Saturday, May 13, 2017

When Our Modern Infrastructure Fails
















#12,556


Yesterday's global hack attack, the extent of which is still unfolding, is a reminder that many of the services and conveniences we take for granted - and indeed, have become dependent upon - are far more fragile than we might believe.
I'm hardly a Luddite - I was programing computers for a living before IBM introduced the PC (anyone remember the CPM operating system?) - and while I've lost track of how many computers I've owned over the past 38 years, I currently have five devices (both iOS & Windows) in my home. 
I've watched the world go from `Why the heck would I want a home computer'  - a legitimately difficult question to answer 35 years ago -  to `OMG, the Internet is down . . . what are we going to do!'.  
It's a serious question, and one that everyone (individuals, businesses, hospitals, utilities, and government agencies) need to address. Because the trend is towards more - and more sophisticated - cyber attacks, not less. 
Keeping computers updated with the latest patches, installing the right protective software, and training people not to fall for phishing scams can reduce the risk. But a talented hacker - given enough time - can still find a way.

This time it was a ransomware scam - damaging - but not disastrous.  Next time, it could be  a targeted cyber attack on our electrical grid, or on a nuclear facility, or on one of our military defense systems.  Warfare in the 21st century can be waged from a computer keyboard anywhere in the world, and we might never know who hit us.
But it doesn't have to be a coordinated attack by a foreign state.
Last October, a cyber attack took down 911 call centers in more than a dozen states (including Florida, Texas, California, & Washington), when over a period of 12 hours a bit of malicious code released on twitter hijacked thousands of iPhones and caused them to dial 911 repeatedly (see WSJ Report).
The creator of this exploit?  An 18 year old from Arizona who thought it would be a great `prank'.  Last month Apple released an iOS patch for the iPhone to close this `undocumented feature'.
Taking down hospital computers, or 911 call centers, can be disruptive but the big threat would be an attack on our critical infrastructure, like the electrical grid, water supply, or Internet.  In 2015, Ted Koppel published a book called Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath, that explores this very scenario.

It is the job of the North American Electric Reliability Corporation (NERC) to "ensure the reliability of the North American bulk power system", a mandate given to it in 2006 as a result of the 2003 Northeast blackout which affected more than 50 million people in the United States and Ontario, Canada. 
In  2009, NERC issued a public notice warning that the grid was `vulnerable’ to cyber attack.
But the truth is, it doesn't take a `bad actor' to take down the grid.  Natural disasters, including hurricanes, earthquakes, and tornadoes can take down large sections - and broader disasters -  like a solar flare (or EMP), could take down the entire country.  
And not just for a few hours.
In Solar Storms, CMEs & FEMA, we looked at this nightmare scenario, which many experts fear is just a matter of time. Last October, the Obama White house issued an Executive Order: Coordinating Efforts to Prepare the Nation for Space Weather Events in anticipation of just such an event.

A similar impact (perhaps worse, but likely limited to a smaller area) could come from a deliberate EMP attack caused by a high altitude detonation of a nuclear device. While unlikely to be used by China or Russia, this tactic could be viewed favorably by rogue nations (like North Korea or Iran), or terrorist groups.
In either scenario, the lights could go out for weeks or months, not hours or days. And with the lights go our municipal water supplies, cell phones, internet, and practically all of the other infrastructure we depend on.
All of these dire scenarios require some type of outside catalyst.  An attack, or a natural disaster. But as we've discussed before, many parts of our electrical grid are built upon 100 year old technology, and some haven't been upgraded since the middle of the last century.

Every four years the ASCE (American Society of Civil Engineers) releases a report card on America’s infrastructure, and their most recent report (2017) warns that our cumulative GPA for infrastructure sits at only a D+, and two of our most vulnerable infrastructures are drinking water and the electrical grid.

Some excerpts from that report:

From Energy, which they rate as a D+:
Overview

Much of the U.S. energy system predates the turn of the 21st century. Most electric transmission and distribution lines were constructed in the 1950s and 1960s with a 50-year life expectancy, and the more than 640,000 miles of high-voltage transmission lines in the lower 48 states’ power grids are at full capacity. Energy infrastructure is undergoing increased investment to ensure long-term capacity and sustainability; in 2015, 40% of additional power generation came from natural gas and renewable systems. Without greater attention to aging equipment, capacity bottlenecks, and increased demand, as well as increasing storm and climate impacts, Americans will likely experience longer and more frequent power interruptions.

From Drinking Water, which they rate as only a D.
Overview
Drinking water is delivered via one million miles of pipes across the country. Many of those pipes were laid in the early to mid-20th century with a lifespan of 75 to 100 years. The quality of drinking water in the United States remains high, but legacy and emerging contaminants continue to require close attention. While water consumption is down, there are still an estimated 240,000 water main breaks per year in the United States, wasting over two trillion gallons of treated drinking water. According to the American Water Works Association, an estimated $1 trillion is necessary to maintain and expand service to meet demands over the next 25 years.


It's a sobering report, and covers everything from rail, and shipping ports, to bridges, dams, and levees.  Once you read it, you'll understand why failures - such as we've seen recently with the Oroville Dam spillway in California - are apt to increase over time.
While we can't know where the next infrastructure failure will occur, how widespread it will be, or how long it will last, the common denominator with most of these is a loss of electricity, water, and/or communications.
And these are things we all can - and should - be prepared to deal with. 
While cyber attacks, solar flares, and EMPs are admittedly low probability events - when you add in natural disasters like hurricanes, earthquakes and floods, and our aging infrastructure - the odds of having to deal with a prolonged infrastructure outage go up considerably.
So . . . if a disaster struck your region today, and the power went out, stores closed their doors, and water stopped flowing from your kitchen tap for the next 7 days  . . .  do you have: 
  • A battery operated NWS Emergency Radio to find out what was going on, and to get vital instructions from emergency officials?
  • A decent first-aid kit, so that you can treat injuries?
  • Enough non-perishable food and water on hand to feed and hydrate your family (including pets) for the duration?
  • A way to provide light (and in cold climates, heat) for your family without electricity?   And a way to cook?  And to do this safely?
  • A small supply of cash to use in case credit/debit machines are not working?
  • An emergency plan, including meeting places, emergency out-of-state contact numbers, a disaster buddy,  and in case you must evacuate, a bug-out bag?
  • Spare supply of essential prescription medicines that you or your family may need? 
If your answer is `no’, you have some work to do.  A good place to get started is by visiting Ready.gov.
While preparedness may seem like a lot of work, it really isn’t.  You don’t need an underground bunker, an armory, or 2 years worth of dehydrated food.  But you do need the basics to carry on for a week or two, and a workable family (or business) emergency/disaster plan. 
For more information on how to prepare, I would invite you  to visit:
FEMA http://www.fema.gov/index.shtm
READY.GOV http://www.ready.gov/
AMERICAN RED CROSS http://www.redcross.org/

 And some of my preparedness blogs include:
When 72 Hours Isn’t Enough
 
In An Emergency, Who Has Your Back?
Are You Ready For Tornado Season 2016?
         OSU: Pragmatic Action - Not Fatalism - In Order To Survive The `Big One’