In Chapter 1, I presented a future threat scenario that involved a catastrophic chain reaction resulting from a coordinated hacker attack against multiple nuclear power plants. Granted, I painted a worst-case scenario. Since writing that chapter, I’ve changed my thinking on what a worst-case scenario really is, as recent real-life events have shown that threats to critical infrastructure are becoming increasingly frequent.
On January 18, 2008, senior CIA analyst Tom Donahue told attendees at a SANS conference that a cyber attack against a foreign nation’s electric grid resulted in a widespread power outage that affected multiple cities. He did not disclose the name of the country or the date of the event. The unique nature of Donahue’s disclosure (the CIA almost never does this) and the mystery surrounding the actual event attracted the producers of CBS News’ 60 Minutes, and in the fall of 2009, they launched their own investigation into the situation. The findings aired on November 8, 2009 (see the segment at http://www.cbsnews.com/stories/2009/11/06/60minutes/main5555565.shtml), wherein they named the country that Donahue was referring to in his presentation at the SANS conference—Brazil:
Several prominent intelligence sources confirmed that there were a series of cyber attacks in Brazil: one north of Rio de Janeiro in January 2005 that affected three cities and tens of thousands of people, and another, much larger event beginning on Sept. 26, 2007.
That one ...