Transcript of Cyberterrorism: Response at the Regional and Local Level Opening - Panelist's Introduction I. Accident or Attack? Responses: Airport and City View Responses: First Response (EMS, Police, Fire) Was Computer Crash Deliberate? Response: FBI II. Phreaking for Dummies Hacking 101: How it Works Hacker Resources Hackers & the Media The Hacker "Profile" III. 911 Goes Down; Preparing for More IV. New Systems, New Vulnerabilities; Old Timers to the Rescue Are New Systems More Vulnerable? Are There Backup Systems? V. From Local to National Coincidence or Cyberterrorism? Dealing With the Media Responding to Crisis: National View Responding to Crisis: Local Level Federal vs. State/Local VI. Gathering & Sharing Information Tracking Down Suspects Legal Implications of Gathering & Releasing Clues From National to International VIII. Conclusion - What More Can Be Done? Closing Thoughts [ Opening - Panelist's Introduction ] 00.00.21.00 Timothy Shimeall Hello, my name's Tim Shimeall, I'm with the CERT Coordination Center at Carnegie Mellon University, Pittsburgh, Pennsylvania. 00.00.27.9 Michael Vatis I'm Michael Vatis, I'm the director of the National Infrastructure Protection Center. 00.00.33.5 Mike Arlington My name is Mike Arlington, I'm the director of Legal Compliance for a major telephone company. 00.00.37.7 Scott Larson Hi, my name is Scott Larson, I'm a supervisory special agent with the FBI here in the Washington field office, specializing in computer intrusions and infrastructure protection. 00.00.46.9 Wayne Madsen Hi, I'm Wayne Madsen, senior fellow, the Electronic Privacy Information Center, Washington, D.C. 00.00.53.9 Mayor Bill Campbell Bill Campbell, Mayor of Atlanta, Georgia. 00.00.57.0 Jerry Hauer Jerry Hauer, director of the Center for Counterterrorism for Science Applications International. 00.01.03.9 John Vranesevich Hi, I'm John Vranesevich, founder and general partner, Anti-Online, Pittsburgh, Pennsylvania. 00.01.08.4 Michael Reilly I'm Mike Reilly, Battalion Chief of the Fairfax County Fire and Rescue Department. I'm chief of investigations for the Fire Marshall's Office for HazMat, Hazardous Materials and Arson Investigations. 00.01.17.2 Leslee Stein Spencer Hi, I'm Leslee Stein Spencer, I'm chief of emergency medical services and highway safety for Illinois Department of Public Health. 00.01.24.2 Michael Robinson Hello, I'm Mike Robinson, director of the Michigan department of state police and president of the International Association of Chiefs of Police. 00.01.31.4 Sheriff Patrick Sullivan, Jr. I'm Pat Sullivan, Sheriff of Arapahoe County, Colorado. [ I. Accident or Attack? ] [ Responses: Airport and City View ] 00.02.42.0 Moderator Bill, you are the mayor of Metropolis, and Jerry, you are the director of the Office of Emergency Management. Now, the two of you have just been to an exciting conference on floods, volcanoes, earthquake, pestilence - you know, the normal emergency management stuff. And you’re coming back to something much more exciting. What’s going on is that in the next couple of days, the great city of Metropolis will be hosting the Super Bowl. Now the two of you are on board flight 2002 on Blue Skies, you’re flying into Metropolis International Airport on a cloudy morning in January, when, wouldn’t you know it, the airport traffic control system goes down. All right, now let me tell you a little bit about airport traffic control. Normally the main computer at airport traffic control tells controllers a little bit of information about radar and tells them what’s going on with planes in the air, tells them about route, travel plan, altitude, but now that these computers are down, these controllers have to look at the radar themselves, and extrapolate this crucial information themselves. Now because of the Super Bowl there are lots more planes in the air overhead Metropolis, lots more planes coming into the city. Now Jerry I assume the city has plans in place when there are problems at the airport, and I certainly assume that it has contingency plans when the Super Bowl is happening, but when I what to ask you is: does the city have plans in place when there’s the possibility of a slowdown at the airport, or possibly the airport closing down, or maybe even suffering a major accident right before the Super Bowl? What I’d like you to do is have a conversation with the mayor and tell him what those plans might be, cause I think he could use a little reassurance right about now, don’t you? 00.04.31.2 Jerry Hauer Well the, probably the last thing I’d want to be doing is sitting on a plane, flying in with the mayor is talking about the city’s crash plans, particularly when we’re on one of those planes. But - 00.04.41.5 Moderator But talk to him now. 00.04.42.4 Jerry Hauer But in point of fact, we do have plans in place in the event that something happens at the airport. We do have plans in place in the event that there is a slowdown through the air traffic control system to augment the airport police with city police. We have plans in place in the event of an incident to manage the incident, to deal with any type of crash 00.05.07.0 Mayor Bill Campbell Jerry, what I need to know now because we’re about to land is exactly how we’re going to alert all the systems so that they are up and running and we’re prepared. We’ve got millions of people coming into the city. We’ve got a hundred million that’ll be watching our preparation for the Super Bowl, three thousand journalists, so we’ve got to make certain that things are done the proper way. What do we do now, what are steps one, two, and three? 00.05.31.3 Jerry Hauer Well first of all, the Emergency Operations Center, because we’re getting ready for Super Bowl weekend, is operational. All of the city, state, and federal agencies are in place to deal with any contingency that might come up, as they are for any major event. So we’ve got everyone in place, for pretty much any type of contingency. 00.05.53.1 Mayor Bill Campbell How do we pull the strings, how do we start it right now? 00.05.54.6 Jerry Hauer Well, if in fact there are any problems at the airport, the representative from the airport will be talking with the police department about augmenting any type of police needs in case there’s crowds there. Certainly for Super Bowl weekend we’re going to be expecting increased traffic at the airport. 00.06.15.0 Mayor Bill Campbell We’re the busiest airport in the world, we know that this is a bad time, perhaps the worst time in the world for this to happen. What do we do right now, who do we call first? 00.06.25.5 Jerry Hauer Well, the first thing we need to do is try and find out what the magnitude of the delays are going to be, whether or not planes are going to get out - 00.06.32.7 Mayor Bill Campbell Are we going to get in? 00.06.33.9 Jerry Hauer Well, there’s a good chance we’re not, because if the air traffic control system is down and it’s cloudy and the ILS system might be down, there’s a good chance we might not be able to land, and that could be a problem. We need to be finding out whether we’re gonna get into Atlanta or whether we’ll be flying into an alternate airport, and that could be a big problem for us. [ Responses: First Response (EMS, Police, Fire) ] 00.06.56.7 Moderator Alright, let me jump in here. Pat, you are the chief of police for Metropolis. Mike [Robinson], you head the state police. Leslee, you are the head of Metropolis’ EMS, and Mike [Reilly], you head the fire department in Metropolis. What I’d like you to do is talk about how you might respond to the situation. We have the pressures of the Super Bowl with the possibility of at least a slowdown at Metropolis International Airport and possibly a crash at Metropolis International Airport.What’s EMS thinking about at this point? How would you respond to the situation right now? 00.07.31.0 Leslee Stein Spencer Well, we already have ambulances stationed at the airport, and if we think there’s going to be a crash we might notify the supervisors to have them bring in, maybe bring some ambulances in from another area, calling in mutual aid, because we don’t want to remove any of the ambulance standing by the Super Bowl arena. So we’ll see if we can bring in some mutual aid on standby. 00.07.49.8 Moderator How about police Pat? 00.07.50.9 Sheriff Patrick Sullivan, Jr. There’s going to be a backup of traffic as more people are arriving and not being able to meet incoming planes, so the traffic congestion is going to increase considerably. There may be some crowd problems inside the airport itself, so there’s going to have to be an augmentation of the manpower at the airport. 00.08.04.8 Moderator Fire, what’s going on? 00.08.06.6 Michael Reilly Well we already have a unified command system set up, so all the agency heads already have contingency plans. We have mutual aid agreements with the surrounding jurisdictions, and we already have pre-deployment of some of our engine companies and our special task force already deployed to that immediate area, and each division chief has an area of responsibility. 00.08.26.4 Moderator Mike [Robinson], it sounds like nobody’s really talking about the cause of this shutdown, the cause of the problem, the computer crash. Is anybody thinking about that? Is anybody, at this point, thinking about the possibility that this might not be just a run of the mill computer crash, but might be the start of something bigger, do you think? 00.08.42.6 Michael Robinson Well there’s gonna be two issues here. One is, in any situation like this, is the crisis and the consequence. What we’re trying to deal with right now is obviously what the consequence of this particular incident is likely to be. The fact that we have the Emergency Operations Center up and running is an advantage in this case because we’re not calling people in to develop this immediate relationship for the situation. So we obviously want to deal immediately with the consequences that may erupt as a result of this difficulty that we have. As we feel that we have that particular base covered and we are in shape to respond, if the worst should happen, if a crash occurs, or some other sort of incident, then it allows us time to look at the crisis and the magnitude of that. [ Was Computer Crash Deliberate? ] 00.09.32.9 Moderator Okay, Tim let me talk to you a little bit. Is there any way-let’s talk about this computer crash that’s going on-is there any way to determine whether or not it was accidental or it was deliberate at the time that the computer crashes? 00.09.46.1 Timothy Shimeall Well there’s a lot of different cases for the computer crashing. We might want to look to see if the computer crashed because of some obvious hardware problems, and, that would be one implication. The power flows to the computer, um, checking the plug, if you will. 00.10.03.8 Moderator Okay. 00.10.04.1 Timothy Shimeall In addition, assuming those things check out, then the technicians would rather rapidly move into checking the systems logs, to see what was going on in the system at the time of the crash, whether or not there was some unforeseen combination of circumstances that the system just could not handle, or if there was something more malicious going on. 00.10.22.2 Moderator Michael [Vatis], tell me, would people be thinking about cyberterrorism at this point, or would they be thinking about this computer at this point, or might they be thinking more about the consequences of this? 00.10.33.2 Michael Vatis We would be thinking about the possibilities that it could be merely a hardware problem or a software problem, but also about the possibility that this could be the result of a malicious attack, someone purposely getting into the system to try to shut it down. And, if that were the case, that’s when the federal government would engage, through the FBI and other agencies, to determine who might be behind this and to try to put an end to it. 00.10.57.0 Moderator Alright, you say that you might be thinking about that, but talk to me about the typical airport and city administrators. Would THEY be thinking about cyberterrorism at this point, the possibility of that, do you think? 00.11.06.8 Michael Vatis I think they would. Given the incidents that we’ve seen over the last several years with attacks on critical infrastructure systems, the computers that run critical services such as transportation networks, banks, electrical power, things like that, and the fact that we’ve had some precedence even in the air traffic control arena, people would think about that as a possibility. It’s important not to jump to conclusions until you have some indication of whether it’s an accident or a malicious attack, but I think people would be examining all the possibilities. 00.11.39.6 Michael Robinson What we’re doing a great deal of is we’re talking with those groups and individuals and critical infrastructure managers of systems so that, whether it is a utility company or whether it is an airport traffic control system, that the managers of those systems now, more than ever before, have it in the back of their mind that this could be something more than a normal failure of hardware or software. So we are doing a lot of that preparation ahead of time so that they’re making the right decisions in evaluating what the cause of that situation is, so that they know who to contact when they do discover that this is an act of sabotage or some other intrusion, that wouldn’t be a normal software/hardware problem. 00.12.26.6 Leslee Stein-Spencer But I think that law enforcement might be interested in cyberterrorism, but I think if you look at health, emergency respond, we are not thinking cyberterrorism at all. 00.12.35.0 Moderator Not at this point? 00.12.35.5 Leslee Stein-Spencer Not at this point. 00.12.16.8 Timothy Shimeall Well one thing, no matter what the cause is, the initial steps we’re going to take are the same. 00.12.40.0 Leslee Stein-Spencer That’s exactly right. 00.12.42.5 Timothy Shimeall From the systems point of view, we are going to be viewing the systems logs, we are going to be diagnosing what went on and seeing what indications exist. From the emergency response perspective, you guys are going to be dealing with the consequences, because, no matter what happened, the consequences are going to be, initially, at least somewhat similar. 00.12.56.4 Michael Robinson The engagement of the emergency management mechanism in the city or in the state is going to be the same no matter what the cause of it. Leslee Stein-Spencer That’s correct. [ Response: FBI ] 00.13.03.2 Moderator Scott Larson, let me ask you this Scott: this is, when we’re talking air traffic control, it’s a federal system right? Does the FBI get involved every time a federal computer goes on the blink? Would you start investigating, launch an investigation, at this point, do you think? 00.13.17.6 Scott Larson Well, kind of what’s already been said, there’s an assessment period, to try to figure out what happened, and there’s a lot of experience already with Y2K, the various viruses that have been around, where people have already gone through these processes and started thinking about them. What we generally do is we make contact, and say, “hey.” Just make a simple contact, you know, “what’s going on? Do you need anything?” and then we go from that step, as the process goes across all the different entities that are involved in this. 00.13.42.8 Moderator Alright, I’d like us to step back in time- 00.13.44.3 Michael Reilly Could I just make a quick comment? 