Cyber-attack on U.S. facilities – A dire threat
In an October New York Times article, U.S. Defense Secretary Leon Panetta was quoted as saying that the U.S. is "increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government... They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.” The most destructive possibilities, Mr. Panetta said, involve “cyber-actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack.” He described the collective result as a “cyber-Pearl Harbor that would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability."
While the Secretary of Defense has focused upon the risk of cyber-attack emanating from "the nation’s adversaries, which officials identified as China, Russia, Iran and militant groups," it is important to remember that individual hackers, hacktavist groups, and disgruntled current and former employees could also hack into systems or insert malware that can result in significant damage and/or injury.
Despite several recent examples where actual physical damage from inserted malware has occurred and spread unintentionally beyond the targeted systems (Stuxnet and progeny), along with repeated dire warnings from the Department of Homeland Security, security specialists and now from the Secretary of Defense, Property/Casualty insurers remain largely reluctant to ask a single application question or implement any underwriting guidelines addressing this increasing exposure.
Gen Re first produced a client publication on cyber security in April 2011.