacker capitalizing on a natural disaster keeps him awake at night.
“Say we get hit by a hurricane and then a cyberattacker decides to attack our communications network, so now we have no communications, or he attacks our intelligent traffic system and shuts all the red lights off or makes all the lights green. Now we have gridlock and people can’t evacuate,” Capello said.
It gets worse.
One practice scenario Capello helped put together for the International Agency Board involved an attack on a harbor where the cyberattacker gained control of a computer system and released chlorine gas, attacked the transportation system to create gridlock so people couldn’t get away from the poison gas, and then hacked the Emergency Alert System directing commuters from the outlying areas into the chlorine cloud.
Capello said the nightmare scenario didn’t spring from the exercise designers’ imaginations.
Each of those attacks really happened within a 12-month time frame, Capello said.