There have been a number of stories over recent months that do not add up to much by themselves. But together, they may represent the emerging tip of a future iceberg of major import.
Nation states are well aware of the fact that crippling each other’s infrastructure through Internet-based attacks is a much cheaper way to inflict damage on an enemy at a distance that any sort of physical attack; with the probable exception of nuclear weapons.
Can you take down their electricity grid? Can you take down or destroy the turbines in their electricity generating stations? Can you cause the major router stations in their Internet to shut down? Can you cause the traffic lights in many of their major cities to malfunction? Can you mess with the systems that coordinate the comings and goings of trains that have to time-share their tracks? Can you cause the GPS signals over their country to become unreliable? Can you cause a melt-down the just-in-time inventory systems that control the resupply of their major market chains? Can you cause fires and destruction in their oil refineries and oil pipelines by interfering in their many interlinked control systems? Can you interfere and confuse their military control and communication systems? Can you shut down the ATMs and banking systems of their larger banks?
Think water pumping stations and sewage works. Think petrol stations.
The list goes on and on. And, whether you believe it or not, our vulnerabilities are high and the stakes are far higher still. And most high tech nation-states have had highly competent and professional teams quietly working on such things for years
This following link will take you to all the articles on my Samadhisoft Blog that are about Cyber Warfare. Follow it if you want to read earlier background material, i.e., about things that have preceded the more recent events that I’m going to talk about here today. Take a good browse – there is a lot there.
But, coming back into the present – consider the following things which have occurred recently.
Playing with GPS
A few months ago, I began noting articles about how the Norwegians were complaining that GPS in their area was not working correctly.
See: This and This and and This and This.
Then, some months after that, I saw very similar similar complaints being made by the Israelis:
See: This and This and This and This.
Interesting, eh?
Playing with Airline Systems
More recently, a major British Airline (BA) has had not one but two major IT meltdowns within a week. And both times, chaos ensued.
See: July 31st and August 7th.
And Stock Markets
Here are two stories about a stock market meltdown in Britain: Story1 – Aug 17th. and Story2 – Aug 17th.
So, do these events I’m citing make a pattern, do they indicate something?
Maybe and maybe not. Maybe they are just chance events. Or, maybe they represent ‘proof-of-concept’ exercises by various cyber players.
If Russia, or some other player, wanted to test out their ability to throw the global GPS system off by running a few tests like this, then what we’ve seen here makes sense.
And considering Iran’s current disagreements with Britain over the oil tanker that the UK seized in Gibraltar and over sanctions against Iran in general, then maybe Iran is just flexing its cyber-muscles a bit in the UK’s cyber space? Say an airline system hack here a stock market disabling crash there?
This has all been going on, quietly, for some time. Consider this article from 2013 in which U.S. power stations were found to be infected.
Consider as well this article from 2010 which discusses how the U.S. destroyed many of the Uranium-enriching centrifuges that Iran was using to prepare nuclear materials.
Do you think it is just a coincidence that Russia and Iran have taken active steps to be able to isolate their entire national Internet systems by throwing a few switches? See this.
Does all this seem far fetched to you? It doesn’t to me.
In fact, I am certain that most major technically capable nations-states have long since infiltrated the infrastructures of the other nation-states that it considers to be potential enemies.
So, if a war breaks out, we can fully expect that every embedded bit of malware in our nation’s infrastructure will trigger and most of them will cause a lot of essential things to break or shut down. The only consolation will be that if our cyber-warriors are good as well, the enemy will likely suffer similar consequences.
And, just as certainly, folks on each side are working intensely to detect and disable all the infiltrated malware that they can even while they are trying to work out how to hide our stuff ever more cleverly. It is truly a major clandestine cat-and-mouse game
So, will it be limited to big ticket items? No, I don’t think so. Remember the “Internet of things”? Abbreviated as IoT?
Here’s a story that will make you squirm. The IoT includes such innocuous things as Baby Monitors: Read this.
Our houses are becoming full of IoT things: refrigerators, smart TVs, garage door openers, heating systems, our fancy mobiles, heart pacemakers and multi-line phones. And the list goes on. And we assume, when we buy such things, that the manufacturer has done their research and given us devices that do not leave us vulnerable. Do you really think that’s true? As they tread the fine line between (1) giving us equipment that has been strongly researched to protect us and (2) maximizing their profits, where do you think they will walk?
Any guesses why the U.S. and several other countries are so adamantly opposed to allowing Chinese manufactured Huawei equipment to be allowed to underpin their next-generation 5G mobile systems?
Given that I’ve spent a lifetime working in IT, I am pretty certain that most folks have very little idea how the router that brings the Internet into their house even works. Much less knowing what to do to change its passwords and check that they are protected. And that’s just the household router. How do you know that your IoT devices are not hackable? How do you even know if the new widget you just bought “is” an IoT device?
The road signs are flashing, “Fun times ahead”!
My business card says on it that I am a “Futurist”. Of course, no one appoints anyone as a futurist so the appointments are self-done. And you, dear reader, have no way to know if I am wearing a tin-foil conspiracy hat here or pumping out gospel quality news of the future.
I get that. Ask around. Look around. And see what you see. The future is going to belong to all of us.
https://www.wired.com/story/iran-apt33-industrial-control-systems/