Terrorist Threat to Critical Infrastructure
The protection of critical infrastructure is a key national security issue in a way that it has not been since the ‘snakes and ladders’ days of the late 1950s and the early Cold War civil defence program. Today’s threat has changed from Soviet rockets to various state and non-state actors armed with an equally wide variety of weapons. With this revolution in military affairs, has come a renewed interest in asymmetric confrontation of the Superpower and its NATO and Western Allies. The target is the very institutions and systems that maintain our way of life and/or our cutting edge in military defence. It is the engine of our economy. Get at our critical infrastructure and strangle our economy. That is the goal of our opponents in the Global War on Terror.
What is Critical Infrastructure?
The Clinton administration seemed the first to recognize the danger to critical infrastructure posed by Al Qaeda and other terrorists of the world. With America’s virtual global military supremacy, US concerns shifted towards the threat to (and vulnerability of) the infrastructure that provides and supports that supremacy.
“Rogue states,” and sub-groups such as the ‘new terrorists,’ understood the reality that they could not defeat the U.S. militarily on the battlefield – they would thus take on ‘Goliath’ through asymmetric attacks on its economy and critical infrastructure. U.S. economic and military power are interdependent. The U.S. had already seen the impact of the Omaha City bombing of the federal building and knew that it was not immune to such attacks at home by terrorists. In the aftermath of the 1996 terrorist attack in Saudi Arabia on the U.S. military barracks at Khobar towers and the 1998 simultaneous bombings of the U.S. Embassies in Kenya and Tanzania, President Clinton issued Presidential Decision Directives PDD-62 and PDD-63 entitled “Protecting America’s Critical Infrastructure.”
PDD-63 defined American Critical infrastructure as:
"Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private."
Following the United States’ lead, Canada’s Department of Public Safety and Emergency Preparedness Canada defined critical infrastructure as:
“Those physical and information technology facilities, networks, services and assets which, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of Canadians or the effective functioning of governments in Canada.”
The Canadian definition of ‘critical infrastructure’ is even broader than our American counter-part’s. According to the Department of Public Safety, it includes ten sectors and is comprised of:
- Energy and utilities (such as electrical power, natural gas, oil production and transmission systems);
- Communications and information technology (telecommunications, broadcasting systems, software, hardware and networks including the Internet);
- Finance (banking, securities, investment)
- Health care (such as hospitals, health care and blood supply facilities, laboratories and pharmaceuticals);
- Food (safety, distribution, agriculture and food industry);
- Water (drinking water and wastewater management);
- Transportation (air, rail, marine, surface)
- Safety (chemical, biological, radiological and nuclear safety; hazardous materials, search and rescue, emergency services and dams);
- Government (services, facilities, information networks, assets, key national sites and monuments); and
- Manufacturing (for instance, defence industrial base, chemical industry).
Such expanded definitions clearly acknowledge that the world of critical infrastructure is indeed a target-rich environment.
What is the Nature of the Threat?
Potential targets in the U.S. include some 600,000 bridges; 170,000 water systems; 2,800 power plants (104 of them nuclear); 305,775 kilometres (190,000 miles) of natural gas pipelines; 75,000 dams; and 463 skyscrapers that are 150 metres (500ft) or taller. The threat against critical infrastructure today is as broad as the potential target list itself.
Potential attackers have every weapon at their disposal – from conventional explosives to more sophisticated arms. Some have access to what are now defined as weapons of mass destruction such as Chemical, Biological, and Radiological weapons. Still others have cyber weapons. The most common threat comes from improvised explosive devices (IEDs) using conventional explosives. Recent anti-terrorism seizures of ammonium nitrate fertilizer have exposed the ease with which terrorists can obtain cheap, conventional explosives. Considered to be the world’s most powerful plastic explosive and a favorite for terrorists, Semtex has continued to be popular with Hezbollah and Al Qaeda.
Al Qaeda has obtained common materials and chemicals from ordinary stores, pharmacies and medical supply stores to make nitromethane, PETN, blasting caps and shaped charges for use in destroying buildings. At present, it is estimated that at least 12 Middle Eastern and Asian terrorist groups are prepared to conduct suicide operations.
Terrorists have also demonstrated an interest in non-conventional weapons. Chechen rebels planted a radiological bomb of caesium-137 in a Moscow park in 1995 and Chechen rebels have stolen radioactive metals such as plutonium, caesium, strontium and low-enriched uranium from nuclear power stations.
The Federation of American Scientists warned that a typical scenario for a radiological bomb is the detonation of a device of 500 grams of TNT combined with an americium-241 source used in surveying equipment. This device would contaminate a 2 km strip and an area of around 60 city blocks with 15 rem of radiation. Apart from death, injury and radiation sickness in those nearest the explosion, the cancer risk is assessed at one death in 10,000 individuals in the entire affected area. The entire area would have to be decontaminated which could take months or possibly years Decontamination and/or demolition of buildings and reconstruction in an area of high economic significance such as Manhattan or the City of London could cost US$50 billion. Toronto could count on proportional costs.
