The U.S. is vulnerable to a cyber attack, with its electrical grids, pipelines, chemical plants and other infrastructure designed without security in mind. Some say not enough is being done to protect the country.
When a large Southern California water system wanted to probe the vulnerabilities of its computer networks, it hired Los Angeles-based hacker Marc Maiffret to test them. His team seized control of the equipment that added chemical treatments to drinking water — in one day.
The weak link: County employees had been logging into the network through their home computers, leaving a gaping security hole. Officials of the urban water system told Maiffret that with a few mouse clicks, he could have rendered the water undrinkable for millions of homes.
"There's always a way in," said Maiffret, who declined to identify the water system for its own protection.
The weaknesses that he found in California exist in crucial facilities nationwide, U.S. officials and private experts say.
The same industrial control systems Maiffret's team was able to commandeer also run electrical grids, pipelines, chemical plants and other infrastructure. Those systems, many designed without security in mind, are vulnerable to cyber attacks that have the potential to blow up city blocks, erase bank data, crash planes and cut power to large sections of the country.
Terrorist groups such as Al Qaeda don't yet have the capability to mount such attacks, experts say, but potential adversaries such as China and Russia do, as do organized crime and hacker groups that could sell their services to rogue states or terrorists.
U.S. officials say China already has laced the U.S. power grid and other systems with hidden malware that could be activated to devastating effect.
"If a sector of the country's power grid were taken down, it's not only going to be damaging to our economy, but people are going to die," said Rep. Jim Langevin (D-R.I.), who has played a lead role on cyber security as a member of the House Intelligence Committee.
Some experts suspect that the U.S. and its allies also have been busy developing offensive cyber capabilities. Last year, Stuxnet, a computer worm some believe was created by the U.S. or Israel, is thought to have damaged many of Iran's uranium centrifuges by causing them to spin at irregular speeds.
In the face of the growing threats, the Obama administration's response has received mixed reviews.
President Obama declared in a 2009 speech that protecting computer network infrastructure "will be a national security priority." But the follow-through has been scant.