00.13.45.0 Moderator Absolutely Mike [Reilly], jump right on in there. 00.13.47.0 Michael Reilly As Mike [Vatis] already indicated that he would be thinking of that cyberterrorism because, as you probably are aware, all these computer systems are redundant, and so for a system to actually go down, more than one system would have had to have been affected. We’re talking two, three, four times those systems are backed up. So if those backups are down, then we know that more than one system has been affected. And I would think that, at that point, most of our fellows up here would be thinking, “well, for all of those systems to go down at one time, there’s a lot more than just Murphy’s Law.” [ II. Phreaking for Dummies ] [ Hacking 101: How it Works ] 00.13.16.3 Moderator Alright, [laughter] we still don’t know what the cause, we still don’t know what the cause of the computer crash has been. But I’d like us to step back in time a little bit. Back in time to when a couple of kids, and, for now they’re going to be played by John, Mike [Reilly], and me, we’re thinking about what kinds of things we might be able to get into. How we might be able to get into the airport system, for example, or some other major system and play around in those systems? Now, John, you’re the leader of our little group, and, in fact, we’ve been following you for some time. When we were all in high school you actually showed us how to hack into the high school’s official website. Remember that John? 00.14.56.7 John Vranesevich Sure, it was a ball. 00.14.57.6 Michael Reilly You changed my grade. 00.14.59.1 John Vranesevich You needed it. 00.15.00.0 Michael Reilly From an A to a C. 00.15.02.4 Moderator Alright, well let’s talk about it. What did you do, what did we do with that official website John? Tell us a little bit about it. 00.15.08.9 John Vranesevich Well, the high school system was pretty easy. The administrator got a new software, he bought online, he installed it, and up popped the website. They got a grant from the National Science Foundation to put that up. But unfortunately, he was also the school’s math teacher, and substitutes for gym class every now and then, so he didn’t know how to change the default passwords. So we simply went to the manufacturer of that company and see what they used as a default password, logged ourselves in, and had fun with it. 00.15.35.6 Moderator And what, how did we have fun? What did we do? Talk about it. 00.15.38.3 John Vranesevich Well, in that case, what we decided to do was, we had that English teacher that we disliked, so we got a picture of her and distorted it and put it up online. 00.15.46.9 Michael Reilly I think you did more than distort it. 00.15.49.0 John Vranesevich [laughing] Okay. We had some fun, it took some time, but it was worth it. 00.15.52.4 Moderator Alright, yeah, it was really kind of cool what we were able to do. And, in fact, we’ve been your disciples ever since, John. Now, Mike and I are just a little bit interested though, in doing some other stuff with these systems, and in fact we’d like to know some of the really bad things that hackers can get into. So we want you to tell us, not that we’re necessarily going to do it Mike, right? 00.16.11.3 Michael Reilly Well, if you’re going to do something like that you could get me into my college grades as well. 00.16.15.6 Moderator [laughing] We just want to know what we might be able to do, what some of the possibilities are. And, in fact Mike, why don’t you ask John about some of the things that we might like to do? 00.16.23.6 Michael Reilly Well, I always wanted to see what an air traffic controller could do, so if you could kind of get me into one of their computers so I can watch simultaneously some of those planes that are coming and going. 00.16.33.7 John Vranesevich Right. We’re going to have a little bit of a problem though, because, unlike our high school, the machines we’re going to need to break into aren’t connected to the Internet. So we’re not simply going to be able to bring up the air traffic control computer on our local machines via AOL. So what we’re going to have to do is try to find an alternate way to get into those systems. 00.16.39.5 Michael Reilly They have a hard line going somewhere, right? 00.16.51.5 John Vranesevich Obviously. Air traffic control by definition is communication, so there’s probably all sorts of communications lines. So I think we want, to start, what we’re going to have to do is get as much information we can and read as much as we can about how phone systems work and about the type of telecommunication facilities that go into an air traffic control center. 00.17.08.5 Moderator Where are we going to read that information? And, I want you to break this down for me because, unlike Mike, I’m not really that good with computers. So let’s talk about hacking for dummies here, okay, let’s just break it down. 00.17.18.5 Michael Reilly She’s seen my skills. I’m up there with you almost. 00.17.20.6 Moderator So how might we do this, where would we begin? I turn on the computer and then what? 00.17.25.4 John Vranesevich Well, dial up to AOL and we’ll bring up Infoseek or AOL search and we will begin researching the phone companies. 00.17.33.2 Moderator How do we do that? 00.17.34.4 John Vranesevich Well, luckily for us, most of these companies put information about all their products, services, etc., online for the average consumer or the corporate consumer to read. And, while that information might simply be general, casual reading for their customers, for us we’re going to use those as keys to get into their system. 00.17.48.7 Moderator Alright, and when you say we’re going to use it as keys to get into the system, how do we do that? How do I know how to hack into these, these systems? Is there some information, some website someplace that will help me? 00.18.00.0 John Vranesevich Oftentimes one of the keys is to simply educate yourself so you know more about the system than the people who are running it. Oftentimes the people that are running these systems aren’t trained as well or as thoroughly as you can train yourself about these systems. So, if you can learn anything you can about that system, we can go look at it with an expert eye when it might be the equivalent of a child running it. 00.18.18.8 Moderator Okay, well you know, I did something at your suggestion. I put in, I pulled up Yahoo and I put in the word “phreaking,” what’s “phreaking?” 00.18.26.6 John Vranesevich Ah “phreaking” is the word we use for telephone or telecommunications system hacking. [Hacker Resources ] 00.18.30.7 Moderator Okay. I typed in “phreaking” and, lo and behold, this, website came up and told me all about how to hack into various systems. Is that, is that normal? Do other kids do that, do you think? 00.18.42.9 John Vranesevich Right. One of the things that even our group likes to do is post information about how we hacked into our high school’s website online. That lets other kids read about how we do it, might give us a few cool e-mails, “hey, you guys are really neat” type of things, help raise the statute of our group, we’re already well-known within our high school, so let’s get well-known a little bit someplace else. So what we might be able to do is simply go in and find some groups of people like us who have done things like that in the past, or something that might be able to clue us in on how to do it. 00.19.12.2 Michael Reilly We wouldn’t even have to buy lunch anymore. 00.19.14.1 Moderator Because? 00.19.14.8 Michael Reilly Because we’re changing other people’s grades as well, so they’re kind of all sharing with us. 00.19.18.5 Moderator Oh, they’re giving us money for lunch, okay. Michael [Vatis], talk to me about what kind of information I might be able to find on the Net about other systems. Can I find information about air traffic control, telephone systems, what’s out there? 00.19.30.5 Michael Vatis There is an incredible wealth of information about systems that hackers might want to target, as well as techniques they might use to break into those systems that they choose to target. In fact, you don’t even need to be as good as John, or Mike, or yourself at hacking because there are automated tools available on hacker websites so even a novice, a relative novice, can go in and download the particular tools or exploits that he might want to deploy, and then pick his target and launch. 00.20.01.9 Moderator Talking about targets, can I get into telephone systems Scott? Can I get into e-commerce? Can I get into those sorts of things? 00.20.08.6 Scott Larson You can get into just about any computer system that is connected via modem and telephone, or from the Internet, through a router. 00.20.16.2 Moderator Okay. John, Michael [Vatis] was telling me that it’s easy. I’m not really convinced, alright. It sounds like you have to be somewhat of a computer genius to be able to do this stuff. Is that right? 00.20.27.3 John Vranesevich Absolutely not. Some of the things that have made the headlines here in the United States and worldwide is quote-un-quote “potentially serious incidents.” Almost every case has turned out to be a couple teenagers. Some as young as twelve that are doing this. 00.20.43.2 Moderator Give me some examples of what’s been going on. 00.20.45.3 John Vranesevich All sorts of things. In relation to this case, we saw a sixteen-year old break into the phone system and shut off communications to an airport. We’ve seen teenagers break into various systems run by the Department of Defense, stealing information such as maps to classified networks. We see things like that happen on a daily basis. Government computers are broken into so often that it’s no longer newsworthy, it’s just another daily event. [ Hackers & the Media ] 00.21.13.0 Moderator Well, speaking of news, Wayne, you’re a journalist, you’ve been covering a lot of these incidents. Can you tell us some other examples of things that you’ve seen hackers do with the computers? Inspire us with some of these examples. 00.21.23.7 Wayne Madsen Well, we’ve seen some worldwide events that may have come from these so-called “hackers” or “crackers” depending what a - 00.21.32.5 Moderator What’s a “cracker?” 00.21.33.5 Wayne Madsen Well that’s a person who maliciously, has malicious intent. A hacker is a guy like Bill Gates, [laughter] although some people, my friends from the Justice Department, they argue that he may also have had some malicious intent, on occasion. But a cracker is somebody who purposefully goes into a computer to do damage or steal information, as opposed to somebody who’s just curious, who’s interested in saying “hey,” I want to put this on my hacker resume and say that I broke into such-and-such a system. But worldwide, virus attacks, distributed denial of service attacks, they tend to get a lot of attention by the media and a lot of hype, sometimes it’s good, sometimes it’s bad. 00.22.20.5 Moderator Well, let’s talk about how the media is covering this. Do you think that they’re informing the public fully about the kinds of things that we hackers can get into? 00.22.29.0 Wayne Madsen I think it’s important that the media informs the public in a responsible manner. That letting the public know how vulnerable information is on Internets and computer systems I think is responsible journalism. 00.22.44.8 Moderator And are we doing that? 00.22.45.6 Wayne Madsen My feeling is we’re not doing it. There’s a lot of hype out there, there’s a lot of overreaction to what’s happened. We definitely don’t want to scare people away from this great technology, but there’s just been a lot of overreaction to incidents that, probably, you could say, happen quite frequently. 00.23.07.2 Sheriff Patrick Sullivan, Jr. What are you describing as overreaction? 00.23.09.4 Wayne Madsen Well, the distributed denial of service attacks that we’ve experienced, there was one- 00.23.15.2 Mayor Bill Campbell What does that mean? 00.23.15.9 Wayne Madsen That’s basically where a lot of computers, websites go down simultaneously, they have problems. We’ve seen it happen with E-Bay, we’ve seen it with amazon.com. These incidents tend, because these are high-profile companies, they tend to get an awful lot of press attention. However, if it’s an Internet relay chat server at some obscure university in Tasmania, these attacks happen quite frequently also, but they don’t get quite the press that these high-profile attacks do. 00.23.48.0 John Vranesevich Yeah, but I think in a way it’s important, because I think for the first time we’re seeing something the American people need to realize is that, you know, with the denial of services attacks, if, five years ago, ten years ago, you said that a sixteen-year-old who wore a Pokeman shirt in Canada could, you know, cost US companies billions of dollars in losses, they laugh at you. What is this sixteen-year-old possibly going to do that’s going to cause companies billions of dollars? Nowadays we’re seeing it, and we’re seeing it over, and over, and over. All of a sudden this young teenage rebelliousness, there’s power behind it. And I think that’s what’s important. Maybe that’s not the message that’s being relayed, but I think that’s one of the important messages that the American public needs to get. So, yeah sure, America Online gets more attention if it gets broken into, but if we turn it back to the teenager, if a kid through a rock at the neighborhood church, sure, it wouldn’t make national news. But if he threw a rock, tried to break a window on the White House, yeah that would. 00.24.44.2 Michael Robinson The question that I have, John, and the question that the American public has, and we in law enforcement have, because we’re being tasked with investigating those kinds of activities, is what is the industry doing and what are the managers of those infrastructure systems doing to make their systems more secure from those sorts of intrusions because that causes a great impact on us. [ The Hacker "Profile" ] 00.25.08.0 Moderator (over Michael Robinson) Okay, before we get into that I actually want to come to Leslee, and I want you to play for a minute as John’s mom, okay? 00.25.16.4 Leslee Stein-Spencer- I could be, unfortunately. 00.25.19.0 Moderator Alright, alright, and you’re a proud mom. 00.25.20.5 Michael Reilly I bet you’re happy about his grades. 00.25.23.0 Leslee Stein-Spencer Happy about his grades. 00.25.24.0 Moderator He’s been getting a lot of A’s lately. But Leslee let me ask you this: the high school officials never found out who hacked into their website, and no officials have actually contacted you about John’s cyber-antics or any of his friends’ antics. And so what I’m wondering is: do you know, or have a clue about what John is doing, as a parent? Mom to mom. 00.25.46.3 Leslee Stein-Spencer I would say probably not. Since in my day we didn’t have computers, I am not as knowledgeable as my son. Subsequently, he does a lot more and can do much more than I’ll ever know. So I don’t have a clue except to think he’s an excellent student. 