Cyber Warfare
Page 2
From historical reports, one telegraph operator said "The line was in perfect order, and skilled operators worked incessantly from eight o'clock last evening until one o’clock this morning to transmit, in an intelligible form, four hundred words of the report per steamer Indian for the Associated Press."
Other operators experienced physical danger. Washington, D.C., operator Frank Royce said "I received a very severe electric shock, which stunned me for an instant. An old man who was sitting facing me, and but a few feet distant, said that he saw a spark of fire jump from my forehead to the sounder."
At the time, the telegraph was a new technology and never experienced technical difficulties of this type. But the story offers an important warning for modern society. The Carrington Event, as the 1859 solar storm has been named, provides evidence of the fragility of electrical infrastructure. Scientific American reported in October of 1859: “The electromagnetic basis of the various phenomena was identified relatively quickly. A connection between the northern lights and forces of electricity and magnetism is now fully established."
Over the last one hundred and fifty years, the world’s critical infrastructure has become a more integral part of daily life. In the nineteenth century, telegraphs composed a comparatively small and relatively non-essential part of everyday life. Their successors today—including the electrical grid and much of the telecommunications network—are essential to modern life.
Is the current system any more protected from catastrophic interference than the telegraph of the nineteenth century? Can the power grid handle a terrorist attack, or severe weather events, or a solar storm?
There's never been a real test to prove it, but there is a robust debate about the vulnerability of the power grid. The most dangerous and costly possibilities for major catastrophes, the collapse of the nation’s critical infrastructure, might visit the United States from any number of methods.
One scenario is a repeat of the solar storm as big as the 1859 Carrington. A solar event of this magnitude hasn't struck the earth since, although there have been smaller ones. In 1989, a coronal mass ejection caused a blackout across parts of Canada, especially in Quebec. As a result of complications across the interconnected grid, a large transformer in New Jersey permanently failed.
In 2003, residents of the northeastern United States experienced a grid down scenario. It doesn't take an unprecedented solar flare to knock out power. The combination of a few trees touching power lines, and a few power companies asleep at the wheel, plunged a section of the nation into darkness. The darkness can spread. As the difficulties at Ohio-based FirstEnergy grew and eventually cascaded over the grid, electrical service from Detroit to New York City was lost. The 2003 event was a comparatively minor episode compared to what might have happened. Most customers had their power back within a couple of days, and the transformers were relatively unaffected.
Compare this event with the incident in Auckland, New Zealand. Cables supplying power to the downtown business district failed in 1998. The center of the city went dark. Companies were forced to shutter or relocate their operations outside the affected area. The local Auckland utility had to adopt drastic measures to move in temporary generators. They even enlisted the assistance of the world's largest cargo plane—owned by rock band U2, to transport massive generators into the area. It took five weeks for the power grid to be fully restored.
There are contrarians. Jeff Dagle, an electrical engineer at the Pacific Northwest National Laboratory who served on the Northeast Blackout Investigation Task Force argues “one lesson of the 2003 blackout is that the power grid is more resilient than you might think.”
The task force investigators pinpointed four separate root causes for the collapse, and human error played a significant role. "It took an hour for it to collapse with no one managing it," Dagle said. "They would have been just as effective if they had just gone home for the day. That to me just underscores how remarkably stable things are."
As awareness was raised by Congress, the National Academies of Science produced a report detailing the risk of a major solar event. The 2008 NAS report paints a dire picture based on a study conducted for FEMA and Electromagnetic Pulse Commission created by Congress.
While severe solar storms do not occur that often, they have the potential for long-term catastrophic impacts to the nation’s power grid. Impacts would be felt on interdependent infrastructures. For example, the potable water distribution will be affected immediately. Pumps and purification facilities rely on electricity. The nation’s food supply will be disrupted and most perishable foods will spoil and lost within twenty-four hours. There will be immediate or eventual loss of heating/air conditioning, sewage disposal, phone service, transportation, fuel resupply, and many of the necessities we take for granted.
According to the EMP Commission, the effects will be felt for years, and its economic costs could add up to trillions of dollars—dwarfing the cost of Hurricane Katrina. More importantly, the commission’s findings state a potential loss of life that is staggering. Within one year, according to their conclusions, ninety percent of Americans would die.
But skeptics say it's the opposite. Jon Wellinghoff, who served as chairman of the Federal Energy Regulatory Commission—commonly known as FERC, from 2009 to 2013, has sounded the alarm about the danger of an attack on the system. The heightened awareness came as a result of an April 2013 incident in Silicon Valley, California in which a group of attackers conducted a coordinated assault on an electrical substation, knocking out 27 transformers. FERC points to the fact that the U.S. power grid is broken into three big sections known as interconnections. There is one each for the Eastern United States, the West, and—out on its own—Texas. In fact, the East and West interconnections also include much of Canada and parts of Mexico.
