Seemingly almost every month we are made aware of some kind of cybersecurity intrusion. There are bad actors worldwide whose sole purpose is the interruption and/or destruction of computer networks and systems. The U.S. might be included in that group since we, along with Israel, did the dirty deed to an Iranian nuclear enrichment operation using something code-named Stuxnet to destroy Iranian centrifuges to retard their development of nuclear capabilities.
The recent ‘Wanna Cry’ disruption has been credited to North Korea, for example, and that was so-called ‘ransomware’ which locks up systems unless and until some payment is received in return for the release of the system that has been locked up.
A week before Christmas, hackers blacked out a portion of the city of Kiev by shutting down the electrical grid system. We’re told that this new malware has been designed with swappable, plug-in components that can be used to adapt to different power systems, different electric utilities and that they can be easily reused or even launched simultaneously at multiple electric system targets. This malware has been given the name Crash Override.
The big buzz in our country recently has been the question of election tampering since virtually everything we do today is computer dependent. There are claims that some attempts at incursion have been found but there is no evidence that the perpetrators did any damage in terms of changing vote counts. It would seem, though, that with malware such as we see involved here, we need to do some real solid re-engineering of the way we conduct elections as dependent as we are on the behind-the-scenes systems that are critical to us today.
Our infrastructure is essentially driven by computers today. Our banking system is driven by computers. The stock market systems, if penetrated, would be terribly disruptive to our entire economy. Power and water utilities are controlled by computer systems. Everything we depend upon today involves computer systems to one degree or another.
Crash Override is said to be programmed to interact directly with grid equipment sending it signals to switch the flow of power on and off, for example. Those in the know say that what would’ve required 20 or more people in the attack on the Ukrainian power grid in 2015 would equate today to those same twenty people simultaneously targeting ten or fifteen different regional power companies instead of the three that were hit in Ukraine.
The capability exists today for the programming to make possible the attacks even on a network that is disconnected from the Internet. It is equated by Dragos’ Rob Lee to a ‘logic bomb’ that can be planted and programmed to automatically detonate at a preset time. Dragos is one of the two security companies cited in the information. The other is a firm named ESET. Targeted phishing e-mails were involved in the 2015 attack, but the ‘logic bomb’ could lay dormant for some time and then be triggered.
“Crash Override” is reportedly significantly more capable of inflicting outages that would be far more widespread than the 2015 attack on Kiev and to do so on preset command. It could lay dormant and be triggered at will or be pre-programmed to trigger itself at a certain date/time.
Now, step back and think about everything we rely upon that is systems driven. Think about the enormity of an intentional crashing of our stock market, the disruption of national banking capabilities, the shutdown of power systems in communities and potentially even states. Think about the magnitude of disruption and destruction that could be triggered.
Computer systems are integral to virtually everything we touch and that touches us. Those are networked in most cases so they would be susceptible, at least theoretically, to attacks such as these. One rogue individual could, with the proper tools such as an even more sophisticated “Crash Override” for example, literally bring our country to its knees.
This gives us a new lens through which to view the world’s nutcases. Quickly, North Korea becomes a more viable threat. We know that North Korea has a quite sophisticated cyber warfare operation already. We know the Russians and the Chinese are very likely to be at least that sophisticated and probably exponentially more sophisticated.
The possibility of election-rigging is important, but that pales by magnitudes given the threats which exist today that could literally shut our country down. Food wouldn’t get delivered to stores. Money would no longer be available at the local bank kiosk. Health care would be shut down since it is virtually all systems driven. Community water and sewerage systems would be off. Gas stations would have no gas and couldn’t pump if they did. Our defense capabilities would be severely eroded. Our world as we know it would disappear almost literally overnight.
This is a frightening specter and nothing to just pooh-pooh as we continue to go about our daily business. We need be aware and we need to impress on our elected officials that we want them aware and working in tandem with us to be certain we are safe from such incursions. We could be back to the equivalent of the 1850s in the blink of an eye. Even worse because we no longer know how to do the things that we’d need to do in order to simply exist.
Unfortunately, this stuff is real and it is critically important and there are some untrustworthy trigger fingers in our world today.