00.25.59.5 Moderator Okay. 00.26.00.0 Timothy Shimeall What you may notice [is] that he’s at least home, in the evenings, he’s working quietly in his room, he’s not causing anybody any overt problems, he’s not hanging around with the bad crowd. 00.26.08.9 John Vranesevich (at same time as Leslee Stein-Spencer) Oh, but I’m a good kid mom. 00.26.09.0 Leslee Stein-Spencer (at same time as John Vranesevich) I think that’s great, I love it. Mom likes that. No drugs, nothing, I think he’s great. 00.26.15.0 John Vranesevich I got a job at the local newspaper. I’m designing their websites, I’m designing websites for other people in the community, I’m making good money. 00.26.19.5 Michael Reilly He’s got great friends. 00.26.20.3 Leslee Stein-Spencer (at same time as John Vranesevich) I think it’s wonderful. 00.26.20.4 John Vranesevich (at same time as Leslee Stein-Spencer) I’m able to pay for my own car insurance, I’m able to pay for my own car insurance cause I have this great job using my computer skills. I volunteer at the library and the community center, help senior citizens get online. I’m doing great stuff. 00.26.30.3 Leslee Stein-Spencer He’s helped me invest in stuff, so I think he’s a great son. I really don’t have a clue. 00.26.33.5 Timothy Shimeall One comment about the computer geniuses. We’ve actually seen cases where people have been breaking into systems that could barely read. Not because they were so young, but because their intelligence was so limited. 00.26.44.2 Leslee Stein-Spencer Okay. 00.26.44.7 Timothy Shimeall So they’re not geniuses that are out there. What’s happening is- 00.26.47.0 Leslee Stein-Spencer But my son is. 00.26.48.0 Timothy Shimeall Could be. 00.26.48.7 Moderator Of course! 00.26.49.7 Michael Reilly Without question. 00.26.50.6 Timothy Shimeall What’s happening is that people are competing not just in what systems they build, but in what tools they create to break into systems. And this is what happened with respect to the dot com break-ins that got alluded to. That we have two groups, several groups of hackers that were competing to see who could build the worst tools. And then those tools actually got ended up being used by a third party, this sixteen year-old from Canada, to cause damage to the infrastructure. So the entry level for getting into this is getting lower and lower and lower. 00.27.25.2 Moderator Younger and younger. 00.27.25.8 Michael Robinson Are you saying then there’s no atypical profile of a hacker that we in law-enforcement should be looking at? 00.27.36.1 Timothy Shimeall Well, my group does not look at hacker profiles, they look at technical concerns of the attack, and I think there’s other panelists that are better- 00.27.45.2 Michael Vatis I think we can safely say there is no one profile. In fact, if we keep talking about hackers as teenagers we’re going to miss nine-tenths of the spectrum of much more serious threats that we have, whether it’s organized crime groups, foreign or domestic terrorist groups, foreign intelligence services that break into systems to steal classified or proprietary data, and ultimately foreign militaries who seek to use these same sorts of techniques, but in more sophisticated ways as an element of their warfare, and their strategy to attack US interests or whatever other country they seek to harm. 00.28.20.7 Moderator Alright, but for the moment we’re still in Leslee’s household and we’re not talking about foreign stuff, we’re talking about John. John, have you gotten messages from any adult figures about the responsibility that might come with this new technology? 00.28.35.4 John Vranesevich Absolutely not, it’s been great fun. The National Science Foundation, the President has pushed for my school to get online. We have a T1 line, going in- 00.28.43.0 Moderator What’s that? 00.28.43.7 John Vranesevich A high speed communications so we can all get on the Internet 50 times faster than I can at home. We have new computers in our classrooms. I have an e-mail account through my high school that I use. My high school even set up dial-up service so I can get Internet access for free from home through my high school. We had a couple classes about how to get on the Internet. Through my English department, one of my English teachers taught us how to research stuff for some research papers that we’re working on, so we learned how to surf around and get information for the papers we’re working on. 00.29.13.8 Leslee Stein-Spencer And I think it’s great, I think he’s going to get a scholarship based on all that he’s doing, so I think we’re doing great. [ III. 911 Goes Down; Preparing for More ] 00.29.18.8 Moderator Proud mom. Alright, we’re still in the air. Just in case you didn’t think you that you were still up there, Bill, you’re still in the air. And, in fact, we’ve got cloudy weather, a rainstorm is coming, but there’s more. There’s a plane, another plane that’s in the air, and it actually is attempting to land, but it has a sick passenger on board. Now, it has contacted Metropolis Airport to at least alert them that there’s this problem. And Metropolis Airport gets on the phone, dials 911, and it discovers that Metropolis’ 911 system is down. Alright, so this is beginning to seem a little more deliberate, a little more involved. Now, as I mentioned, Bill and Jerry are still on the plane, and in fact your airplane is going to be diverted to Gotham Airport. But in the meantime you want to get on a conference call and talk to the heads of your Metropolis agencies, talking to police, fire, and EMS so that you have a sense of what’s going on and what the next moves are going to be. Well, let me tell you a little bit about what’s going on, alright? You now know that Metropolis’ 911 is down. You know that Metropolis’ air traffic control system is down. What you don’t know is that local traffic helicopters have been out surveying the area, and they’re actually reporting that there have been a number of serious accidents in Metropolis. It’s probably people that are driving onto the airport and realizing that there are problems at the airport, they’re turning around and getting into accidents. But we’ve got a lot of serious problems going on, and you’re beginning to think that this might be deliberate, Bill. I want you to have a conversation with the heads of your departments about what our next moves are going to be. What are we going to do now? Bill, why don’t you get on the phone with them. 00.30.59.7 Mayor Bill Campbell Well first, as soon as we land I’m going to fire Jerry because we shouldn’t have been on the same plane together. 00.31.05.4 Jerry Hauer Thanks boss. 00.31.09.2 Mayor Bill Campbell But I’ll keep that private thought before we do anything. What I need to know from the air is first, even before I call them, I’ve got to ask the pilot if we can be diverted and land as quickly as possible because if my emergency management guy and I are both in the air at the same time when there clearly is more than just an accidental computer breakdown, we need to be on the ground as quickly as possible. 00.31.35.2 Moderator We’re going to Gotham. 00.31.36.7 Mayor Bill Campbell We’re going to Gotham, which allows us a lot better communication flow than being up in the air. 00.31.40.7 Moderator Absolutely. 00.31.41.7 Mayor Bill Campbell The communication system from the airplane is horrible, you can barely hear. I don’t know whether or not the communication is going to be intercepted. So what I’ve got to do is I’ve really got to rely on the people that are on the ground. The one thing that I need to know first is: have we already activated all of our systems? Tell me the extent of the problem, and tell me what we’re doing right away. I’m placing you in control first, chief. I need to know you’re the person in charge because my emergency management guy and I are here. You’re the person that’s in charge of all the systems that are going to get things done. Tell me where we are and what we need to do. 00.32.13.8 Sheriff Patrick Sullivan, Jr. Well we started off augmenting the airport for traffic and crowd control- 00.32.17.5 Mayor Bill Campbell How bad is it? 00.32.18.5 Sheriff Patrick Sullivan, Jr. Well we’ve lost a lot of the traffic signals, so the master computer controlling a lot of the traffic signals has also gone out. 00.32.25.0 Mayor Bill Campbell So obviously the FAA has already been alerted. Has the FBI been called? Where are we with that? 00.32.29.4 Sheriff Patrick Sullivan, Jr. We’re going back to the EOC where we do have FBI representation and we’re talking to the FBI through the EOC. 00.32.26.2 Jerry Hauer Now if the airport is shut down at this point in time and flights are not getting in and out, is there any purpose to just completely diverting traffic so that you can avoid these delays, just basically freezing it so that you can get some of the people out, and not allowing any incoming people into the airport. 00.32.57.0 Sheriff Patrick Sullivan, Jr. Access to the airport has been closed off while we try to dump the drives that are already clogged up. 00.33.01.3 Mayor Bill Campbell I’m concerned, our entire 911 system is down, is that correct? 00.33.05.1 Sheriff Patrick Sullivan 911 is down, traffic lights are down. 00.33.07.0 Michael Reilly I might also add that even though 911 is down, the redundant systems, the immediate, we’re going to work with the immediate, the non emergency number, which is a hard-line number, still can get in. So we’re educating the people that if they need 911 or have an emergency they can dial the non-emergency number and still get the same response. 00.33.23.1 09:57:51:28 Mayor Bill Campbell What’s the first thing that we’ve done? Have we cancelled all leave? Do we have all officers, both police, fire, and emergency medical personnel, on standby? 00.33.30.0 Sheriff Patrick Sullivan, Jr. We’re already on twelve-hour shifts as we were moving into the Super Bowl, so we’re very well staffed, and we’re moving people around right now to unravel some of the traffic right now and that’s our major focus. Through the EOC detective divisions working with the FBI to try to analyze what all’s been happening from a criminal standpoint 00.33.49.5 Mayor Bill Campbell Alright, look. I’m relying on you to make certain that all the systems are working. The second-most important thing is what’s happening with the public and the media. Widespread panic is the worst thing that can happen. Our air traffic control system is down, the 911 system is down, we’ve got millions of visitors that are in, and so they don’t have any real sense about how well prepared we are for it. Who’s handling the media and what is the sense of panic in the air right now? 00.34.15.3 Sheriff Patrick Sullivan, Jr. Statements are being prepared at the EOC that’ll represent you- 00.34.18.6 Mayor Bill Campbell Is there press conferences being planned? What are the media inquiries we have? 00.34.22.5 Sheriff Patrick Sullivan, Jr. Yes. They’re in the planning stages right now as we’re trying to get a handle on what all our outages are, and what the contingencies will be. 00.34.28.2 Jerry Hauer Do we have, at this point, additional police cars and fire trucks on the street? If 911 is down and people cannot dial in, the easiest access to emergency service is going to be visibility. We need to put fire trucks on the street with their lights on, police cars onto the street doing roving patrols, so if there are incidents people are able to access emergency services. 00.34.51.0 Michael Reilly In addition to that, when the disaster operation plan went into effect, a police car was sent to every fire station in Metropolis so that we have both agencies well represented. The fire department’s already done mandatory recall; we’re placing all our reserve equipment back into service. We’re pretty prepped-up as far as staffing. 00.35.08.3 Leslee Stein-Spencer Plus our ambulances, they have now communicated with the hospitals to let them know that, with their radios, that they are in alert standby. That they should be prepared, they might have increased patients. Plus we’ve given them loud speakers so they go around the neighborhoods announcing that they are in emergency, you cannot call 911, if there is an incident or they have an emergency come out in the street and wave someone down. 00.35.29.5 Mayor Bill Campbell Well, the truth is that’s going to be very difficult for a city as large as Metropolis to use bullhorns. But here’s what I want: I want you, Chief [speaking to Sheriff Patrick Sullivan, Jr.], to call the governor, and alert the governor that we may need to call the National Guard out, so ask him to put the National Guard on readiness, because I think, if we move to another stage here, we may need additional emergency personnel. 00.35.52.1 Sheriff Patrick Sullivan, Jr. A call will be made through the EOC to the governor. 00.35.55.2 Michael Robinson Actually, actually mayor, because the EOC is operational, there is involvement of the state emergency management system, so we’re in constant contact and as state police director, I’ve offered resources, police resources to augment your city police department, and are in fact keeping the governor’s office advised as to these circumstances as we go along, in case you decide to make that declaration and ask that state declaration of emergency. 00.36.28.4 Mayor Bill Campbell I can barely hear you, I’m on the plane, last point: because Jerry and I are up in the air, Chief, you’re the person, the only person, I want that’s speaking to the media. I don’t want anybody else except you as a direct contact for the media, a direct contact disseminating information. The last thing we need is widespread panic. You’ve done this before in other emergencies, I want you to steel yourself, I want you to get all the information, I don’t want you to lie, but I don’t want you to panic the public either. So just get ready, go do a press conference, tell the public that we’ve got some problems, try to reassure them, and Jerry and I will be down as quickly as we can. [ IV. New Systems, New Vulnerabilities; Old Timers to the Rescue ] [ Are New Systems More Vulnerable? ] 00.37.05.0 Moderator Alright, let me freeze the frame just for a minute and actually have us step back in time just a couple of months ago, when in fact we installed a new air traffic control system that was state of the art-it took advantage of high speed interconnectivity-we thought that this was something that was going to be important to have in our air traffic control systems. We did the same thing with 911. Now, what we were hoping with the air traffic control system is, when we installed it, that it would be much better than the previous system. It was going to be able to handle greater volume than the previous system, it was going to be able to handle it at greater speeds, and so we thought that this was something quite wonderful. But Scott I want to talk to you about the possibility that maybe this new system that we brought in actually increased our vulnerability in some way, because in fact the new system takes advantage of connections to the Internet. 