CNN.com - Transcripts

Transcript Providers

Return to Transcripts main page

American Morning

Interview with Tom Perrine

Aired June 28, 2002 - 07:13 ET

THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.

THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.
DARYN KAGAN, CNN ANCHOR: The evidence is mounting. Terrorists could use the Internet as a tool to target America's vital infrastructure. "The Washington Post" reports that government investigators believe al Qaeda is casing computer controls of U.S. energy and water sources, as well as communication centers.

So just how vulnerable are we to a possible cyber attack? Tom Perrine is a security expert with the University of California at San Diego in their computer center. He is in San Diego. And, Tom, we wish you a very early good morning to you -- thanks for getting up with us to discuss this issue.

TOM PERRINE, SAN DIEGO SUPERCOMPUTER CENTER: Good morning.

KAGAN: What kind of attack are we talking about, and what kind of systems exactly can you access or could a terrorist access through the Internet?

PERRINE: Well, pretty much anything that's connected to the Internet. I think that the main idea from "The Washington Post" story is that a lot of this so-called SCATA systems, the command and data acquisitions systems of dams, electrical power are connected to the Internet when they weren't really designed to be.

KAGAN: Yes. Let me just kind of interrupt you there, Tom, and say anything that's connected to the Internet. I don't think most of us out there know exactly what kind of systems are. You mentioned dams. What about power grids? What about communications systems, like phone systems?

PERRINE: Power grids, yes; the phone systems to a lesser extent. Of course, the phone system carries Internet content. But what we are finding is that a lot of physical control systems are being connected to the Internet, everything from burglar alarms to dam control, power grid, gas line valves...

KAGAN: So somebody could be sitting -- someone could be sitting thousands of miles away, and by hacking into a site and manipulating some things, they can make some really bad things happen.

PERRINE: Theoretically. To this point, we really haven't seen this happen, and it's not clear exactly what control systems have been attached to the Internet. These were never designed to be attached to the Internet, and that's what the real problem is. KAGAN: And so how did we get to this point, and why wouldn't they build security into it?

PERRINE: Well, they all predate the Internet. Some of these control systems are 20 to 30 years old, so they definitely are from before the Internet or even the Arpanet. And as those control systems have been attached to the network for the convenience of the operators, perhaps they attached them to their office network so that they could control things from multiple computers in an office. And then maybe that office network became connected to the company network, which became connected to the Internet. So these systems are now indirectly connected.

KAGAN: We mentioned al Qaeda off the top. I understand in Afghanistan on certain computers, there is evidence that certain al Qaeda operatives -- there is evidence they have been trying to hack into certain sites. What do you know about that?

PERRINE: There hasn't been anything publicly announced about this, but it wouldn't be at all surprising. Also trying to hack in, we don't really know what they mean. Do they mean that someone was searching the Web for information about a water system at a company -- or at a city? Or were they searching for schematics of a dam? Or were they actually trying to break into computers?

KAGAN: Well, I mean, if you are sitting in Karachi or Kabul, I can't imagine if you're poking around on a Web site in somewhere in California that that would have any really good intention. Why would you need to know about the water system that's taking place in a different country?

PERRINE: Well, of course, that's part of the intelligence gathering function, and al Qaeda apparently is quite well-known for doing an awful lot of intelligence up front. So in that case, absolutely no -- there is absolutely no good intention for trying to find out about critical infrastructure. How do you tell that from a student at a university in Saudi Arabia, for example?

KAGAN: Tom, let me ask you this. As an expert, if you are looking at a site, can you tell somebody has been poking around? And is there anything you can do before something really big and something really bad happens?

PERRINE: Well, in general, a lot of places do have so-called intrusion detection systems, and those should give you an idea of what's going on. But in the cases that we have helped other universities and sometimes companies analyze, in a lot of cases, the intruders have been active on their computers for three weeks, six months, and they never knew about it.

KAGAN: And just the average people out there, the people using our computers, is there anything we can do besides sit back and be scared and wait for a bad thing to happen?

PERRINE: Well, I think that the important thing to realize is that this is critical infrastructure. It is a problem. It's not a crisis yet, but it could become a crisis. It's like Y2K, except we don't know when the deadline is. With Y2K, we spent a lot of time and a lot of effort making sure that January 1, 2000 was a very boring night. We had a deadline we knew, and we had to be done. And right now, we don't know when we have to have everything secured by. We don't know when an attack could occur.

KAGAN: It's that rolling deadline that makes it so scary. Tom Perrine from UT-San Diego, thanks for getting up so early and filling us in on this topic -- appreciate it.

PERRINE: Thank you.

TO ORDER A VIDEO OF THIS TRANSCRIPT, PLEASE CALL 800-CNN-NEWS OR USE OUR SECURE ONLINE ORDER FORM LOCATED AT www.fdch.com.