Interviews

Latest cyber attack puts focus on threats to power supply

How can U.S. increase preparedness?

 

This is a rush transcript from "Your World," May 21, 2014. This copy may not be in its final form and may be updated.

NEIL CAVUTO, HOST: So, how serious is this? What's being done about it?

Bob Strang is the former co-chair of the New York Antiterrorism Task Force. David Kennedy, well, he's a hacker, trained hacker at that, exposes cyber-threats and knows of what he speaks. Gentlemen, welcome to both of you.

Robert, this is scary, because left out in this coverage is the fact that we have had a number of other incidents, some involving just getting into the energy sector. More than half the cyber-attacks were in the energy sector. So, that must be a very popular target.

ROBERT STRANG, CEO, INVESTIGATIVE MANAGEMENT GROUP: Well, it's popular not only in the United States, but around the world.

And it's popular because hackers and especially terrorists want to be able to learn more about our infrastructure, be able to get in and see what's available for them. That's the scary part.

It doesn't necessarily mean that every time they go inside one of our systems, whether it be in a nuclear facility, whether it be in any of our utilities, whether it be in any of our gas or oil stations, they are looking for information. They are looking for intelligence.

And the problem is that, as they collect this data, as they increase their intelligence, how are they going to use it? Are they going to coordinate it in some way with other active events? Are they going to use it in and of itself? That's the issue, because sometimes not doing something, just going inside -- it's like a thief coming in your home looking around and seeing what is there so that they can plan for the big event.

It's the same thing when they go inside these systems. They're looking around. They're seeing what's available. And they're planning for something. And that's the scary part.

CAVUTO: Well, see, that's what worries me, David. In a lot of these cases, few though we have officially reported, they don't destroy stuff. I know in the California utilities substation equipment and the like was destroyed, but it was like a surgical strike, and they left before authorities arrived.

But, in some of these other cases, it seems to be getting into the brains of the utility and figuring out, to David's point, how it works -- or to Robert's point -- how it works. What do you make of that? What should we fear because of that?

DAVID KENNEDY, CYBER-SECURITY ANALYST: Well, these are just incursions that are looking at how we actually operate in the country.

When we talk about industrial control systems, these things are ancient. You're talking technology that dates back into the '70s and they haven't been upgraded. They're on the Internet. And so these incursions are really happening from different known what we call state-sponsored attacks, so things like China or Iran or Russia learning our infrastructure so that they have the preparedness to come in take out a large part of our infrastructure if the event that there is a natural altercation.

So, I think this is a really big concern for us because we're really not up to speed when it comes to the security around these type of devices or in any type of utility, oil, gas, you name it. We're really unprepared to be able to handle these type of threats or attacks. And this is just one example -- it was mentioned earlier 250-plus attacks that happened last year.

This is a major front of attack for hackers. And we're seeing breaches happen all over the place. This is a major one for military operations.

CAVUTO: Yes. And it's also a major security thing.

But as you pointed out in the past, Robert, when we're so focused on Target or whether our security or credit data was compromised at a retail store, it's a whole 'nother beast when it's our utilities. And you think about forcing a power outage or a nationwide lockout and the way this system works, it's very easy to do.

STRANG: It is. And if you combine that with these other technological security breaches, whether it be in the TSA, whether it be with our financial district, whether it be with any of our nuclear facilities, our water supply, we had 24 different entities listed when we did the task force terrorism list here in New York 12 years ago.

CAVUTO: Is that right?

STRANG: And they are all still very vulnerable.

You know, there's not much that we can do, except build those firewalls, try to be more aggressive with our counterterrorism.

CAVUTO: But what if it's antiquated, right? If these are some antiquated systems are they not up to speed, a smart criminal can be ahead of that. Right?

STRANG: Well, look at what they're doing today with Target.

CAVUTO: Yes.

STRANG: Look at what the Chinese are doing to us. We're so far behind even with the latest technology that we have.

CAVUTO: Yes.

STRANG: These hackers -- and David would probably agree -- many of these terrorists, many of our people who want to harm the United States, they can gain access.

CAVUTO: And a grid is the way to do it, right, David? You may compromise that, it's a heck of a lot different than going after your credit card data at a Target, right?

KENNEDY: That's absolutely right. The financial impact is relatively low.

But you think about say we decided to launch an attack against Iran or another country and they toppled our entire electrical grid, where we have no power to any of our systems back in the United States. You are talking a large portion of the United States that doesn't have the capability to communicate. It would be mass mayhem.

CAVUTO: But who is doing that, David? Who do you suspect has the wherewithal, the knowledge to do this?

KENNEDY: Well, Neil, the scary part about this is the sophistication of these attacks aren't that great. It literally would take a college person that had just learned hacking to actually break into these industrial control systems. They're that vulnerable.

CAVUTO: Wow.

KENNEDY: But when we look at where they are actually originating from, they are originating from China, they are originating from Russia, they are originating from Iran. By the way, Iran's capabilities are starting to mirror a lot of what we see happening out of China now.

So, they're the next big threat I think moving forward and we really need to pay attention to what Iran is doing. They just recently claimed that they reversed-engineered our drone and are able to produce the same type of drones. They have a very capable information warfare capability and we should be pretty alarmed about.

CAVUTO: Well, I hear Iran, I hear China, I hear Russia. Robert, I don't like what I'm hearing.

STRANG: Yes.

You know, our new FBI director has put this as a priority with the 16,000...

CAVUTO: You think?

STRANG: Yes, he has, with the 16,000 federal agents, FBI agents. Our previous FBI director, Mueller, had it as a top priority.

CAVUTO: And these are, by the way, the incidents that we know of.

STRANG: That's right.

CAVUTO: That's right.

STRANG: And these are incidents that we know of that have been released.

CAVUTO: Exactly.

STRANG: Many more of these things happen on a daily basis. This is how hackers work.

CAVUTO: You're right.

STRANG: They are constantly going in, constantly taking a look. Planning for what, I don't know.

CAVUTO: Gentlemen, I want to thank you both.

Don't want to alarm people, but do want to make you aware of this. I know this didn't get a lot of coverage. But I think it should because last time I checked, if everything goes total blackout in this country, that's not good.

Content and Programming Copyright 2014 Fox News Network, LLC. ALL RIGHTS RESERVED. Copyright 2014 CQ-Roll Call, Inc. All materials herein are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published or broadcast without the prior written permission of CQ-Roll Call. You may not alter or remove any trademark, copyright or other notice from copies of the content.