00.37.59.2 Scott Larson Well, the new system also, most likely, is what we call “off the shelf” software which is much more ubiquitous, and the hackers now can hack a system, whether it’s at a high school or at an air traffic control system, and it’s usually the same operating system or the same type of hardware and software. Where in the earlier days it was quite often a independent, individual system which only would be known to the manufacturers and take a lot of work. So in connecting to the Internet, and using software and hardware that’s readily available and known, and advertised with the exploits on the Internet, quickly someone can start trying to map out the network and trying to exploit the system. Basically going along the hallway and rattling the doorknobs seeing what’s unlocked. 00.38.47.2 Moderator Okay Tim, I thought that when we brought in this new system that in fact we were increasing our security rather than decreasing our security. Is there a problem there? 00.38.55.1 Timothy Shimeall What you’ve done is you’ve changed the system by hooking into the Internet, so a lot of the prior assumptions you had about how the computers need to be protected are wrong because we’ve got a new wide gateway into our network. The older systems that are around potentially were not locked down because the view was, hey we’re not in any public network, there’s only a very narrow entrance via a secure dial-in line. Now that’s been changed since there’s this Internet gateway, and if the new system in fact has a vulnerability, and it only takes one, then the intruders could get into the other systems that are online. 00.39.32.1 Michael Vatis And another consideration is not just what system did you install and to what is it connected, but whom did you use to install it? Because one of the biggest sets of problems that we deal with in this area comes from insiders. So not just what employees have access to the system, but what contractors did you use to design the system and to install it? ‘Cause that’s often the place where you’ll find the weak link. 00.39.53.8 Moderator Well, Mike Arlington, what we did was we actually changed the 911 system too and again we thought this was going to be more secure, but it looks like it’s increased our vulnerability. Do you think we’re having the same problems, or does the new system at 911 present the same sort of problems that it appears the air traffic control system does? 00.40.13.1 Mike Arlington It’s a little different situation in the sense that we would have to know, first of all, are all the other phones working, is it just 911. If it is just 911 that is down, then that gives us a starting place. Our first, our first mission here is to get 911 up and running. So we would do everything we could to go around the existing setup so that we could get 911 working again. And that can be done relatively easily and quickly. And I assume that we’d been contacted by law enforcement and we would know all of this. 00.40.51.0 Moderator Okay but when we have a new system do you think about new vulnerabilities that we’ve been talking about? The possibility that we’re now opening up different kinds of gateways than we did before? 00.40.59.0 Mayor Bill Campbell Yeah because we paid an enormous amount of money being assured that putting this new 911 system in was going to give us more security, be better at making certain that we were thwarting these kind of attacks, and now you’re telling us our system’s down already, we’ve only had it installed for six months. What’s going on here? 00.41.17.9 Moderator The mayor’s not happy. 00.41.19.3 Timothy Shimeall Well there’s a big difference- 00.41.20.5 Mayor Bill Campbell I may be in the air, but as soon as I get down, heads are going to roll, I tell you. 00.41.24.0 Timothy Shimeall Well there’s a big difference. The defenders have to find all of the problems. The attackers only have to find one. 00.41.29.9 Moderator Explain that to me, I’m not sure I understand that. 00.41.32.5 Timothy Shimeall I mean all the intruders need to do is find one hole that let’s them into the system, and they’re in. And they may be able to then proceed to upgrade their privileges, to gain more, more and more control over the system, to change information that’s there. 00.41.47.0 Mayor Bill Campbell You know, I don’t want to hear all this psychobabble, here’s what I want to know: we paid a lot of money for a system that’s supposed to be secure, that’s the mainstay for people accessing emergency systems. You’re telling me now that you’re not able to reassure me that, in essence, the system can easily be opened up by any hacker? That’s not what we paid for and I’m telling you, this seems to absolutely go against the grain of everything that we were told in the people that sold us the system in the first place. 00.42.15.8 Timothy Shimeall What was secure six months ago is not secure now because, number one- 00.42.19.5 Mayor Bill Campbell Weren’t we buying for the future? 00.42.22.0 Timothy Shimeall Well, number one, there’ve been software upgrades in the last six months. The system got changed. Some of those software upgrades may have had unintended consequences that open up a pathway into the system. Number two, the intruder community is constantly researching ways to poke at these systems, and break into them. They find new methods to get in that didn’t exist six months ago. Number three, the systems you’re tying into, for example, the fire department systems that the 911 system interacts with, and that the air traffic control system interacts with, may also have gotten upgraded and changed- 00.42.58.7 Mayor Bill Campbell I never liked the fire chief anyway. He bought a system from his old- 00.43.02.3 Michael Reilly We’re going to bring that up now? 00.43.03.0 Mayor Bill Campbell He bought a system from his buddy who had a connection with some guy who was getting a deal. I knew it wasn’t the right thing to do right then. 00.43.10.5 Moderator Mike did you take into- 00.43.11.0 Michael Reilly You’re taking the assumption that this is an outsider. How about it could be an insider? Maybe it’s not an outside thing, maybe it’s someone inside that’s trying to do it, because of the way you treated him in that raise you didn’t give him. 00.43.22.2 10:07:51:26 Moderator Uh oh, uh oh. Well Mike [Reilly] tell me, when you’re thinking about upgrading your system are you thinking about these kinds of vulnerabilities when you purchase new equipment from your best friend on the computers? 00.43.32.1 Michael Reilly For emergency services, we absolutely do. Obviously our services are designed to maintain emergency services within our jurisdiction, and we want to make sure that we’re there to provide a service to the public. That’s what they pay for, that’s what they entrust us for. So when we put these systems together we do try and make them as tangible for us and untangible for others that aren’t authorized to use the system. 00.43.53.5 Jerry Hauer The biggest problem that you run into with a lot of the emergency service systems in the country is a lot of them are cookie-cutter. A lot of the dispatch systems that are used by fire, EMS, and police departments are sold from one city to the next, and they’re customized to a degree for each jurisdiction, but they’ve got the same gateways of entry. There’s a few companies that sell these kinds of systems, and they tend to go from city to city, and the smaller the city, the less customization there is. The bigger the city, the bigger the needs. But, particularly in smaller types of environments where there’s not a lot of money available to customize it, they tend to be pretty standardized from one to the next, and if you go into one dispatch center you’ll see a system with the same icons, the same screen, similar to another one. 00.44.50.5 Moderator And does standardization somehow affect the vulnerability of the system, do you think, John? 00.44.55.0 John Vranesevich Well, it can. It certainly can lead to widespread problems because if it turns out to be something in one of these systems that was installed that means that there could very well be other cities that are vulnerable to the same problems whether this be a teenager, or terrorist group, or what have you behind this, be rest assured that they would be actively seeking those other systems. 00.45.14.6 Moderator Tim I want you to- 00.45.15.0 Michael Robinson -because if the life of the systems, commercial off-the-shelf products are something that not just small agencies but large agencies are engaged in purchasing because we cannot, we don’t have the resources within government to maintain those systems, nor to upgrade them, nor to do the R&D and development in-house, as we used to do years ago when we had those systems that were proprietary in nature. So there’s that huge move toward off-the-shelf products. 00.45.42.0 Jerry Hauer But the fire chief’s going to be the one that goes in to tell Bill that he bought something of the shelf that wasn’t that customized that has six or seven gateways of entry for all these hackers. 00.45.50.5 Michael Reilly And my brother-in-law assured me. 00.45.53.2 Michael Reilly (at same time as Mayor Bill Campbell) He said it was the best system out there. 00.45.53.2 Mayor Bill Campbell (at same time as Michael Reilly) And that’s the way it works. 00.45.56.2 Moderator Tim advise the mayor and his administration what they should be doing and thinking about when they’re upgrading their systems. 00.46.02.4 Tim Shimeall Well number one- 00.46.03.5 Moderator And, and by the way, he’s still on that plane. 00.46.06.0 Timothy Shimeall Oh yeah. We hope you’re down soon, mayor. I’m sure the Gotham’s still up, really. Part of the things that you need to be looking at is, number one, what holes have been found recently in these systems? Your systems people need to be aware of the constant evolution of the problems. And this is a difficulty because you’re really paying your systems people to do something else. You’re paying your systems people to add new users, to install new functionality, to bring new services online, particularly with the Super Bowl here, they’re going to need to coordinate in with a large number of other agencies they don’t normally coordinate with. And so the systems techs are busy doing that, not watching, “oh, there’s been a recent hole found here, with this service.” Or “there’ve been recent attacks related to these kinds of ports, these kinds of connections, between machines.” 00.46.57.4 Mayor Bill Campbell But I thought what we were doing in doing the upgrades in our technology was making our city a smart city, that we were using as an example for everywhere else in the country to follow. Now you’re telling me that, in essence, we’ve increased our vulnerability? 00.47.10.9 Timothy Shimeall Well, it’s possible to lock down each system individually, and yet not have the collection be secure, because the individual systems, each vendor of which is assuring you, “yes, we’re secure,” make different assumptions about what security means. How much of your people really looked at the system as a whole, and the ways of attacking the system as a whole? Where are the critical nodes? Specifically with this kind of a scenario. Hey, we’ve got some problems with the telephone switching systems that are used in multiple ways: to tie air traffic control centers together, to tie 911 together, there may even be cases where telephone land lines, particularly in a large area like Metropolis, may be connecting with traffic light, or traffic light controllers, via telephone infrastructure. Telephones are everywhere. 00.47.57.5 Mayor Bill Campbell Look, I’ve already talked to the chief, we’re not having the problems yet with the traffic lights. What I guess I need to know is, how sophisticated an attack is this that would bring down both the 911 system and the air traffic control system. We’ve never really had such a similar occurrence anywhere where both systems have gone down at the same time, anywhere else that I’m aware of. So what are we dealing with here? 00.48.18.7 Timothy Shimeall We’re start looking at the common nodes. That is, where do these systems touch? What do they rely on that are in fact the same? Are both these systems built on top of Windows NT? Or on top of UNIX versions? [ Are There Backup Systems? ] 00.48.31.2 Moderator And that might give us a clue as to where we should go. Alright well let’s talk a little bit about how the discussion turns to the possibility of falling back on some old systems. After all, we’ve got an emergency system, or a situation, going on here. What might happen? How might we be able to handle this emergency situation, Jerry, if our technology is down? 00.48.51.7 Jerry Hauer Well, for any one of the primary systems, both for fire, police, and EMS, all of the dispatch centers should have alternate ways of handling the calls. And that could be going back to card systems, back to some kind of manual process where you actually pull the alarm box out, look at the response, do it by radio, or where you actually move patient calls by card systems or paper. 00.49.24.5 Mayor Bill Campbell Let me ask you something, Jerry: is our inter-agency communication affected, is our radio system affected by this 911 shutdown, which obviously makes the situation more difficult? 00.49.36.0 Jerry Hauer No, the radio systems should not be impacted because we’ve got microwave backup links that are secure, that don’t rely, one of the concerns in developing all of these communication systems is you’re always at the mercy of the phone company, for instance. And if they don’t get into us they could backdoor it by getting in through the phone company. So when we developed this system we put some microwave backups in that are not reliant on any one provider. We’ve got multiple backups. So our radio system will remain in place, as well as the fact that, if all else fails, we can go to point to point on the radio system. So we’ve got multiple redundancies on the radio. The issue is, once people do get in, if they can call in on the non-emergency number, how are we going to manage the dispatch of those calls, or-? 00.50.32.0 Moderator And that’s my question. Are people trained to do that? Are they trained to do these anymore? I mean there used- 00.50.36.0 Mayor Bill Campbell Almost like the old switchboard system. 00.50.37.5 Moderator Right! There used to be the system where people did this all the time. The air traffic controllers would look at the radar and extrapolate that information. They hardly ever have to do that now. So are they trained to do it? 00.50.47.0 Jerry Hauer Well, it really depends on the location. Fortunately, we’ve been very proactive in our city and we do, on a regular basis in our dispatch centers, have backup drills where we go to alternative means because we do recognize that you could wind up with a backhoe hitting one of the fiber-optic cables, something that’s not intentional, but something we have lived through, where we had a backhoe hit a fiber-optic cable and knock out the 911 system for a good part of the city. So we have had experience with it, we have practiced on a regular basis not having primary systems in place and having to rely on backup systems, having to go to cards and paper- 00.51.30.3 Moderator Are you doing those practices at the fire department? 