Surviving a Public Infrastructure or Energy Grid Attack

Destructive cyber-attacks against critical infrastructure are coming” – Gen. Keith Alexander said last Thursday at a public interview in Aspen Colorado.

Are you ready?

What would you do if the lights suddenly went out? If power was out for days on end? Where would you get news from? Or more importantly Water? Keep cool or get heat? Though many disregard the government’s warnings about critical infrastructure attacks what if the worst did happen, would you be prepared? All these questions and answers became much more real to me the last few days.

Last Thursday our city was hit by a tornado. “That’s not a cyber attack!” I can already hear many say. But if power did go out, along with other public utilities at the same time would it really be that much different? And what if it was a natural disaster instead of a cyber attack from China, Russia or Iran?

It may be neither, but faulty, antiquated or overtaxed equipment. Three Hundred and seventy million people in India just lost power through a power grid crash. That is more people than the US & Canada combined. So the question still stands, would you be prepared?

The night of the storm, we lost all electric and all means to communicate to the outside world. Land line phones were dead, cell phone towers damaged. Relatives and others that live outside the city also lost running water.

Here is a list of things that I found to be very helpful:

  • Matches, candles, and flashlights
  • Cash on hand (no ATM access!)
  • Battery powered radio
  • Ice to keep food from going bad
  • Non-perishable food items
  • Water (bottled is great!)
  • Camp Stove or even an outdoor grill!
  • Walkie Talkies especially if you have family near
  • Cell phone
  • iPad or Android Tablet – With car charger!

The worse is not knowing. Not knowing if friends and family are okay, if more bad weather is on the way, not knowing when utilities will be restored, not knowing when things will be returned to normal.

Not only was our ability to get local news hampered, local news stations were also knocked out, but voice cell phone communication was non-existent the first couple of days and texting was intermittent.

The cell phone became our life line. We ended up getting our local emergency news and reports forwarded from a relative that lived in Florida!

Food was a huge concern, especially not knowing how long power would be out. I found that three bags of ice (luckily a local grocery store was unharmed) stacked one on top of the other fared pretty well keeping the freezer cool. Eventually when emergency services supplied dried ice, a block of dried ice next to the bags of ice kept the freezer very cold and kept both dry ice and bagged ice from melting.

The iPad and Android tablets seem an odd addition to the list. You would not believe how helpful they were during the outage, especially when you live in a house full of 2.0 teenagers who are as addicted to tech as much as you are. Locally stored Kindle books helped pass the time, and the mobile devices acted as a helpful mini light source when navigating the house at night. The long battery life on the iPad was a god send too!

As roads cleared, getting out with these devices and connecting to public Wi-Fi’s helped to get news and tell family members that all was well.

Having firearms was also a huge peace of mind. It is an eerie feeling living in a blacked out city at night and seeing the random police car go by shinning his search light up and down the alleys.

This is not an exhaustive or expert guide by any stretch of the imagination. Just some information that may help out if the worse happens.

Are you ready?

Strong Cybersecurity Legislation needed to prevent Inevitable Attack

Cybersecurity experts warned congress on April 24th that unless strong legislation is passed to enforce basic security standards for critical infrastructure, this country could face a major cyber attack.  “If we don’t do that this year, an attack is inevitable,” Center for Strategic and International Studies Senior Fellow James Lewis told the congressional committee.

According to an article on Government Computer News, the attacks that the public is seeing are only the “tip of the iceberg”, and it is the attacks that the public does not see that are very disconcerting. Shawn Henry, former executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, echoed what the NSA said a few years ago, that network operators “need to assume that they have or will be compromised”:

“The threat has reached the point that a determined adversary will access any system that is directly accessible from the network,” said Henry, who now is president of CrowdStrike Services, a cybersecurity intelligence start-up. “They will keep coming until they come in.”

The article also mentions that though China and Russia are a major concern, that are not the top threat to American networks. Lewis said, “I don’t worry about China and Russia, they aren’t going to start a war just for fun. I don’t know if we can say that for Iran and North Korea.”

Though many main stream computer security experts would counter the statement that a major attack is inevitable, the key really lays in the fact that a lot of information causing the concern is not released publicly. Even the NSA caught a lot of flack recently about their concerns about the hacker group Anonymous. But you have to realize the NSA has access to information that the public will never see, and if they are concerned, there really has to be something to it.

US networks would be much stronger if companies did enforce basic standard security procedures. But my question is why hasn’t critical infrastructure entities already implemented it? And why would we need more legislation passed to force them to do it, when it should already be done?

All the Lights will not go out in a Cyber Attack

Doing some research for an upcoming magazine article on cyber warfare, something dawned on me. One of the biggest threats that you hear is that hackers could take out the power grid and all the power would be shut off. America would be thrown back to the power stone age in the flick of a switch (or a series of SCADA exploits).

But is this true?

The answer is no.

Even if hackers (hacktivists or foreign Nation States) did infiltrate every power plant and somehow successfully shut down the entire power grid, many buildings and organizations would not be affected. Key government, military and even some commercial buildings would be unaffected. At most what they would experience would be a very brief power outage, and then the power would be right back on.

You see, as several utility companies seemed to have ignored the warnings of cyber attack, others have not. When I worked in the energy sector several years ago, the move was already on to provide alternative power to key US organizations. Even communication backup systems were created so that federal, state and local government agencies would be able to communicate in the event of a blackout.

These power systems are completely offline, impervious to electronic attack and can run for an extended amount of time. So even if “Cybergeddon” does occur, our nation will not be completely “in the dark”.