Former U.S. counter-terrorism coordinator Cofer Black in his keynote address warned Black Hat attendees that, just like 9/11, a major cyber-attack is imminent.
LAS VEGAS-The former U.S.
counter-terrorism official who raised the alarm that a major terrorist attack
was coming before 9/11 is now warning that cyber-war is an imminent threat.
The security community needs
to influence and educate government decision makers about the potential threats
from cyber-criminals and nation-states, Cofer Black, former director of the
Central Intelligence Agency's Counterterrorist Center, said in his keynote
speech Aug. 3 at the Black Hat conference. Cofer was the U.S. Department of
State's coordinator for counter-terrorism with the rank of ambassador at large
from December 2002 to November 2004.
Many of the top decision
makers, Cofer said, are still ignorant of the threats that are out there and
how they target major corporations, government agencies and the defense
Even as the security
professionals try to warn the decision makers, they may not be believed or taken
seriously, Black said. When al-Qaida was gaining strength in the mid-1990s, and
up until the 9/11 attacks, terrorist threats were not well understood. So many
top government officials dismissed the warnings he and other counter-terrorism
analysts were voicing that a major attack was coming.
"The problem is, decision
makers don't understand the threats completely because they have not personally
experienced them. They may hear it, but they don't believe it," Black said.
Black said the threat of al-Qaida appears to be fading from prominence, but
cyber-attacks will escalate.
"We had the Cold War, the
global war on terrorism and now you have the Code War, which is your war," he
A 28-year veteran of the
Central Intelligence Agency, Black said the lead-up to 9/11 may be analogous to
what's happening with targeted persistent attacks carried out against the
defense industry and other high-profile targets.
"The validation of that
threat will come into your world," Black said.
"There is an analogy to the
tech world in all of this, and the situation in your world is far more
challenging than you may appreciate."
of Stuxnet to physically damage equipment has made cyber-security
significantly more important, Black said. The fact that cyber-attacks can
impact the physical world means cyber-techniques must be considered as a tool
that terrorists can utilize, Black said.
Stuxnet damaged centrifuges
used to enrich uranium in Iran's nuclear facility setting back the country's nuclear
development program. The latest reports indicate Iran is replacing the
centrifuges outright because of the damage.
"I can't say I understand
how it was executed, but the important point is, this is expensive to pull off,
which means a nation-state was involved," Black said, adding that cyber-attacks
will be "key component" of future conflict against "a nation-state, a rogue
state or terrorist groups."
Until recently, the U.S.
Government counterterrorism groups have been focused on the possibility of
chemical, bacteriological, radiological and nuclear attacks, Cofer said. Cofer
listed the threats in the order of likelihood of these attacks happening, Cofer
said. The appearance of Stuxnet has changed that, and the concerns are now
kinetic, bacteriological and cyber.
"The Stuxnet attack is the
Rubicon of our future," Black said. The Rubicon was the river near Rome that Julius
Caesar crossed before launching the campaign aimed at making him the dictator
"Your world, which people
thought was college pranks cubed and squared, has now morphed into physical
destruction...from the victim's view, of a national resource. This is huge," he
In the midst of his speech, the real fire alarm went off, complete with
flashing lights, loud sirens and an automated voice saying the alarm was under
investigation. After a few moments of awkward silence by Black, at which point
the audience realized he hadn't engineered the alarm, he continued with his
It appears the real fire
alarm was pulled by a prankster. Regardless, it set a very appropriate tone for
the speech, according to Cameron Camp, a researcher at ESET.
"We're all in this
together, and we're counting on you," Black told attendees.