00.51.32.0 Michael Reilly Not only do we-yeah absolutely. And the system that he’s talking about, being redundant, is besides the computer-aided dispatch system, and the mobile radio system, we also have direct-line communication, which is hardwired from the communications center to every one of the fire stations, which is not affected by the computers. Plus we have the regular hardline telephone, which is the non-emergency numbers in there. And our dispatchers do it all the time, practice. In fact, we do it when we’re not practicing. We take the system down for maintenance, or for repairs, or if we’re going to change an algorithm, we have to take the system offline, and when they do that, they have to rely on that redundant system that’s already in place. 00.52.07.4 Leslee Stein-Spencer Plus our hospitals and our emergency vehicles, they still, their lines will not be affected, and they routinely test and train to make sure their communications with the hospitals and medical direction will not be affected, so that they’re on board. 00.52.19.8 Michael Robinson There’s a tremendous amount of understanding now on the part of FEMA and emergency management coordinators at the state and local level, that they need to exercise their systems, and they need to conduct exercises now that deal with these sorts of possibilities. No longer are we just exercising and doing tabletop exercises assuming that there’s a tornado or there’s a flood. We have to look at those infrastructure difficulties and problems that may occur. So we are in fact in a position, when one of these sorts of incidents happens, to respond to it much the same way we would in any other- 00.53.02.2 Mayor Bill Campbell But the most remarkable thing is, at a time when we are more vulnerable than ever, as a nation, both in our local infrastructures and the state systems, we probably are spending less money for the ultimate preparation and readiness than we ever have before. It was very easy fire drills, or nuclear bomb exercises, because the public could actually, they can see it. They can see the movies. But what you have now is this notion of cyberterrorism which is affecting maybe more than ever before, at a time when the public wants to pay even less for emergency management preparation, which really is fairly extensive because this is an area that’s, from the ground up, look you got her son over here that’s hacking into the 911 system. She has no idea; she thinks he’s a great kid. And that’s happening over and over and over again-- 00.53.57.4 Moderator She still thinks it. 00.53.58.4 Mayor Bill Campbell and we-yeah, until the police show up at the front door. But that’s the point. The point is that none of us are really able to see it because it’s a ground up movement and we are still here looking for terrorists that have foreign-sounding names and look different from us and have some ideological difference, but that’s not the way that it may ultimately happen, and we’re not prepared for it. 00.54.20.9 Moderator Alright, well Bill you’ve got some other problems on the plane. 00.54.23.8 Mayor Bill Campbell I’m still in the air. 00.54.25.0 Moderator You’re still in the air 00.54.33.9 Mayor Bill Campbell And they’ve got no pretzels left on the plane! [ V. From Local to National ] [ Coincidence or Cyberterrorism? ] 00.54.33.0 Moderator Not a single one, and, in fact, it’s getting pretty scary up there. Now you’ve been diverted to Gotham but something happens. All of a sudden the plane takes a sudden terrifying turn, a steep turn, and it moves, and you’re just going crazy, you don’t know what’s going on. Things are flying in the airplane; anything that’s not buckled down is flying around the place. People are screaming. There is terror in that plane. Now what happened was the plane had to make a sudden turn to avoid a head-on collision with another plane. Fortunately, it managed to level out and everything was, there was no problem. But what happened was the regional air traffic control system, which was handling the directions for both planes, actually put them on a collision course. Now, your pilot, as well as the other plane’s pilot, get on the phone, get on the radio actually, and they talk to the airport traffic control people, and they actually say, ever so calmly, “you almost killed us!” But what happens is the controllers actually say, “that can’t be, we’re looking at our screens right now and your planes were at a safe distance from each other at the time that we were giving you those directions.” Tim, could something like that happen? 00.55.42.1 Timothy Shimeall The only thing that could happen - what you’re saying is that the radar system is reading different than the true situation. 00.55.48.0 Moderator That’s exactly right. 00.55.49.0 Timothy Shimeall So something’s changing the radar information. 00.55.51.7 Moderator And could that happen? 00.55.52.6 Timothy Shimeall It could happen for a variety of different reasons. 00.55.55.5 Moderator Talk to me. 00.55.56.4 Timothy Shimeall There could be an error in the radar interpretation code. 00.56.01.2 Moderator What does that mean? 00.56.03.0 Timothy Shimeall Meaning that the sequence of instructions that the computer is following to follow, to read the radar codes, could have a naturally occurring error, although that’s very rare. 00.56.13.1 Moderator Alright, if it’s not naturally occurring then what might it be? 00.56.16.0 Timothy Shimeall Then someone may have decided to play games with the radar, someone malicious. Here you’re not talking about a high school kid or a former high school kid that’s worrying about what fun they can have. Here you’re talking about more serious problems that have deliberate intent. It’s not likely that something like this would happen by accident, at all. We’re moving from, “gee, let’s have fun,” to “let’s kill someone.” 00.56.38.7 Moderator Alright. Well we-- 00.56.39.5 Timothy Shimeall (pointing to Michael Vatis) At which point he gets involved. 00.56.40.9 Jerry Hauer You have to assume at this point in time-when a system like the air traffic control system goes down the first thing you think of is not cyberterrorism. It happens all the time in this country. It happens on a regular basis where you have glitches. It happened at Heathrow over the weekend. It’s something we see on a regular basis. But we now have to put various pieces together. We’ve got the air traffic control system is down, the 911 system is down, and it’s all coupled to one of the busiest weekends in the city’s repertoire. This is Super Bowl weekend. You now have two airplanes that have been put on a collision course, so it’s not rocket science at this point to start putting pieces together and start thinking that if somebody has put two planes on a collision course-the mayor’s sitting up there saying, “boy, I hope the FBI gets this thing resolved quickly” because something, this is not accidental at this point. 00.57.42.0 Moderator And there’re two different cities involved. Remember, this is happening at Gotham Airport. Alright we managed to avoid a collision, as we know, but of course there were some serious injuries that took place in the planes because not everybody was buckled in. And, as a result of what’s happened on the plane, the pilots dial into Gotham Airport and ask them to contact emergency services to make sure that they can have those passengers taken care of when we land. And, in fact, when Gotham tries to dial 911, lo and behold, its 911 system is down. Alright, so we’re now beginning to see that this is happening in a number of cities. This is happening and it’s at least the sense that there’s the beginning of something quite big that’s going on, right? When you put the pieces together? 00.58.26.6 Jerry Hauer You’ve got to assume that at this point in time. I would hope, though, that both Metropolis and Gotham have some kind of ring-down circuit from the airport tower to the emergency services. It’s not dependent on the 911 system. So that if the primary system goes down, they can at least get emergency equipment. The question is whether or not we’ll be able to land. 00.58.48.7 Moderator Well, in fact Mayor, you’re going to be happy to hear this, you land! Alright, you’re on the ground. But you haven’t gotten off the plane yet because, in fact, you and Jerry were not injured seriously, you had some minor injuries, but some of your fellow passengers- 00.59.00.5 Jerry Hauer Other than the beating that I got from him on the plane, for being- 00.59.03.4 Moderator That’s coming, that’s coming. But you’re actually helping out with some of the passengers who were more seriously injured, and at the time that you’re helping them out the two of you are having a conversation. Not about your future, but about what are the next steps, what are we going to do now? Have that conversation. 00.59.20.3 Jerry Hauer Well, first of all, we’ve got to get the mayor, we’ve got to get you back to the city as quickly as possible. I’ve already called them; we’ve got a helicopter picking us up to get us back- 00.59.30.3 Mayer Bill Campbell Well, I’ve got to ask you something. Given the state of the air traffic system, is a helicopter the best means of getting us there? 00.59.37.1 Jerry Hauer Yeah. I’ve already talked to the pilots; they say we can do it on visual flight rules. We don’t need the air traffic control system. We can get you back, and before we get on the helicopter we’ve got a spot arranged at the airport where you can talk to the chief so you can get an update before you get back there. Make sure you’re comfortable with everything that’s going on. Get a briefing. And if there’s anything while we’re in the air we’ll be able to talk to them as well. 01.00.04.0 Mayor Bill Campbell Given that it’s now two cities, two 911 systems, clearly it’s more than accidental. This is an act of terrorism. Have we both alerted the federal authorities, who I assume are already there, but what we need to know is whether the President has been alerted at this point, because this is beyond our capability to handle. The air traffic control system, our 911 system is one thing, but in other cities it means that this is an act of national terrorism and we need to pass this onto the federal authorities. 01.00.34.0 Jerry Hauer Yeah, I talked to the chief right after we landed, and he told me one: that the FBI is in the Emergency Operations Center and they are looking at what’s going on. They have talked to FBI headquarters and the SCIOC has been activated now- 01.00.50.0 Mayor Bill Campbell What is that? You keep using these acronyms- 01.00.51.0 Jerry Hauer Well the FBI- 01.00.52.0 Mayor Bill Campbell (at same time as Jerry Hauer) I’m not in a good mood, Jerry. 01.00.52.0 Jerry Hauer (at same time as Mayor Bill Campbell) Well, SCIOC is the FBI’s Emergency Operations Center. They’re activated and they’re looking at what’s going on. They’re monitoring other air traffic control systems around the country as well to see if there’s anything else going on. And they have been briefing both the attorney general and the White House on what’s going on. [ Dealing With the Media ] 01.01.12.0 Moderator Alright, mayor you get off the plane finally, and what do you think is waiting for you? Cameras! Lights! Microphones in your face. And in fact we’ve got ace investigative reporter Wayne Madsen waiting there to ask you the first question. Now Wayne is the major newspaper reporter, he has column that’s in the big- 01.01.32.0 Wayne Madsen The Metropolis Journal of Constitution I believe it is. 01.01.33.0 Moderator Actually you’re in the Gotham, in the Gotham Constitutional Journal. And, in fact, it’s the city’s biggest newspaper. And you also appear on the local news as a regular commentator, so you’re big. Now let me tell you a little bit about what you know at this point. You know that Metropolis’ air traffic control system is down, and their 911. You know Gotham’s air traffic and 911 systems are down. And you have just learned that there is a third city that has lost its air traffic and 911. Ask the mayor your first question. 01.02.04.0 Wayne Madsen Mister Mayor, is this an act of international terrorism, or what’s going on here sir? 01.02.09.0 Mayor Bill Campbell We don’t know exactly what’s happening. Here’s what we do know: we know that there has been a malfunction of the air traffic control system in at least two cities. The 911 system in at least two cities are not operational. What we need to do is, number one, to ask the public to stay in their homes, because we don’t know the extent of the problem here. Number two, as soon as we get more information we will alert the public. Number three, we have done everything possible in the past to prepare for these type of eventualities, so at least the public should be reassured that we’ve taken all the necessary steps. With that being said, it’s a problem for all of us, and the best way to resolve this is by not panicking. 01.02.51.0 Wayne Madsen Mister Mayor, there’s some discussion whether the Super Bowl should be postponed. Any thought about doing that? 01.02.58.0 Mayor Bill Campbell The Super Bowl is the least of our worries. Our real concern here is getting our air traffic control system up, getting our 911 systems back up. But I’ve been assured by all the emergency management personnel that all the various intersections are covered. We’re doing everything; we have the capability of responding to emergency medical eventualities. So we are prepared. But it still requires us to get the public to stay indoors, not panic, make certain that we’re getting as much information out to them as soon as we have it. 01.03.27.0 Wayne Madsen Mister Mayor, if this is a case of international terrorism- 01.03.29.0 Mayor Bill Campbell One more question, I got to get back to Metropolis. 01.03.31.0 Wayne Madsen Are there any suspects, do you think it’s Middle East based? Because we’ve received calls from North Metropolis. Four owners of Lebanese restaurants have been visited by federal agents, asking them about what they’ve been doing. Is this Middle East based, or what’s going on? Do we have any information? 01.03.50.0 Mayor Bill Campbell We do not know at this point exactly what’s happened or who’s responsible. Rather than jumping to conclusions I would remind all of us about the Oklahoma City Bombing, when the nation jumped to conclusions. We were terribly wrong. What I would urge us to do right now is to simply wait, those that can help, to do so, but also to not panic and not rush to any conclusions. 01.04.13.0 Moderator Mister Mayor, Kim Taylor Thompson from CNN. Are we under enemy attack? 01.04.17.0 Mayor Bill Campbell Well, we don’t know exactly what’s occurred. What we do know is that our 911 systems are down, our air traffic control system is having great difficulties, but we have redundant systems that will allow us to be able to respond to any emergencies. 01.04.31.0 Moderator Are we prepared for this kind of attack? 01.04.34.0 Mayor Bill Campbell We actually have prepared for these kind of attacks, but I will tell you that this is far-reaching. It’s very difficult for us. That the public should be reassured that we’ve done everything possible in the past to be ready for this sort of a situation. 