In a 2013 report, FERC concluded that if a limited number of substations in each of those interconnects were disabled, utilities cannot bring the interconnect back up again for an indeterminate amount of time. FERC’s conclusion isn't classified information. This information has been in government reports and widely disseminated on the internet for years.
FERC also notes it could take far longer to return the electrical grid to full functionality than it did in 2003. Wellinghoff said, "If you destroy the transformers—all it takes is one high-caliber bullet through a transformer case, and it's gone, you have to replace it," he said. “If there aren't spares on hand—and in the event of a coordinated attack on multiple substations, any inventory could be exhausted—it takes months to build new ones.”
"Once your electricity is out, your gasoline is out, because you can't pump the gas anymore. All your transportation's out, all of your financial transactions are out, of course because there are no electronics," Wellinghoff said.
FERC’s proposed solution is to break the system into a series of microgrids. In the event of a cascading failure, smaller portions of the countries can isolate themselves from the collapse of the grid. There is a precedent for this. Princeton University has an independent power grid. When a large part of the critical infrastructure collapsed during Superstorm Sandy, the Princeton campus became a place of refuge for residents, and a command center for first responders.
These doomsday scenarios may be beside the point because the electrical grid is already subject to a series of dangerous stresses from climate change. Sandy showed that the assumptions used to build many parts of the electrical grid were wrong. The storm surge overwhelmed the infrastructure, flooding substations and causing them to fail. Significant portions of the grid might need to be moved to higher ground.
Even away from the coasts, extreme weather can threaten the system in unexpected ways. Some systems use gas insulation, but if the temperature drops low enough, the gas composition changes and the insulation fails. Power plants in warmer places like Texas aren't well-prepared for extreme cold, meaning plants could fail when the population most needs them to provide power for heat. As utilities rely more
heavily on natural gas to generate power, there's a danger of demand exceeding supply. A likely scenario is a blizzard in which everyone cranks up their propane or natural gas-powered heating systems. As the system becomes overwhelmed, the gas company can't provide to everyone. Power providers don't necessarily have the first right of refusal from their sources, so they could lose supplies and be forced to power down in the middle of a winter storm.
Summer doesn't offer any respite. Even prolonged droughts play a role. As consumers turn up their air conditioners, requests for more power increased. There can be a ratcheting effect. If there are several days of consistently high temperatures, buildings never cool completely. The demand from local utilities will peak higher and higher each day. Power plants rely upon groundwater to cool their systems. They will struggle to maintain cooling as the water itself heats up. Droughts can diminish the power from hydroelectric plants, especially in the western United States.
If extreme weather continues to be the norm, the chaos unleashed on the grid by Sandy may be just a preview of the sorts of disruptions to the grid that might become commonplace. Or as the New York Herald argued in 1859, referring to the Carrington event, "Phenomena are not supposed to have any reference to things past—only to things to come. Therefore, the aurora borealis must be connected with something in the future—war, or pestilence, or famine." Although the impact of solar storms was not fully understood at the time, the prediction of catastrophe remains valid.
Science Fiction or Reality
All of the events described above are plausible and have their roots in history. What could happen? Global Panic. Martial Law. Travel Restrictions. Food and Water Shortages. An Overload of the Medical System. Societal Collapse. Economic Collapse.
This is why we prep. Prepping is insurance against both natural and man-made catastrophic events. The government now requires you to carry medical insurance. Your homeowner's insurance may include damage from tornadoes. Even though you may never incur damage from a tornado, you pay for that coverage monthly nonetheless. This is what preppers do. We allocate time and resources to protect our families in the event of seemingly unlikely events but events that are occurring daily or have historical precedent.
At Freedom Preppers, we hope none of these catastrophic events occur, but what if?
CYBER ATTACK
Simply put, a Cyber Attack is a deliberate exploitation of computer systems. Cyber Attacks are used to gain access to information but can also be used to alter computer code, insert malware or take over the operations of a computer driven network.
Why would terrorists bother with an elaborate, dangerous physical operation—complete with all the recon and planning of a black ops mission—when they could achieve the same effect from the comfort of their home? An effective cyber attack could, if cleverly designed, produce a great deal of physical damage very quickly, and interconnections in digital operations would mean such an attack could bypass fail safes in the physical infrastructure that stop cascading failures.
One string of 1s and 0s could have a significant impact. If a computer hacker could command all the circuit breakers in a utility to open, the system will be overloaded. Power utility personnel sitting in the control room could do it. A proficient cyber-terrorist can do it as well. In fact, smart-grid technologies are more susceptible to common computer failures. New features added to make the system easily manageable might render it more vulnerable.
At least one major public official downplays the cyber attack scenario. The nation's top disaster responder, FEMA director Craig Fugate, shrugs at the threat of an power grid collapse.
