Imagine this scenario: You wake up one morning to your cell phone alarm to see that your battery isn't fully charged as normal, but rather still holding onto the last 24% of charge from the previous night. Frustrated that you need to invest in a new charger, you move over to your desktop and turn it on, realizing that it's not working either. At least now you know that it was probably just a breaker that tripped over night, so you check your breaker box, only to discover that everything seems normal. So next to blame is the power company. Luckily your phone is still partially alive, so you try to give a call to the company, but can't connect to any cell towers. What's happening? You pull out your radio to try to listen to the news - once again, nothing. Every station that you normally listen to is all static.With the poor security defenses trending in the industrial landscape, advanced persistent threats (APTs) have the ability to pose a serious threat to the lives of millions of lives in America. By taking advantage of certain vulnerable systems, such as the United States power grid, estimates show that there is a potential of killing off up to 90% of the American population. This is NOT a tin-foil hat conspiracy, and industrial business leaders need to take this threat extremely seriously.
Don't get me wrong, this isn't something that a single person could do from their basement. This would require nation-state sponsorship or a large team of professionals who have a great deal of computing resources to pull off. Sami Saydjari, a researcher for the Professionals for Cyber Defense, estimates that it could be done for about $5 million and with three to five years of preparation. However, an attack price tag of $5 million is nothing compared to the potential damage of approximately $700 BILLION according to Scott Borg, an economist for the U.S. Cyber Consequences Unit who I had the pleasure of meeting at Elizabethtown College in early 2014. He predicts that it could be the economic equivalent of 40 to 50 hurricanes all striking at once if a third of the country were to lose power for three months.
One of the biggest reasons that this could cost so much both in money and lives is due to the fact that it would take approximately 2 years to replace the generators to provide power to large cities. The countries who sell the infrastructure to the United States are China and India. However, China could possibly be one of the actors who attacks our power grid and may take advantage of this fact. There is evidence that adversaries from both Russia and China have probed and installed malware tools onto the U.S. electrical grid in the past. This means that we could solely be relying on India to manufacture and ship new infrastructure to the United States until we could start our recovery. 2 years could be considered a low estimate for the time to replace due to the fact that this hardware isn't mass-produced and takes a while to mass-produce.
One of the biggest reasons that this could cost so much both in money and lives is due to the fact that it would take approximately 2 years to replace the generators to provide power to large cities. The countries who sell the infrastructure to the United States are China and India. However, China could possibly be one of the actors who attacks our power grid and may take advantage of this fact. There is evidence that adversaries from both Russia and China have probed and installed malware tools onto the U.S. electrical grid in the past. This means that we could solely be relying on India to manufacture and ship new infrastructure to the United States until we could start our recovery. 2 years could be considered a low estimate for the time to replace due to the fact that this hardware isn't mass-produced and takes a while to mass-produce.
Some of the proof that this is a potential and very realistic threat comes from a demonstration from researchers who worked on a project in conjunction with the U.S. Department of Homeland Security. The demonstration showed a staged attack on a power generator, causing it to self-destruct with a piece of malware that took advantage of vulnerabilities in the operation of both the hardware and software of the generator. Although this was technically a white-box experiment, a large group of experts with some financial backing could expand an attack like this to the entire power grid in America.
While we have yet to see any obvious impacts from the threat of cyber war, we can't go on ignoring the issue. We've had scares before, such as the case with the Armageddon-threatening Conficker worm in 2008-09, but no cyber threat has presented such a realistic physical threat before. There hasn't been a large-scale event like there have been with other terrorist attacks such as 9/11. No ambulances and fire trucks rushing to the scene of a crime. No nightly news coverage of a traumatic single-day event that killed hundreds of Americans. However, the threat is just as real as physical terrorism threats - if not more.
I apologize if this seems a bit harsh, but the realism of this issue needs to be widely recognized so that changes can be made in the industrial world. Don't ignore the problem. Understand the threat so that you can understand the cause behind cyber security professionals.
While we have yet to see any obvious impacts from the threat of cyber war, we can't go on ignoring the issue. We've had scares before, such as the case with the Armageddon-threatening Conficker worm in 2008-09, but no cyber threat has presented such a realistic physical threat before. There hasn't been a large-scale event like there have been with other terrorist attacks such as 9/11. No ambulances and fire trucks rushing to the scene of a crime. No nightly news coverage of a traumatic single-day event that killed hundreds of Americans. However, the threat is just as real as physical terrorism threats - if not more.
I apologize if this seems a bit harsh, but the realism of this issue needs to be widely recognized so that changes can be made in the industrial world. Don't ignore the problem. Understand the threat so that you can understand the cause behind cyber security professionals.