01.04.46.0 Moderator Wayne, the mayor sounds quite calm about this. Tell me what the media is doing with all of this information. 01.04.51.0 Wayne Madsen Well, one of the things, Metropolis has quite a few call-in radio talk shows, so there’s an awful lot of speculation out there, on the airwaves, about possible foreign terrorists behind this. And my job as the most responsible journalist in Gotham is to make sure that only the information that’s correct is getting out to the public and trying to filter all the other, all the other- 01.05.20.0 Moderator (at same time as Jerry Hauer) I’ve got some videotape for you. 01.05.20.0 Jerry Hauer (at same time as moderator) You’re, you’re, you’re on a newspaper, and so if you’re on the newspaper, you’re information’s not going to get out till the next morning. And the question is, how do we get the best information out as quickly as possible through the- 01.05.32.0 Michael Reilly Through Kim from CNN- 01.05.34.0 Jerry Hauer Well, CNN’s one. The mayor’s going to be doing the press conference as soon as he gets on the ground, and back at home, and gets briefed by all the agency heads. But it’s important to get the information out as quickly as possible. Accurate information through those media outlets that get it out as quickly- 01.05.51.0 Mayor Bill Campbell At this point, at this point, given the extent of the emergency, every TV station, every radio station is broadcasting live, so there’s no one clear source. We’re going to be able to talk directly to the public, to all the public, everyone would know at this point, given the extent of the emergency, and it is truth that is the most important commodity that we have. Making certain the public knows exactly what the situation is. Giving them all the information. But also alerting them to the extent of the emergency that we have. 01.06.23.0 Moderator Okay- 01.06.24.0 Jerry Hauer One thing that’s very important at this point is that we coordinate with the state and federal agencies on the information that they’re going to be releasing so that we have a common theme in what we’re saying, so that what’s coming out of Washington is not contradicting what’s coming out of Metropolis, because any conflicting stories at this point are going to impact the credibility of what’s coming out and heighten the level of anxiety. So it’s very important that the mayor and the governor be talking, that the mayor and the governor and the president are talking, so that we have a common understanding of what’s going on, so that the FBI is briefing us with as much information as possible, and so that we give the public the best information possible at this point in time. 01.07.11.0 Michael Robinson What I heard the mayor doing was absolutely appropriate, and that is what a good emergency management system does and what the head of any city should do in any sort of disaster, and that is to reassure the public, to explain to them what steps they are taking to deal with the consequence as a result of this particular incident. Again, dealing with the crisis, and the investigation, and the cause of that, is a whole different set of questions and a whole different approach that needs to be taken. And emergency management systems, well exercised, are very capable of dealing with the media, as Jerry said, to get the right information out, to get accurate information out, to avoid the speculation on the cause. 01.07.58.0 Moderator (at same time as Michael Reilly) Okay, so it’s clear, go ahead- 01.07.58.0 Michael Reilly And also what we do is we do contingency plans for worst-case scenarios as well. So while he says, “no, we’re absolutely not looking at anything to do with the football game,” his emergency managers are looking at that. What are the contingency plans if this is just the tip of the iceberg and things do go from, you know, bad to even worse? We have contingency plans that are working on, what are the results if we do cancel the Super Bowl? What are the infrastructure issues that continue to go down? How are we going to respond to those issues? He has the answer! (Pointing to Mayor Bill Campbell, at same time as Mayor Bill Campbell speaks) 01.08.28.0 Moderator (at same time as Mayor Bill Campbell) Okay- 01.08.28.0 Mayor Bill Campbell Well remember, remember, Metropolis, we hosted the Olympic Games, so we had- 01.08.32.0 Moderator We never had- 01.08.33.0 Mayor Bill Campbell Remember when we did that and we had the bombing in Metropolis during the Olympic Games and we faced that very question. Whether or not we proceeded with the games, exactly what we did because there was actually a great vulnerability. An explosion had happened in a large part where hundreds of thousands of people were enjoying the festivities. It was the third day of the Olympic Games and that very issue was faced. But I will tell you that the only real consideration is whether or not the continuation of the game in any way is affected by the emergency that’s taking place. [ Responding to Crisis: National View ] 01.09.12.0 Moderator Alright. We clearly have a national crisis here. We have a national problem here. Tell me what the FBI is doing at this point, Scott. 01.09.20.0 Scott Larson Well the FBI is already integrated in with the Operation Center. And let’s not understate, for an event like the Super Bowl, all the resources that have planned and trained and have already, through years of working together on prior Olympics and whatnot, already have that - everybody knows each other, it’s a really integrated approach. We also have our Operations Center, like --at FBI headquarters stood up, and really all the field offices are ready to respond, not just in Metropolis but in Gotham, and whatnot. Obviously concentrating at, in Metropolis. 01.09.50.0 Moderator Okay and Mike Vatis, what are you up to at this point? What’s your office up to? 01.09.54.0 Michael Vatis We’d be doing several things in terms of crisis management, as Mike Robinson talked about. Scott’s our supervisor in Metropolis. He would be in the Emergency Operations Center and his computer investigative experts would be trying to determine the cause of the, of the 911 and the air traffic control going down. We’d have our squads in Gotham and in other cities where similar effects are happening, doing the same thing. They would be getting that information back to us. At the same time we would be talking to our intelligence agency, our national intelligence agency counterparts, to determine if they have any intelligence information from abroad indicating what the sources of this might be. We would also be polling all of our internal sources, domestic sources, within the FBI, state, local law enforcement and elsewhere to determine whether there’s any investigative information indicating that a domestic person or group is behind this. And we’d be taking all that information, analyzing it, and doing two things: one, is try to determine who might be behind this so we can begin to try to get to that person or group and put an end to it; number two, we’d be taking information about what we’ve determined to be the cause, or at least the vulnerabilities that seem to have been exploited here, and then fashioning warnings and getting those warnings out to every other city and every other critical infrastructure that might be attacked in the same way because our national concern is not solely about the effects and the consequences in Metropolis and Gotham, but about the possibility that this could happen in every other major city in the US and we could see a real national impact. So we need to try to prevent that from happening by getting information out to all the state, local, and federal agencies that manage those critical systems. 01.11.39.0 Moderator Great. Okay, Scott, yes. 01.11.41.0 Scott Larson I can add one more point, is we don’t know that this is just a cyber- event yet. So there’s plenty of work being done with the joint- terrorism task forces and everything else, that this could be a precursor to something more damaging and very physical. [ Responding to Crisis: Local Level ] 01.11.53.0 Moderator Alright let me talk to my Metropolis officials. We’ve been hearing from Mike and Scott about what’s happening on the national level, let’s talk about what’s happening on the local level, because Metropolis is a city of about three million people, we have hundreds of thousands of people that have been coming in for the Super Bowl, the airport is crippled, 911 is down. What we’ve had also is localized blackouts in Metropolis, and people are beginning to panic. They’re hearing things on CNN, they’re reading things in the newspaper, they’re hearing about what’s going on and they’re beginning to get nervous. What kinds of things are we saying to them? Pat. 01.12.27.0 Sheriff Patrick Sullivan, Jr. Well, at this point, then we’re to the point of putting up public service announcements, to bring people some guidance as to stay home, stay off the street until we’re able to restore some of the services, that these are temporary interruptions and that Metropolis Bell and the power company are working on restoring the services, but that we need to reduce traffic and shopping and movement in the community. 01.12.54.0 Moderator Fire, what are we saying? 01.12.56.0 Michael Reilly Well, besides the public service announcements, when we’re having localized blackouts we also want to be doing some fire safety messages because people are going to be turning to, you know, candles and other methods for illumination, power. Let them know that the police and fire departments are there. We have backup generators; our communications are still up. The telephone systems on hardwires are still there, so if they do need help, you know, we are accessible. If they are unable, for whatever reason, police officers as well are stationed at each of the local fire stations and, as you know, fire stations are community-based organizations, so everyone should know where their local fire station is. [ Federal vs. State/Local ] 01.13.30.0 Moderator Okay. Now, let me ask you Leslee, we’re going to have some federal help coming in. Are there going to be any turf issues that might arise as a result of this, do you think? 01.13.41.0 Leslee Stein-Spencer Well the state’s in charge. 01.13.43.0 Michael Reilly I thought the FBI was. 01.13.48.01 Leslee Stein-Spencer As for the EMS, you know, I mean we have disaster mechanism in place and we’ve contacted our attorney general to make sure there’s no legalities with having ambulances and EMTs from other states coming in maybe to help us with emergency response. Our hospitals have been put on disaster alert so they’ve called in extra staff and made that available so that they maintain, they’re open, they do not close or overwhelm. So we know that the, actually that the FBI is in charge and that the state EOC will be running that. 01.14.19.0 Moderator Jerry, how do you assume that when the Feds come in to take over from Metropolis officials, who know the city inside and out, that there are absolutely no tensions, there are no problems whatsoever? 01.14.28.0 Jerry Hauer No, in point of fact, the feds are not coming in to take over. The mayor is still running Metropolis, the mayor’s still in charge, he’s calling the shots, and the federal assets that are coming in are being integrated into the city’s response. The National Guard units that have been put on standby are being pre-staged. Any outside assets - one of the things that we’d be very concerned about, with all these people in hotels and high-rise buildings downtown, when you have blackouts is, one, we have to have enhanced emergency medical care in those areas because if we do have a heart attack or somebody else becoming ill, it’s far more labor-intensive walking up ten, twenty, thirty flights. So we’d want to start pre-staging assets downtown in critical areas throughout the cities. The other thing with blackouts, you get people caught in elevators. So we’d want to pre-stage more fire units in areas where we could wind up having to do rescues in elevators. And we’d start working with the state and with the federal agencies on how we integrate all these assets that are coming in into our needs. And based on briefings we’ve been doing with the mayor, we’re starting to pre- stage stuff in critical locations so that we reduce response times, so that we have some, one, visibility on areas, and in various communities throughout the city. But, as importantly, in the areas with this very dense tourist population that’s come in for the Super Bowl, we’d make sure we increase our visibility there. As well as our resources, so that if something does happen, if this, as you said, is a precursor to something else going on, or if it’s just something natural, that, you know, somebody does have a heart attack, we’re ready to respond as quickly as possible. 01.16.23.0 Michael Robinson (at same time as Moderator) And again, the assets, the, the- [ VI. Gathering & Sharing Information ] [ Tracking Down Suspects ] 01.16.23.0 Moderator Okay, well the region is responding to this cyberterrorism. The region is responding to it, and the nation is bracing for more things that are coming. I want to talk about how we’re actually trying to follow up on this, how we’re trying to identify who might be behind this. John, you’ve been brought in by the FBI, tell us what you might be doing at this point. 01.16.42.0 John Vranesevich One of the, the part that I would be, my company would be doing is what he was talking about, from the domestic angle. This domestic intelligence source, trying to find out, okay, assuming this isn’t an overseas power, country, terrorist group, what have you, is it something localized to the United States that we can catch wind to. 01.17.02.0 Moderator How would you catch wind to it? 01.17.05.0 John Vranesevich Well, when you’re talking about intrusions like this, if you’re not talking about a terrorist group who has some religious base for doing something, or a foreign nation that has some political base. They’re sort of within this whole culture of security as essential watering hole within the desert that every type of beast has to come to drink, and that includes harmless animals like the elephant or dangerous animals like the lion. There’s one watering hole for each of those types of animals to drink from. So we try to-- 01.17.30.0 Mayor Bill Campbell Exactly what does that mean? 01.17.35.0 John Vranesevich Well meaning that there’s a certain set of information-there’s places you can go, there are only certain assets that allow you to gain information about things like this. So what we’re able to do is monitor those watering holes and watch all the animals as they come and go, try to identify those animals and place a particular threat assessment on each one of those different animals that’s coming to the watering hole. 01.17.54.0 Moderator So does that mean you’re listening in in chat rooms? 