Technology is fragile. Hard drives crash, smartphones need cases and even the most skilled coders can write software that contains gaping holes. If you think about it, it’s almost as if we’ve replaced the iron and steel of the industrial revolution with a modern world constructed of delicate eggshells. Not long ago, Mort Zuckerman shared in the Wall Street Journal what the elements of a cyber war might look like. In his words, a hacker/terrorist, “can tap into our computer networks and move money, spill oil, vent gas, blow up generators, derail trains, crash airplanes, cause missiles to detonate, and wipe out reams of financial and supply chain data.”
In fact, President Obama recently had this to say on the subject in a recent opinion post in the Wall Street Journal: “So far, no one has managed to seriously damage or disrupt our critical infrastructure networks. But foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility’s internal controls. More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy—including the nuclear and chemical industries—are being increasingly targeted.”
Personally, I find myself wondering what would happen if a large tech company like Google or even Facebook, which has access to so much information about people, went bankrupt? In such a scenario, could the assets be sold off to the highest bidder? Where would that information end up? All your private information, from passwords to private searches could end up in the the wrong hands. Can you say blackmail? Or what if the military somehow lost an important encryption key? Or what if terrorist organization got their hands on state-sponsored invisibility technology? Of course, there are always solar flares that could wreak havoc with our satellites. The list of crazy possibilities seems endless.
I’ve asked three incredibly intelligent individuals from diverse backgrounds to enlighten us as to what types of tech-related Armageddon scenarios they view as real and potentially devastating. Do you have some ideas of your own that aren’t discussed here? What do you think about all of this? Leave us a comment to let us know!
Physical Destruction Caused by Digital Systems; Theft of Valuable IP
The critical infrastructure (networks) that power our country’s commerce (such as intellectual property, the manufacturing base, corporate strategies, etc.) are all inherently insecure. For example, hundreds of billions (if not trillions) of dollars worth of intellectual property has been stolen from US companies. There are equally significant vulnerabilities in our nation’s industrial control systems. A person might not normally think of a nation’s sewage system as a potential target for a terrorist attack, but just imagine hundreds of gallons of raw sewage being discharged into a waterway or the disabling of water treatment capabilities altogether.
I’m talking about computers that run equipment that can cause that equipment to malfunction, cease to operate or cause real-life physical damage (think Stuxnet). As far back as 2007, during the so called “AURORA test,” a hacker remotely accessed and destroyed an electrical power generator by causing it to shift 180% out of phase (essentially causing the massive piece of equipment to function in a manner opposite of perfect). Within 45 seconds the entire machine seized up and shrapnel started flying. When there is no safety in place, bad things start happening.
It’s good for media to take an interest in these types of scenarios because the benefit of the knowledge being spread outweighs the potential risks. People need to know about these issues so that necessary changes can be made (and changes are underway; there are currently 42 bills on Capitol Hill that have a component related to cyber security).
Social-Engineering a Fake Terrorist Attack
Truthfully, I’m not a great fan of the whole ‘Digital Pearl Harbour’ scenario, for a number of reasons. For one thing, while pundits are quick to point out (and exaggerate) the vulnerabilities of critical infrastructure, few bother to ask whether such attacks would help or hinder the agendas of potential attackers.
People easily assimilate electric outages, blackouts, computer glitches and the like into their daily routines. Such events are common enough—even without malicious interference—that they don’t normally pass the threshold of drama necessary for terrorism theatre. This is one of the reasons why such threats tend to be the provenance of states rather than terrorists, and even then only as means of sabotage in the case of a kinetic encounter. (I’m not speaking here of DDOS and other types of hacktivist attacks).
What worries me more is the damage that could be done through a campaign of concerted ‘social engineering’ via Twitter, YouTube, unprotected news sites, and the like. The spreading of false news stories, corroborating (spoofed) attributions from politicians, fake ‘atrocity’ videos, etc. could achieve the effect of a major terrorist attack without the need for any actual activity on the ground, and could conceivably do far more to wreak havoc and undermine trust than an electricity outage or failure of critical services. In my opinion, this sort of threat is not only more realistic, but is more suited to the agendas of emerging subcultures who may wish to undermine the legitimacy of authorities.
What Happens When the Cloud Crashes?
We’re all doing more and more of our “stuff” online. Those of us inside the technology industry think about what this means, but those people who simply use technology and don’t talk about it don’t have the knowledge or time to think about what it really means to put all their faith in cloud services.
I myself live my life in cloud systems—from my social graph on Facebook and twitter, to email and documents with Google—all my data resides not on my own laptop but on some ephemeral cloud someplace. I tend to have the attitude that says this is OK for two reasons; firstly because if all was lost, at the end of the day I’d still be OK—I can still get food, water and shelter. The second reason I am comfortable with a cloudy life is the arguably naive feeling that these vendors are “too big to fail” and we’ve all seen the deleterious results of that in another industry.
But what would happen if one of these massive cloud vendors came crashing down? The reality is that far more than we can imagine would cease—major utilities are run in the cloud, banking systems have some of their services in the cloud, telecommunications, the food supply chain, social services all have an aspect of their operation which relies on the cloud.
This isn’t to say that the cloud is dangerous and that we should go back to some former mode—air travel has obvious risks, and yet the benefits it brings far outweigh those risks. What we do need to do is ensure that we think about risk profiles, we make our buying decisions wisely, and we lobby our politicians not to argue about minutiae, but rather to adopt regulation and policy which protects the stability of the cloud.