By Kevin Anderson BBC News Online

US authorities are said to be reassessing the cyber threat posed by al-Qaeda in light of recent intelligence and evidence of attempts to access electronic systems from the Middle East and South Asia.

Until recently, US authorities considered the main threats of coordinated cyber mischief from state actors such as China and Russia.

Officials believed that al-Qaeda had little interest and little ability to carry out electronic attacks that could seriously threaten the US.

However, officials now reportedly believe the global terror network might employ a bombs-plus-bytes approach to wreak maximum disruption.

Cyber surveillance

Local authorities, the FBI and the Lawrence Livermore National Laboratory have been investigating a suspicious pattern of surveillance of computers in Silicon Valley last autumn, according to a report in the Washington Post.

A summary of the investigation prepared by the US Defense Department found "multiple casings of sites" not only in California but across the US.

A new attack might be more subtle

The surveillance was routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan and focussed on emergency telephone systems, water storage and distribution, and the power grid and power plants, including nuclear power plants.

Some of the searches suggested no more than reconnaissance for a conventional attack against key infrastructure, but analysis also showed the searchers were interested in digital systems that controlled emergency dispatch systems and industrial controls.

More information on such systems also showed up al-Qaeda computers seized in raids in Afghanistan.

Control systems

Questioning of captured al-Qaeda operatives also found that the terror group was interested in a class of digital devices involved in distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems.

DCS systems have been used for the last 20 years to help operate industrial operations including oil refineries and power plants.

SCADA systems are more recent developments. They also help with the control of industrial operations, and some SCADA had recently been linked with business systems that were connected to the Internet, said Andrew Bond, the editor of a newsletter covering industrial automation.

The FBI issued an alert earlier this year that al-Qaeda operatives were researching SCADA systems on the web with a particular interest in water supply and wastewater management.

In March 2001, a disgruntled former employee in Australia was convicted of using a computer and radio gear to hack into a computerised sewage system.

Upset about being passed over for a job, the employee remotely instructed the sewage system to release millions of litres of waste into public waterways.

US officials fear that terrorists could use a similar attack to foul public water supplies or open the floodgates on massive dams in the west and devastate areas downstream.

Rethinking the unthinkable

The Bush Administration's cyber security chief, Richard Clarke, has long been one of the loudest voices warning of a so-called digital Pearl Harbour, a surprise attack focussing on the United State's critical digital infrastructure.

In the past, some security experts have dismissed such statements as scare-mongering, saying that the control of industrial systems and utilities such as air traffic control, power stations, water storage and treatment and emergency services are isolated from the public internet.

But as was shown in the case in Australia, there were ways to access such systems externally, Andrew Bond said.

And DCS systems operated on proprietary hardware and software that would make it difficult to hack, he added.

However, newer SCADA systems run on off-the-shelf hardware using Microsoft Windows.

While many systems are not connected to the internet per se, they are often connected to business systems, which might have connections to the internet.

But in the case of much industrial automation, separate safety systems would engage if the plant were to run outside of preset safety parameters, he said.

The greater threat comes from catastrophic events far beyond conditions envisioned by engineers, he said, possibly the result of a combination of physical attack and simultaneous intrusions.

And after the events of 11 September, planners and security experts are beginning to rethink what they thought was unthinkable.