What notable attacks are publicly known to have been planned or carried out to date on critical infrastructure targets? Terrorist groups of all types have targeted critical infrastructure in the past and are likely to do so again.
Al Qaeda makes no secret of its interest in attacking the West’s oil supplies and has done everything from attack facilities in raids and suicide attacks to plotting to destroy whole refineries. Oil pipelines in Iraq have been attacked by militants with great frequency. This is not new terrorist thinking. Columbian rebels routinely attack pipelines. Despite heavy and constant guarding, the Cano Limon 490-mile pipeline was attacked 70 times in 2002 by revolutionary forces opposed to the Colombian government, resulting in its shutdown for 266 days out of the year. In the previous year, it was shutdown 170 times as a result of revolutionary action. Electrical relay systems, hydropower plants and power lines have been disabled by Maoist rebels in Nepal. An attempt by Palestinians to blow up Israel’s main fuel depot at Pi Glilot in Tel Aviv could have killed thousands. On 11 September 2001, hours after the World Trade Centre attacks, the Bush administration tried to have the US Coast Guard close Boston harbour, fearing a possible attack on Tanker ships. The French super tanker Limburg was attacked near Yemen Harbour the following year. There have been many alleged Al Qaeda plots to blow up Saudi oil terminals and pipelines. The U.S. is reportedly increasingly worried about the vulnerability of its energy infrastructure, which is practically impossible to protect from terrorist attack – the Alyeska pipeline in Alaska has been attacked several times by locals though not by terrorists. Natural gas pipelines have reportedly been attacked in Seattle by Earth Liberation Front members. Recently, Al Qaeda mentioned pipelines and oil infrastructure in Canada that supply the “Great Satan” as likely targets.
• Communications and Information Technology
Cyber attacks using computer viruses that crash vital systems can cause massive disruptions to financial and other vital systems. Noting the IT capabilities of Islamic terror groups, U.S. officials now admit that they underestimated the time Al Qaeda had spent mapping vulnerabilities. American authorities have reportedly detected operatives using telecom switches in several countries, including Saudi Arabia and Pakistan, to explore digital systems that control U.S. nuclear power plants, emergency telephone services, and water storage and distribution. A computer seized from an Al Qaeda safe house in Kabul contained an engineering program used to locate stress weaknesses in buildings, bridges and dams.
The greatest threat to communications and information technology comes from devices that jam electrical and electronic systems by generating an electromagnetic pulse (EMP). When detonated, an EMP weapon produces massive current and voltage surges that create a powerful electromagnetic field capable of short-circuiting computers, satellites, radios, military radar equipment and civilian traffic lights. Chaos ensues.
Terrorists have also shown an interest in Western financial institutions. In November of 2003, a series of attacks in Istanbul were blamed on Al Qaeda when two suicide bombers attacked the British consulate and the headquarters of HSBC bank, killing 61 people, including the British Consul General, and wounding at least 450. The first pickup truck exploded outside the Turkish headquarters of HSBC. The second, disguised as a food delivery truck, with explosives hidden in metal food containers, crashed the gate of the British Consulate. The bomb demolished two buildings at the entrance of the consulate compound. The bombings were near-simultaneous in timing and used fertilizer-based explosives.
The FBI issued warnings in the recent past on the possible terrorist use of poisons in the food chain. Intelligence from the Iraqi war revealed that terrorist groups have been active in chemical and biological warfare studies. This has had a significant impact on security measures both in the U.K. and U.S. A follow-up classified intelligence bulletin, to state and local law-enforcement agencies, advised them to be vigilant for terrorists making ricin and botulism. The document was prompted by the discovery of home-made toxins in a radical Islamic compound in northeast Iraq that had been raided by Kurdish and U.S. troops.
The FBI also warned law enforcement officials to be aware of signs of toxin production such as large caches of yeast or infant formula, which can be used to grow or dilute biological toxins, and castor beans through which ricin is extracted. The Bureau also warned that terrorists could launch an attack against crops or livestock without sophisticated equipment or expertise. For example, the 2001 outbreak of foot-and-mouth disease in the UK cost between $6-30billion, with over four million animals destroyed.
Documents discovered in Afghanistan indicated that Al Qaeda terrorists had been investigating ways to disrupt the U.S. water supply. Rather than poisoning or contaminating the water supply, threats primarily stem from conventional attacks on facilities to cyber assaults on their control systems, leaving large segments of the population without service.
Most reservoirs hold between three million and 30 million gallons of water, which would significantly dilute any poison – terrorists would have to release enormous quantities to do serious damage. Chlorinated water supplies kill most bacteria, and filtration systems remove particles larger than one micron, thereby eliminating threats from anthrax and botulinum spores. It is more effective to poison a specific building and, even then, the volume of water already going through the system would likely dilute whatever was introduced. This is not to say that poisoning and contamination could not happen, but, they are more complex and therefore less likely to be used than a physical attack. In February 2002, four Moroccans attempted to put cyanide into the water supply of the U.S. embassy in Rome. They were found with maps of the city and four kilograms of a powdered substance that contained cyanide. Later that year, Singapore officials uncovered a plot to contaminate the water supply when police found specific reconnaissance photographs and annotated street maps. Jemaah Islamiah, a group that has been linked to Al Qaeda, was planning to destroy water-supply pipelines to the strategic Changi Airport.
