This Christmas, New York is in Sandy Recovery mode. With the holiday season approaching, the race has been on to get the lights on – or, more specifically, as much of the city’s infrastructure restored as possible. The Big Apple has succeeded to an impressive degree: subway lines are working, tunnels are drained and, yes, for the most part the electricity grid is back.
However, as those recovery efforts continue, there is a decidedly un-festive question haunting some public officials: namely, could all those lights go out again? For quite apart from the threats posed by hurricanes or other weather shocks, there is another, more unnerving spectre haunting the city: the threat of a cyber attack.
Think about it. In the past few months, it has become crystal-clear that places such as New York are apt to face severe disruption if the electricity grid or other key infrastructure suddenly get suspended. It is also clear that cyber hackers and terrorists are becoming increasingly bold in their efforts to infiltrate the computer systems that run that critical infrastructure.
Leon Panetta, defence secretary, visited New York a couple of months ago – just before Sandy hit – and warned that hackers are now targeting chemical infrastructure and water and electrical grids. “We know of specific instances where intruders have successfully gained access to these control systems,” Panetta observed, adding that “we also know that they are seeking to create advanced tools to attack these systems and cause panic and destruction and even the loss of life.” If these attacks ever succeeded from “nation states or violent extremist groups”, this “could be as destructive as the terrorist attack on 9/11”, he added. By those standards, the disruption of Hurricane Sandy would be a mere warm-up act, not just for the east coast of America but elsewhere too.
The good news is that precisely because men like Panetta are now employing such dramatic language, efforts to prevent an attack are gathering pace. Military groups in the US and Europe are pouring huge volumes of resources into combating cyber warfare. And in New York itself, City Hall has developed extensive defence and response plans. Thankfully these disparate initiatives appear to be marked by less infighting between different agencies – or silos – that occurred in the run-up to 9/11.
Meanwhile, some politicians, such as Senator Kirsten Gillibrand from New York State, are banging the drum as well. Over the past year, Gillibrand has backed legislation that would force companies to improve their cyber defences – and make it easier for them to co-operate with public officials, without legal risk.
Unfortunately, the response from the corporate sector still seems patchy at best. Some large companies certainly are improving cyber security, but there is considerable reluctance to share information with other groups, or the public. Indeed, many companies are wary of even talking with the government. Such is the climate of suspicion that Big Business has hitherto refused to back a bill to force better corporate disclosure and co-ordination with the military; the Chamber of Commerce complains that it does not want to sign up to anything while the costs to companies remain so unclear.
But the cyber hackers and terrorists are not waiting about, amid this political gridlock. On the contrary, British and American officials claim that the attacks are getting bolder. And that leaves them, in essence, playing a race-against-time game: no sooner do cyber spooks manage to counter one hacking threat, than another pops up. Thankfully, they have hitherto won that game – and military officials express hope that this will continue. But if there is one big lesson that we should all learn from Hurricane Sandy, it is that nobody can count on being lucky all the time; sometimes the worst-case scenario can come true.
The only silver lining in this cloud is that New Yorkers, at least, are already well prepared for a world in which the infrastructure breaks down. Their spare torches, water and radios are in place. Other cities would do well to learn the lesson – hopefully long before any cyber storm hits.