01.17.55.0 John Vranesevich So what we’re doing is we’re probably monitoring 140,000 different forums that we know that are frequented by individuals who do these sort of things, not simply by someone bragging about it because obviously you’re only getting a certain end of the spectrum, but do we know of anyone six months ago who was looking into things like this? Seven months ago was there someone asking about information on telecommunications systems? Are there any groups that we know that might be involved in things like this? And being able to backtrack like that and see if it’s a domestic threat. 01.18.21.0 Michael Robinson And Wayne’s watching you to make sure you’re not violating anyone’s personal privacy rights. 01.18.23.0 Wayne Madsen (overlapping Michael Robinson) I, I assume you have a judicial warrant to do all this monitoring. 01.18.27.0 Moderator So we’re going to get there in just a second. [Laughter] Michael Vatis, what are you doing at this point? How are you interfacing with John and trying to find out who’s involved in this? 01.18.37.0 Michael Vatis Well, if John is a source, he’d be a source in one of our field squads. So I’m assuming he’s one of Scott’s sources at this point. We would not be monitoring any Internet chatrooms or any private forum for communications unless, as Wayne said, we have a judicial warrant which is based on the fact that we have probable cause to believe that there is criminal activity being planned there, or if John, or some other source happens to be one of those participants in those chat rooms without any connection to law enforcement and then comes to us on his own, as a cooperating witness or an informant, and tells us, “hey, I’ve heard these guys planning criminal activity,” then that’s fine, too. He just can’t listen in on those chat rooms at our direction, unless we have judicial authorization to do so, and all of that is to protect privacy interests. [ Legal Implications of Gathering & Releasing Clues ] 01.19.26.0 Moderator OK. Well, as a result of some of the activities that John’s been involved in, and some of the things you’ve been doing, Michael [Vatis], we have traced this activity to multiple sources. And one of the sources turns out to be a small Internet service provider, which was around way before AOL. And in fact, it’s a very small group of loyal customers that still belong to this Internet service provider. The Internet service provider’s name is “The People’s Portal,” and the People’s Portal, the people that belong to it, feel like they are a sort of a community, and it’s a really small group of people that are involved in this. Now, Wayne, you are not only our top investigative reporter but you are also the founder and president of the People’s Court, Portal, excuse me. Now, when Scott Larson, FBI agent, comes to you, and says that he wants to search the databases of the People’s Portal, what’s your response? Talk to Scott. 01.20.23.0 Wayne Madsen Let me see your warrant, please. 01.20.27.0 Moderator Do you have one? 01.20.28.0 Scott Larson Yes we do. We’d come in, we’d actually do different processes, and this is something that’s- 01.20.34.0 Moderator Talk to him. 01.20.35.0 Scott Larson Something that’s relatively new is that we have both a search warrant, which is people are traditionally used to, then also something called a 2703D order, or Electronic Communications Privacy Act. And so, in this particular case, we would need to search your location, and look at e- mails, we’d get a search warrant. 01.20.55.0 Wayne Madsen You’re going to come in and look at all e-mails that have transversed my servers for some set period of time. 01.21.05.0 Scott Larson Well I’m taking, that we have one particular user, so we’re going to look at one particular user and we’re also going to look at connection information to and from that user on your system. So we don’t want to look at all your e-mail at the Internet service provider, we want to look at just this one user’s account. 01.21.20.0 Wayne Madsen But the nature of my ISP is, to take a look at these transactions you may have access to other communications as well. What are you going to do with that? 01.21.29.0 Scott Larson Actually, technically we can just go in and slice and take that particular portion out. 01.21.34.0 Moderator What are you worried about here Wayne? 01.21.36.0 Wayne Madsen Well, I’m worried that because we’re a progressive ISP we have a lot of users who are very politically active. I’m concerned that, about potential “fishing expeditions,” finding out more information than what the warrant specifies. So that’s my, that’s my, biggest concern, is to protect my customers who are very concerned about their privacy and that’s why they use my highly encrypted ISP. 01.22.02.0 Moderator Should we find some ways to limit the investigative powers of the FBI, then, do you think? 01.22.07.0 Wayne Madsen Well, I think, I don’t think anybody wants to hobble law enforcement’s ability to conduct an investigation, especially with the scenario we have with us. But I’m very concerned about doing more than what the particular warrant would allow for example. This is the whole issue with monitoring the Internet generally. So, as long as the warrant is specific, and we’re not doing remote surveillance from another location, I think we can live with that. It’s the other slippery slope issues we get into where, you know, where is this surveillance capability eventually going to take us. 01.22.49.0 Moderator Okay- 01.22.50.0 Scott Larson And we happy there to be with Wayne while he types on the keyboard, grabs the information. 01.22.54.0 Moderator Alright, Mike Arlington, your phone company has been involved with the 911 breakdown and you have been cooperating with Scott Larson and the FBI, but other agencies are coming to you and asking you for information. And, in fact, before this whole crisis started you were having a number of agencies coming and asking for information from your systems. How do you feel about that? Do you have a problem with that? 01.23.16.0 Mike Arlington Once Scott Larson with the FBI comes to us, it is an FBI case. 01.23.22.0 Moderator But before that, before Scott comes, people have been coming to you, different agencies have been asking you for information. What kind of information did they ask you for? 01.23.29.0 Mike Arlington Law enforcement agencies? 01.23.31.0 Moderator Yes. 01.31.31.0 Mike Arlington The first thing that would happen in 911, and I really haven’t really heard it brought up yet is: how did it go down? What happened? And from a telephone company perspective, we would be looking at that intensely at that point. Was it in our system, or did it occur between our system and where 911 is actually hooked up in that building at the headquarters? Did it happen in the police department, etc., because these are other places you attack? The telephone company’s a little more difficult to attack than people think it is, but there are, every time we hook into something that’s another port, that’s another place you can get at it. So if the police department, let’s say the chief over there asked me, we would tell him, basically, that we’re looking at that, and that as soon as we find something, how, when, where, we will definitely cooperate with him. 01.24.30.0 Moderator Okay, but we’re talking about information management, apart from this crisis right now, and people are just trying to get information from you, different agencies, NIPC, other agencies, are trying to get information from you. Are you reluctant to give out that information? Is there any problem with giving the information? 01.24.47.0 Mike Arlington Not if there’s a declared emergency. 01.24.50.0 Moderator But no declared emergency. Take the emergency out of it. No declared emergency. Are you reluctant in any way? 01.24.55.0 Michael Robinson Plus, we’re a customer. We’re a customer. As one of our members he owes us. 01.24.58.0 Mike Arlington If he is our customer we’re going to talk to him about his system, but we’re not going to talk to him about somebody else’s system. 01.25.06.0 Moderator Okay, NIPC. Mike, talk to me about whether or not you have found that there is any reluctance among any of the companies to give up any information. 01.25.14.0 Michael Vatis Well, it depends on what type of information we’re interested in. 01.25.18.0 Moderator Okay. 01.25.19.0 Michael Vatis The main sort of information that, that we want to get from companies is incident information, so that we can understand the types of attacks that are occurring, what private industry is experiencing, so that we can issue warnings to other people, so that they’re able to protect themselves against attack, and so that we can investigate through our field offices. Those things are also important for us to be able to do contingency planning, so that we can have reality-based planning, so that we can address the things that are really happening. As part of that information we will also, naturally, get some information about the vulnerabilities that are being exploited. That’s where companies get a little bit more sensitive about making anyone else aware of those vulnerabilities. 01.26.02.0 Moderator Why? What, what makes them sensitive there? 01.26.04.0 Michael Vatis Well, there are concerns about adverse publicity if its going to become public, and so we assure them that this information is not for public dissemination, it’s for our use in trying to protect the national security and protect the public’s safety. We will put any restrictions on this dissemination that the company chooses. And we try to explain to them that it’s really in their self-interest because if they share information with us, we’re more capable of giving them information back that they can use to try to protect themselves. So it’s a really mutual process. 01.26.35.0 Timothy Shimeall The companies are very reluctant to talk to federal agencies about incidents and about vulnerabilities. 01.26.41.0 Moderator Why is that? 01.26.42.0 Timothy Shimeall There’s big concerns about, “well, could this information be used, later on, to make procurement decisions? To bias decisions that would otherwise be made on purely technical merit? 01.26.54.0 Michael Vatis I mean, we’ve never heard that. 01.26.55.0 Timothy Shimeall But there’s been some- 01.26.56.0 Timothy Shimeall There’s also liabilities issues. There’s concern about Freedom of Information Act, inquiry- 01.27.02.0 Michael Vatis Information we get is protected from the Freedom of Information Act. There’s never been an instance where information given to us has been the basis of legal liability because our purpose in getting it is to protect the national security and use it for law enforcement investigations. It’s not to engage in any regulatory activity, we’re not a regulatory agency. So there are a lot of myths out there and perceptions that we have been, I think, pretty successfully addressing and we have gotten a tremendous amount more cooperation from private companies as a result of explaining the real facts to them. 01.27.34.0 Timothy Shimeall But it takes time to build trust. 01.27.36.0 Michael Vatis Absolutely. 01.27.36.0 Scott Larson But we’ve been doing that for years, though. We’ve been dealing with the banking industry, health care industry, you name it, we’ve been in industry since the FBI’s been around, and we have a good dialogue with security directors and different companies. And, and-- [ From National to International ] 01.27.48.0 Moderator It’s funny that you should mention banks, because in fact we find out that the people that are involved in this are financed by some major international banks. Now, before you begin to wonder if there is some sort of major, bizarre bank conspiracy going on here, let me tell you that there isn’t one. What actually happened was, about a year ago, a number of these folks hacked into the banks’ systems and actually managed to steal millions of dollars from these banks. Now, what happened, though, was that each of these banks decided not to report the loss, because they were afraid of the problems with their reputation that that might cause. Scott, can you talk to me about that? Is that common? Is that something that might happen? 01.28.30.0 Scott Larson Well, if it’s in the United States, it’s actually against the law. 01.28.32.0 Moderator Okay, we’re international here. 01.28.34.0 Scott Larson Okay, alright, because I want to clarify that. Does that happen? In our experience we haven’t seen that happen but the FBI is not necessarily going to know about hacks going on internationally. That’s where we’d work with other law enforcement partners around the world, and hopefully they would let us know if it impacted somehow with the United States. 01.28.54.0 Moderator Tim, for the moment you are the bank president, president of this international bank. Tell us why you didn’t want to report this information. 01.29.02.0 Timothy Shimeall Well, first of all, I’m concerned, if I report it that it might then become news. It might somehow be leaked out. Whereas we keep it private, deal with it in-house, I have a lot better control over what, over the information being passed around and how, passed around. 01.29.19.0 Moderator Alright, you’re concerned about it being news. Any other concerns? 01.29.22.0 Timothy Shimeall I’m concerned also that my competitors may gain some information about relative strengths or weaknesses of my systems and be able to use that information to deal proactively with the systems. I’m concerned about other potential intruders that might, you know, suddenly my, I’ve gotten a nice big target painted on my chest and, no they can’t get in, but my people are going to spend enough time chasing problems down that they’re not going to have the time available for what I need them to do. 01.29.54.0 Moderator Alright, so should there be some sort of mandatory reporting requirements, do you think? Because, certainly there are reasons that banks are giving in international settings not to report this? 01.30.05.0 Scott Larson Well, that’s a tough issue when you get into regulation. But what I can say to the banks, and the reason why I’m addressing this is because it has come up that, you know, banks are being hacked and they’re not reporting, when in fact, whether it’s a fraudulent check or some sort of action against a bank, banks are required and they do report incidents of, you know, illegal activity to the FBI. 01.30.26.0 Timothy Shimeall- Well, I may very well be comfortable reporting to the FBI. Why? Because we’ve got a long history with them. They’ve helped us with a number of very touchy situations, not just cyber, but you know, embezzlement cases- 01.30.39.0 Moderator Sure. 01.30.40.0 Timothy Shimeall -other kinds of things. They’ve dealt with them quietly and effectively, and that made me very comfortable. On the other hand, I may not be comfortable with the Albonia Police Department- 01.30.49.0 Moderator Whoever they may be. 01.30.50.0 Timothy Shimeall Whoever they may be. You know, some foreign nation, national service that I’m not, don’t have this long history of trust. It may have a new government. The situation may be very up in question. I may be concerned about organized crime links into their government. So, you know, talking about mandatory reporting: reporting to who? 01.31.11.0 Moderator Okay. 01.31.12.0 Timothy Shimeall People that are trustworthy and reliable and high quality? No problem. People that I’m not sure about - do I have to report to them? 01.31.20.0 Moderator Okay. Well, let’s talk about, and it’s interesting that mention this international aspect to this, because, in fact, we have traced where some of these hackers are coming from and we’ve traced them to a country, another country, that actually is a small country that has no laws against hacking into other computers, alright. Now this country is not at war with the United States. They are not an enemy of ours by any stretch of the imagination, but they simply say that they can’t do anything about this, they can’t have any, they have no control over their individual citizens on this, in this regard. Now what they do mention, or what you do notice is that some of the local politicians in this small country and some of the media in the country are expressing a little bit of pride about the fact that one of their own citizens actually brought the big old United States to its knees here. What about that? Could something like that happen, Michael Vatis? 