The subway systems of Paris, Moscow, Berlin, Tokyo and now London have all been targets of terrorist attacks. Since 2001, terrorist plots have been foiled against the subway systems of New York, Singapore, Paris and also in London. In the past, diverse attack methods have been used against the metro subway environment, ranging from devices left behind and suicide bombings, to chemical weapons. However, it appears that improvised explosive devices (IEDs), whether timed, remotely-detonated, or activated by a suicide attacker, have been the most prevalent. The Al Qaeda network, Chechen groups and Algerian Salafi Jihadist groups, Aum Shinrikyo cult and Irish republican terrorists, have all targeted subway networks in the past. The Moscow metro suicide bombings on 6 February 2004 killed 39 people and injured 134 at the height of morning rush hour. In a series of attacks on March 11, 2004, bombs on Madrid commuter trains killed 191 people, defeated a government, and saw Spain withdraw its troops from Iraq. Little more than one year later, the July 7, 2005 Al Qaeda affiliated home-grown suicide bombings in London killed 52 people.
The Aum Shinrikyo (Supreme Truth) cult, famous for the sarin nerve agent attack on the Tokyo subway, demonstrated hydrogen cyanide’s limitations as a terrorist weapon, killing 12 people on 20 March 1995. Jihadists have long attempted to develop cyanide-based weapons. Public concern about this issue heightened in late 2001, following the discovery in Afghanistan of videos reportedly showing the testing of hydrogen cyanide gas on dogs. This, along with the knowledge that some Al Qaeda recruits had received training in chemical weapons production, gave rise to the view that the global jihad had developed a credible weapon of mass destruction capability.
Terrorists have shown interest in attacking maritime transportation systems. In January 2004, the Philippines’ Superferry 14 was attacked by Abu Sayyaf firebombs in Manila Bay, killing 116 people. In August 2005, another ferry was bombed, injuring 30 people. That same month, Turkish authorities thwarted an Al Qaeda plot to attack cruise ships in international waters, and Al Qaeda fired timer controlled rockets at U.S. naval vessels in port in Aqaba. Recently, the Sri Lankan Navy defeated a Tamil Sea Tiger mass attack on Columbo harbour in Sri Lanka.
Since 2001, several targets have been mentioned in the landmark category such as the Sears Tower, Brooklyn and Golden Gate Bridges, New York Tunnels, Statue of Liberty, and Eiffel Tower, to name but a few. Methods of attack have ranged from raids, to suicide bombings, to an airliner attack and even an attack by a radiological weapon (dirty bomb). Remember, in 1995, Chechen rebels planted a radiological bomb in a Moscow park, and have stolen radioactive metals from nuclear power stations. Worrisome enough having such materials on the market?
The September 11, 2001 the attack on the U.S. Pentagon, and the alleged Al Qaeda plan to go after the U.S. Capital that same day, are clear examples of how militants have plotted decapitation strikes not seen since the Cold War. Keep in mind that in the early 1990s Ramzi Youssef plotted an airliner attack on the CIA headquarters at Langley, and in 1993 an Al Qaeda affiliate plotted a suicide bomb attack on the UN Headquarters. Islamic militants are believed to have been responsible for the bomb attack on the Jammu Kashmir State legislature in October 2001 and the Indian Parliament in December 2001. In April 2004, Jordan announced it had foiled a terrorist plot led by Zarqawi.
Jordanian authorities said the suspects had plotted to use chemicals and explosives to blow up vital institutions, including Jordan’s intelligence department, the prime minister’s office, the U.S. embassy in Jordan and other sites, in an attack that would also have killed thousands of people in and around the capital. Unfortunately, Canada is not immune to terror plots – in June 2006, a Canadian plot was busted that is alleged to have included a gun raid on Parliament Hill and truck bombs of ammonium nitrate.
Never has the protection of critical infrastructure been as important as it is now – with the possible exception of the darkest days of the Cold War.
Given the dedicated terrorist threat and the weapons and tactics at their disposal, it is amazing that Canada still lags so far behind on this critical issue.
Other than defining critical infrastructure, setting up an office, and perhaps compiling a target list, Canada has done virtually nothing to protect its critical infrastructure. We are still waiting on a planning document that is long overdue – we are apparently at draft 16, and counting!
The only visible steps have been closing the road under NDHQ and barriers around the American and British Embassies. This flies in the face of the fact that Canada is high on the Al Qaeda target list and has yet to be attacked.
This inaction is made more grave by Al Qaeda’s threat to attack Canada’s vulnerable petroleum industry. Let me see. We know they want to, we know they can, they have told us so. Yet, much like pre-Air India, we continue to make light of the possibility here at home. Let us hope that the government gets its act together soon on this important file.
Dr Joe Varner is the Chairman of the National Security Committee of the Federation of Military and United Services Institutes of Canada. He is also the Academic Program Manager for Homeland Security and Emergency and Disaster Management at the American Military University.
© FrontLine Security 2007