Tuesday, January 13, 2009

Jack Bauer and the security of our critical infrastructure

Last year, I became addicted to the Fox TV show "24". I downloaded all of the old episodes to my iPhone (and later my Apple TV) and I watched them while working out. Watching the high intensity, high action, 24 adds to the adrenalin rush I get while riding my exercise bike or running on my treadmill. The first two seasons were amazing. Jack Bauer saved the world from nuclear war and from a deadly virus. Over the next 4 seasons, the show continued to play on these themes, but it became somewhat predictable. There are only so many ways bad guys can destroy the world. Several months ago, I finally caught up; I had seen all of the old episodes. And last year, there was no 24 due to the writers' strike in Hollywood.

It appears that the writers had some time to come up with some new and creative material during the year layoff. This year's season, which premiered last month and then again this past weekend (the show managed to have 3 premiers for a total of 6 hours) is based on a premise that I know all too well. In fact, it is very interesting to me that the writers' brainstorming of what could be the worst threat to the US besides a nuclear or viral attack is the same as what I have been worried about for some time now. The basic idea is that the bad guys have kidnapped a security expert who was the chief designer for a super firewall that controls access to all of the critical infrastructure in the country. This scientist is forced to create a device that allows the bad guys to take over air traffic control, the water treatment centers, the power grid, etc. (Never mind that he is able to accomplish this in a matter of minutes.)

While the show is not very accurate technologically, and the specific scenario of this season's 24 is far from realistic, the actual threat is very real. Much of our critical infrastructure is controlled by computers. Real time control systems are increasingly dependent on software. Software that inherently contains bugs, and which is increasingly complex. The same targets that are depicted in over-dramatized fashion on 24 are becoming increasingly vulnerable to real world criminals. Now, President-elect Obama is talking about digitizing health records and about upgrading our technological infrastructure. I'm all for that. But, security needs to be a top priority. We cannot let what happened with voting systems - where the technology was developed before security was considered - happen in our healthcare system.

Part of the reason why I have been enjoying watching 24 is that I get a good laugh at some of the ridiculous depictions of technology and, in particular, security. However, the vulnerability of our critical infrastructure to cyber attack is no laughing matter.