"When have people panicked? Generally what you find is the birth rate goes up nine months later," he said, then turned more serious: "People are much more resilient than the professionals would give them credit for. Would it be unpleasant? Yes. Would it be uncomfortable? Have you ever seen the power go out, and traffic signals stop working? Traffic's hell but people figure it out."
Fugate's big worry in a mass outage is communication, he said. When people can get information and know how long power will be out, they handle it much better.
Don’t worry, the government will take care of you. Naïve.
In poll after poll, one of the threats concerning preppers is the use of a cyber attack to cause a grid down scenario. There are many bad actors on the international stage. Each is capable of wreaking havoc in the US by shutting down our power grid and enjoying the resulting chaos.
No bombs. No bullets. No swordfights. Just a few keystrokes on the computer. And we're done.
Cyber Warfare is a primer on the threats we face as a nation from the bad actors mentioned above. This guide will also help you answer the question:
What if?
Epigraph
There are risks and costs to action. But they are far less than the long range risks of comfortable inaction.
~ John F. Kennedy
*****
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.
~Albert Einstein
*****
Civilization is like a thin layer of ice upon a deep ocean of chaos and darkness.
~ Werner Herzog
*****
Timeo Danaos et dona ferentis ~ Beware of Greeks bearing gifts.
~ Vergil’s words for the voice of Laocoon in the Aeneid
*****
By failing to prepare, you are preparing to fail.
~ Benjamin Franklin
*****
In war, knowledge must become capability.
~ Carl von Clausewitz, On War
*****
The End Of The World As We Know It
TEOTWAWKI
PART ONE
What is Cyber Warfare?
Chapter One
Cyber Terminology
What is cyber warfare?
Every media outlet or talk show uses the terms cyber warfare, cyber terrorism, and cyber vandalism, often in dire and apocalyptic tones. Reports may depict some obscure but imminent danger or threat to our nation, our corporate enterprises, or even our personal liberties. Visit a technological vendor expo or a security conference and you will hear the same terms in the same tones. Knowing that fear is a great motivator, the vendors use the terms to frighten you into believing your information is unsafe unless you purchase the numerous products or services available to combat the cyber-whatever.
As you follow news reports or conduct your research on the subject, you will not find clear and standardized definitions of what constitutes cyber warfare, cyber terrorism, cyber espionage and cyber vandalism. Many resources can’t even agree on the spelling. Is cyber warfare one word or two? Should a dash connect them?
Because of this, it’s become increasingly difficult to cut through the hyperbole and truly understand the risk associated with the technological advances the human race has achieved. For example, depending on perspective, some politicians and pundits believe the United States is engaged in cyber warfare with North Korea. But on the other hand, President Obama dismissed the Sony hack as cyber vandalism. Who’s right? It depends on one’s perspective or agenda.
The issue of definition is exacerbated by the fact such terms are often used interchangeably and without regard to the corresponding real-world equivalents. The first step in the analysis of Cyber Warfare is to find and provide a common language to help wade through the politicking and marketing.
Our planet will always be in a state of constant conflict. Our technological advances reach from the physical realm into the network of interconnected telecommunications equipment known as cyberspace. Private-sector firms, government institutions, the military, criminals, terrorists, and spies are all actors in the theater of cyberspace. Each of these actors may have varying goals that are all interwoven, operating within the same medium. What separates these actors and accounts for the different definitions in cyber terms are their ideologies, objectives, and methods.
/> The best way to forge an understanding of the differences in terms is to look at the conventional definitions of certain words and directly apply them to cyberspace. For example, traditional, kinetic warfare has a precise definition that 's hard to dispute—a conflict between two or more governments or militaries that include death, property destruction and collateral damage as an objective. Cyber warfare, therefore, uses the same principles of goals, actors and methods that one can examine against a cyber attack to ascertain the gravity of the situation.
Let’s examine two of the most common phrases used, “cyberspace” and “cyber attack” and get to the root of what they mean.
Cyberspace & Cyber Attacks
The realm in which all of this takes place is cyberspace, and as previously stated, can be thought of as a theater of operation.
Author William Gibson coined the term cyberspace in his science fiction hit Neuromancer. The novel tells the story of a washed-up computer hacker hired by a mysterious employer to pull off the ultimate hack — enter the mind of a powerful artificial intelligence orbiting the earth. This novel has over a million copies in print.
The Department of Defense defines cyberspace as—A domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.
A good analogy to help understand the concept of cyberspace. Let’s draw a parallel to your physical space. You, dear reader, are a person, and you are somewhere—perhaps an office, house or by the pool reading this on your Kindle. This is your environment, your space. You have objects around you that you interact with—a spouse, a sofa, a TV, or building. You are an actor in this space, and there are other actors around you; most have good intentions, and some have evil intentions. At any point, someone in this environment can act against you or act against an object in the environment.