While some experts believe there was nothing malicious about the more than three-hour cyber breakdown of the New York Stock Exchange on Thursday, they do not want to admit the system’s vulnerabilities either to the public or the government, because it would undermine consumer confidence and rattle the American economic system, according to Peter Pry.
Pry, a former analyst with the Central Intelligence Agency, also warned that if “unintentional” circumstances can cause such a dramatic disruption to the NYSE operations, “imagine what a skilled and well-resourced malicious cyber adversary may be able to accomplish.”
Pry also was a staff director of the congressionally mandated Electromagnetic Pulse Commission, which addressed the potential impact of an EMP attack on the nation’s critical infrastructure. He is director of the congressional advisory Task Force on National and Homeland Security and the U.S. Nuclear Strategy Forum.
Trading on Wednesday was halted for more than three hours because of what the NYSE’s website described as a software-update problems. The NYSE insisted that the trading blackout wasn’t due to a cyber attack.
The blackout, however, occurred at the same time the Chinese stock market lost a third of its value, the European markets were jittery over the economic problems with Greece, the Wall Street Journal website went down for a time and the computer reservation system of United Airlines worldwide similarly stopped working.
It also came on the heels of revelations of cyber hacking into the U.S. Government’s Office of Personnel Management database, in which some 21.5 million records for past, present and prospective federal workers were stolen.
National security is at stake, since the information taken in that raid included details on those with security clearances. It also halted all security clearance adjudications for six weeks and prompted U.S. House of Representatives Speaker John Boehner to call on President Obama to fire OPM Director Katherine Archuleta.
“Officially, NYSE and others are denying the recent cyber breakdowns are malicious,” Pry told WND in an interview. “Are they telling the truth? Industry likes to think that denial will help make the threats go away.
“They do not like to admit vulnerability to the public or to the government, which undermines consumer confidence and invites regulation,” Pry said. “On the other hand, if NYSE is telling the truth, and the cyber breakdowns are not malicious, just a consequence of incompetence, this is even worse.”
Whether intentional or not, Pry said that there have been warnings for years of the vulnerability of business and finance systems, including the stock market, to electromagnetic pulse and cyber attacks.
Pry said that if a cyber attack can black out the electric grid for a protracted period, a cyber attack “too, could conceivably wreck our financial institutions and revert us to a barter economy.”
Pry referred to the November 2014 testimony of National Security Agency Director Adm. Michael Rogers, who also is head of Cyber Command, before the House Permanent Select Committee on Intelligence. He said a cyber attack could wreck the nation’s financial institutions.
Rogers said nation-states, groups and individuals are “aggressively” looking at acquiring the capability to take down critical infrastructures.
“What we think we’re seeing is reconnaissance by many of those actors in an attempt to ensure they understand our systems so that they can then, if they choose to, exploit the vulnerabilities within those control systems,” Rogers said.
“Those control systems are fundamental to how we work most of our infrastructure across this nation,” he said. “They are foundational to almost every networked aspect of our life, from our water to our power to our financial segment to the aviation industry just as examples. They’re so foundational to the way we do – we operate complex systems, you know, on a national basis.
“It’s one of the areas when – people often will ask me what are the coming trends that you see,” Rogers said. “I think the industrial control system and the SCADA (Supervisory Control and Data Acquisition) piece are big growth areas of vulnerability and action that we’re going to see in the coming 12 months, and it’s among the things that concern me the most because this will be truly destructive if someone decides that’s what they want to do.”
Pry also pointed out that Lloyds of London, the international insurance giant, has just published a study, “Business Blackout, The Insurance Implications of a Cyber Attack on the U.S. Power Grid,” which raises concerns of a cyberattack that could plunge the northeastern U.S., including New York City and Washington, D.C., into darkness.
“So Lloyds of London, competent leaders of the insurance industry, no hysterics, are very worried about the economic consequences of cyber attack, that they estimate would cost $243 billion to $1 trillion,” Pry said. “Obviously, a protracted nationwide blackout from EMP or cyber (attack) would be even worse.”
The Lloyds report acknowledges there have been “large individual business losses” from cyber attacks while saying there haven’t yet been catastrophic-level losses from widespread cyber attacks affecting many companies at the same time.
The report points out the wide range of insurance claims that could be triggered by an attack on the U.S. power grid.
Among the key findings, the Lloyds report said a cyber attack represents “a peril that could trigger losses across multiple sectors of the economy.”
“The cyber attack scenario in this report shows the broad range of claims that could be triggered by disruption to the U.S. power grid,” the Lloyds report said.
“This poses a number of complex challenges for insurers which need to be addressed if insurers are to more accurately assess cyber risk and develop new cyber insurance products,” the report said.