01.32.17.0 Michael Vatis Sure it could absolutely happen, and one of the things that we’ve been engaged in is international outreach to try to get foreign countries to pass laws that criminalize hacking and other sorts of computer attacks so that they have the basis to investigate and prosecute domestically within their country or to investigate and to provide assistance to us and ultimately extradite the people that are found to be responsible to the United States for prosecution. Right now there are still lots of countries that don’t have domestic laws, but they still, often if they’re willing, if they have the political will, they can find some general laws that might be applicable, fraud laws, laws prohibiting damage against property. So if the country’s willing they can investigate under those statutes and we’ve seen that happen. 01.33.06.0 Moderator John, is that scenario likely to happen? Is that something that could happen? 01.33.10.0 John Vranesevich It has happened- 01.33.11.0 Moderator It has? What happened? 01.33.12.0 John Vranesevich Several times. The latest incident would be the country, the Philippines, that an individual created a virus that affected millions of computers, and there simply were no laws to prosecute him, and he will probably go free. We’ve seen cases in the past where we had a teenager in another country break into several hundred Department of Defense systems and the prime minister of that country spoke out favorably about that individual. So sure, it has happened every day. It’s one of the things we talk about here, is how prepared our country is for an assault against a national infrastructure. What we haven’t talked about is how our infrastructure relies on other countries that might not be as prepared to deal with emergencies, and what happens if those type of issues maybe don’t start here but we play off the side effects of an issue in another country. 01.34.04.0 Timothy Shimeall Well, there’s two other effects here. Just because the information’s been traced to this small country, this connection, doesn’t mean it started there. Intruders love to hip-hop borders. 01.34.13.0 Moderator What does that mean, hip-hop borders? 01.34.15.0 Timothy Shimeall Jump from country to country. Why? Because it makes their job, the FBI’s job, much, much harder if they have to go across multiple international boundaries to trace it down. And if a country is known to be relatively friendly to intruders or have relatively weak laws, that will increase the prevalence of knowledgeable hackers of going, routing their attacks through that country. But it may be through, it may not be from. 01.34.41.0 Moderator Okay. 01.34.41.0 Timothy Shimeall Number two, as the online community becomes aware of this, however, that country is going to start seeing its connectivity being affected. And this is also a fairly potent force, by saying, “look, you cannot trust connections from that country,” so ISPs start to filter out the connections from that country and say, “we’re not going to deal with that country because we cannot trust the connections from it.” That’s a potent force for upgrading the laws as well. 01.35.11.0 Michael Vatis And that’s a good point, and it means that the situation is not nearly as bleak as some might think. The two examples that John raised, in point of fact, the local law enforcement authorities were extremely cooperative in the one country, the Philippines, they’ve been helping us since the first day of the “Love Bug” virus, and in fact have expressed their willingness to prosecute the subjects in that case under some generally applicable laws. Charges have not been filed yet but they, we have every reason to believe that they will be. In the other example, an Israeli hacker is facing prosecution later this year, for that attack on Defense Department systems so- 01.35.48.0 Michael Vatis international cooperation is absolutely critical 01.35.53.0 Moderator Okay. 01.35.53.1 Michael Vatis and it’s not something that we ignore at all 01.35.54.0 Moderator Okay. 01.35.54.5 Michael Vatis it’s been a major priority. The other whole aspect here, if we have reason to believe that this is a foreign based attack, and that’s with the caveat, because, as Tim said, somebody could merely be going through another country 01.36.09.0 Moderator Right. 01.36.09.1 Michael Vatis -and it might no be originating in that country. But if we take your premise that it is coming from that foreign country, that means we can rely not just on our law enforcement processes, but we possibly have the basis for foreign intelligence collection, because this is a foreign-based attack on US interests. So CIA, the National Security Agency, and other intelligence agencies can be involved in gathering information to pinpoint further who might be involved. 01.36.34.0 Moderator Okay. Let’s suppose that a government is supporting the, the hackers’ activities here. Are we prepared to deal with that, Scott? 01.36.41.0 Scott Larson Yes we are. 01.36.42.0 Moderator How? 01.36.42.0 Scott Larson Um, we participate through our legal attaches in embassies, they’re known as, what we call legates in the FBI, other FBI that are throughout the world, and I believe there’s 33 legates that have a regional area. We deal extensively with Interpol, and with groups like the G8, the old G7 plus Russia, where we deal on trans-border search and seizure issues, all these types of things that need to be happening literally at the speed of light. We need to pick up the phone and immediately get some reactions. We got to see who’s at the other end of that computer. Is it a loop through, and are they hopping through multiple countries? So really, the law enforcement community is making that liaison. Plus, not only just the investigators, but on all the legal issues between the minister of justice between whatever country. [ VIII. Conclusion - What More Can Be Done? ] 01.37.30.0 Moderator Alright. Well, what you’ll be happy to know is that the attack was thwarted, alright, we got them. But it actually raised a number of questions for us about whether or not we are prepared for this kind of attack, whether we’re taking the appropriate steps to prevent this kind of attack. And what I’d like us to do is just to talk about the kinds of things that we might want to think about, in preparing in the future for this sort of thing. So Tim, why don’t you give us your thoughts about what sorts of things we should be thinking about in terms of cooperation, or resources, to prepare for something like this. 01.38.00.5 Timothy Shimeall Well one of these points is the point the mayor brought up: “hey, I thought I was buying a secure system, and it’s not secure.” And this is a big concern, because oftentimes vendors will build systems with preventable holes, but they don’t put in the effort to prevent those holes. 01.38.18.0 Moderator Alright, so we need to make sure that they’re preventing it. Mike, what should we be thinking about on the local level in terms of fire department? 01.38.25.0 Michael Reilly Well, I think a scope of this type of magnitude reinforces the need to communicate within our own agencies, as well as surrounding agencies. So a unified command system, and working out in ahead, you know, what resources are available from different communities and how that would be affected and put into place. And having a unified command system with the EOC where all those agencies’ heads or representatives are together, who can make a decision and pick up a phone and make that type of thing happen, would certainly help our resolve. 01.38.55.0 Moderator Mike Arlington, what should private industry be thinking about, in terms of preparing for this? 01.39.00.0 Mike Arlington We have to, and we do continually, build redundant systems. We have backups upon backups. The hole I see in the system right now is that we are not bringing people on board to put it all together and I think one of the issues I think the FBI’s done such a great job with is that we’re now starting to train people in law enforcement. But it’s very difficult to get that level of training down to enough people, and, on the local level, there are not enough local police officers that are trained up to that level also. 01.39.43.0 Moderator Okay. Well let me turn to our local police. Pat, what kinds of things should we be thinking about in terms of resources or training that the police need on the local level? 01.39.52.0 Sheriff Patrick Sullivan, Jr. Well, one thing is all their own systems have to be, the security needs to improve. Security practices have to be followed, those things need to be audited to make sure security practices are being followed to protect the systems that are there. And then the whole issue of learning how to handle cybercrime. We’re very much at a crawling state right now at the local level. There are some documents produced by Mike’s [Vatis] shop, by Secret Service, by the Computer Crime Partnership that give us little flipcharts to put in officer’s cars, so if they’re responding on something they know how not to ruin a case- mishandling the equipment. But we have the, we don’t have the forensic ability, locally, to address, investigate these cases. 01.40.37.0 Moderator How about on the state level, do we have it? 01.40.40.0 Michael Robinson On the state level that is a responsibility, I believe, to develop that forensic capability along with federal law enforcement agencies. We have gained some headway, and we can build upon the whole Y2K exercise- 01.40.54.0 Moderator How? 01.40.55.0 Michael Robinson -that we were engaged in with those critical infrastructures as we were looking at the rollover of the millennium. We developed better relationships with many of those critical infrastructure managers and computer systems managers that we can build upon now to educate them about the potentials of cyberterrorism and cyber-attacks on their systems, so that, when and if we do face one of those attacks, we more immediately get to the crisis stage where we understand what the cause is so that we can correct it and limit its effects. 01.41.31.0 Moderator John, what should we be thinking about here? 01.41.33.0 John Vranesevich You touched on something earlier and this doesn’t lead to the level of international terrorism, which, you know, the FBI, you know, will be the first to tell when you’re talking about a couple of individuals it’s very difficult to predict what they’re going to do, or that they do it, or even prevent it. But one of the things with this issue that I think is very preventable that we haven’t seen is education to the youth. The youth have been given a great deal of power, and the power is intended to be used in research and knowledge and education. But they haven’t been educated about the responsibilities of that, and I have people write me every day that say, “I was looking at this system, I was playing with it, but how far is too far?” They don’t understand the laws. Looking at the system, playing with the national infrastructure, to them looks the same as playing a video game. They shoot someone, they die. It’s an inanimate object in front of a screen in their bedroom. How is a phone system any different? So I think one of the big things we need, and that we haven’t even began to touch on, is responsibility and educating the youth about the responsibility and the consequences of their actions. 01.42.28.0 Moderator Jerry. 01.42.29.0 Jerry Hauer Kim, I want to go back to a point the mayor made very early on, which I think is absolutely the heart of this matter. With cyberterrorism, you’re dealing with an intangible. With chemical and biological terrorism we have a police response, or a public health response, and it’s something that elected officials can focus on, and we have not been able to capture that same kind of attention with cyberterrorism. More importantly, in industry, there is an enormous amount of financial pressure to make sure that banks and brokerage houses, other types of industry, have secure systems. And they’re willing to put the money in. At the local and state level, with conflicting budget issues and pressures on budgets, this is not something that is as visible, so it doesn’t often get as much attention, therefore it doesn’t get as much money. And it’s an issue that we really need to focus on because, while chemical and biological terrorism can be devastating, something like this is so insidious, it could have such a major impact on a city, or a state, or a nation, that we’ve got to bring this up on a radar screen and let it get the financial resources that it deserves. 01.43.47.0 Moderator Okay Bill, you have our final word. So mayor, tell us. [ Closing Thoughts ] 01.43.51.0 Mayor Bill Campbell This country is woefully unprepared for cyberterrorism. We are used to a clearly defined enemy with easily recognizable ideological biases against an easily identified point of attack. None of that is going to happen with cyberterrorism. We have no sense about the technology that’s available or about what’s at stake. Our resources are stretched so thin with the regular terrorism, with regular vandals, and rapes, and robberies, and murders. Even those states that are preparing, and I will tell you that there is some comfort level that our interagency cooperation may be the best of all time because of things like the Olympics, or the sense that the agencies are finally understanding that to work together is the best course possible. But the public has no idea about how vulnerable we are. The greatest weakness in this country is our greatest strength, and that is we’re open to all, with no easily defined points of attack. And this technology which is brand new to us, that most of us still are allowing our children to teach us about, is just going to overwhelm us. And the real last concern is that it will not be some foreign speaking terrorist group that’s attacking, like Pearl Harbor, or like with Paul Revere we’re going to be warned about it, or hear the roar of airplanes like in Pearl Harbor. This is going to be some kid, or some disaffected adult, some technological Unabomber, that will strike and that will cause more damage than we ever thought possible.