- Routes for vehicles transporting hazardous waste
- Locations of power plants
- Locations of fuel supplies for municipalities
- Storage areas for grain, cattle and other agricultural products
- Locations of communications centers
- Purchase history for first responders—identifying equipment available to public safety professionals
- Storage locations of dangerous chemicals
- Road construction plans
- Scheduling of security teams for special events
- Locations of power lines, water lines and gas lines
- Date, time and location of special events (large gatherings of people)
A Well Planned Attack
With the information listed above, terrorists could perpetrate a well planned and devestating attack on, for instance, a large public event.
- If terrorists can find information that indicates whether the security team sheduled to cover the event intends to search for explosives, they can plan a suicide bombing around that information. If there is to be no searching, they may use a stable, traditional explosive. If there is going to be searching, they may choose an explosive that is less stable, but easy to make and much more difficult to detect. Having prior knowledge of what types of explosives can get past security mechanisms increases the probability of success.
- If they can find out what types of toxic gases the local first responders are ill equipped to address—something that may be evident from first responder purchase histories—terrorists may plan to release one of those gases into the crowd.
- With the addresses of the local fire stations and hospitals, terrorists may be able to impede first responders' attempts to reach the site of the event. They may create an accident in front of a fire station, drop a large amount of spikes in front of an ambulance facility to puncture tires, or pour Karo syrup into the fuel tanks of MedEvac helicopters to slow down response times.
- Since most communication systems are now computer based, terrorists could use automated programs to flood communications systems, again increasing the impact of the attack by confusing attempts to mitigate the damage.
All of these things could be accomplished by hacking into networked systems that are often less protected than the control systems for our infrastructure.
This type of one-off cyberterrorist attack is more of a reality than direct cyberterrorism, and it has a greater likelihood of success. Because of this, every government entity tasked with emergency preparedness should have line items in their budgets for protecting their computer systems and networks. If they don’t, the emergencies they are preparing for could be much worse than expected.
John Mallery is a managing consultant for BKD, LLP, one of the 10 largest accounting firms in the United States. He works in the Forensics and Dispute Consulting unit and specializes in computer forensics. He is also a co-author of Hardening Network Security, which was recently published by McGraw-Hill. Mr. Mallery can be reached at firstname.lastname@example.org.