How Bad Would Global Cyberwar Be For The Public?

[Iam Joy]

I was just reading 'Is the world on the brink of cyber war?'

 

http://uk.news.yahoo.com/cybergeddon-cyber-war-is-going-on-around-us.html

 

I had a scan of the comments and none of them are worried in the slightest. How do you feel about the idea of global cyberwar? Do you think it's a better idea than 'real' war? How much would it impact on the general, ordinary public, and how do you think we'd cope in everyday life during/after the war?

[belovelife]

well, i guess it depends on the definition of a cyber war

 

for instance, if one attack of the cyber war made the face of your uncle look bad

 

where

for each picture

 

face recognition

 

then add devil spikes

 

 

 

then every face in the world that had a similar picture to your uncles would seem bad

 

essentially assasinating the face

this would be a difficult thing to get out of the " i can tell" sort of prejudice

 

among other things that can potentially happen in a cyber war

[maddog]

I was just reading 'Is the world on the brink of cyber war?'

 

http://uk.news.yahoo...-around-us.html

 

I had a scan of the comments and none of them are worried in the slightest. How do you feel about the idea of global cyberwar? Do you think it's a better idea than 'real' war? How much would it impact on the general, ordinary public, and how do you think we'd cope in everyday life during/after the war?

I guess what concerns me is our Electric Power Grid, Gas Line Grid, etc are not as secure as they should be. Daily companies are being "hacked" for their passwords, credit accounts, etc. I can imagine an "all out cyber-war" would be "very bad" indeed.

 

maddog

[Lancewen]

I guess what concerns me is our Electric Power Grid, Gas Line Grid, etc are not as secure as they should be. Daily companies are being "hacked" for their passwords, credit accounts, etc. I can imagine an "all out cyber-war" would be "very bad" indeed.

 

maddog

 

I agree it is bad, and what makes you or anyone else think we are not in the middle of cyber war now? We are constantly hearing about what the Chinese hackers are are doing to us, and I keep wondering what we are doing? Are they responding to our messing with them or are we responding to them in any kind of counter measures?

 

I think there is a good deal of what could be considered war like cyber activities going on, under the public radar. I'd like to really know where we stand in our ability to defend ourselves and to respond with our own cyber attacks.

[Moontanman]

I do know people who keep a large amounts of cash on hand, guns, and ammo, just for such an emergency...

[Lancewen]

I do know people who keep a large amounts of cash on hand, guns, and ammo, just for such an emergency...

 

Then it's a good thing your not a criminal, because he's got everything you would want if you were.

[CraigD]

How much would it [global cyberwar] impact on the general, ordinary public, and how do you think we'd cope in everyday life during/after the war?

The answer to this question depends critically on what kinds of computer systems are attacked, and how.

 

A really nasty attack would be a timed one against auto and train traffic signals. Imagine the consequences of making, at single moment coinciding with peak high-speed traffic, all the lights at every intersection with computerized lights turn green in all directions, causing thousands of simultaneous high-speed car crashes, and tens of passenger and freight train crashes, overwhelming the capacity of rescuers teams and hospitals. Or a timed attack against the control systems of a single type of commercial aircraft, causing the simultaneous catastrophic failure of the fly-by-wire systems of hundreds of aircraft of those type, each carrying 100+ passengers.

 

Attacks like this would have a great impact on the general public, measurable by number of deaths in a single day, comparable on the scale of a nation to a WWII aerial bombing attack on a city.

 

Less nasty but inconveniencing enough that it would likely cause some injury and death would be an attack on electric and other utilities computer systems, causing service outages.

 

Another less nasty but dangerous kind of attack would be attacks on the systems that allow us to purchase food, fuel, and other necessities – banking/payment systems, inventory and transportation management system, etc.

 

If launched against all or most of such systems in a city, region, or whole country, attacks of this sort could have an impact similar to sever weather-induced supply, power and other service outages.

 

Most of what are at present being called acts of “cyberwar” are various apparently state-sponsored corruptions of computer systems being used for research programs being conducted by one state, which other states wish to slow or stop. The most well-known of these is the Stuxnet, which targets software used to control specific kinds of expensive machines, in particular centrifuges used to separate uranium in solution, badly damaging them. Attacks of Stuxnet, widely believed to have been sponsored by the US and/or Israeli governments, set back Iran’s uranium enrichment program. Though expensive and time-consuming, these attacks didn’t injure or kill anyone.

[cal]

So what if someone had the RSA keys to the main DNS servers, or knew the physical location of the 13-ish Root Servers and bombed those?

 

I feel like that would hit almost everything listed so far... How screwed would we be if the Root Servers went out lol?

[Racoon_v2.0]

An EMP bomb drop would be really bad.

 

No electricity = you can't get your money out of the bank. Pandemonium ensues. Also no Cell Phones.

OMG we'll go back to 1982.

[Lancewen]

An EMP bomb drop would be really bad.

 

No electricity = you can't get your money out of the bank. Pandemonium ensues. Also no Cell Phones.

OMG we'll go back to 1982.

 

It's actually worse than that. If most of the transformers in use on our power grid are damaged, it will take many months to replace them as we currently in the U.S. have no capacity to build replacements. In many cases it will take over a year to get them replaced. Next, every single gas station uses electric pumps. So right away large segments of our population can't go to work anymore, Refineries will have to shut down because portable generators just won't cut it. Our trucking industry will have to shut down. So how are the food stores going to be restocked? Not sure how much impact no power will have on water, but I would hazard a guess that it won't be a good thing.

 

I would guess law & order will break down, and armed gangs will roam around taking what they want. Considering the number of guns owned by the public, a bad situation will go downhill very fast.

[CraigD]

Well, this thread started out talking just about cyber warfare. EMP bombs – or just plain old explosive bombs – are instruments of regular warfare, which as history has show many times, can make great messes.

 

So what if someone had the RSA keys to the main DNS servers, or knew the physical location of the 13-ish Root Servers and bombed those?

 

I feel like that would hit almost everything listed so far... How screwed would we be if the Root Servers went out lol?

This is over my head technically – I’m an app developer, not a DNS guy – but I know that the domain name servers within my biz’s network can be quickly rebuilt on new hardware, with new ~/.ssh/ keys, so expect that the public ones can be, similarly. So your ISP points to the new DNS’s IP address, they bounce all the connections, and all should be restored.

 

Of course, if an attacker can repeat their exploit, and nobody can figure out how they’re doing it and stop them, it’d be a tremendous mess.

 

It's actually worse than that. If most of the transformers in use on our power grid are damaged, it will take many months to replace them as we currently in the U.S. have no capacity to build replacements. In many cases it will take over a year to get them replaced. Next, every single gas station uses electric pumps. So right away large segments of our population can't go to work anymore … So how are the food stores going to be restocked? Not sure how much impact no power will have on water, but I would hazard a guess that it won't be a good thing.

True all that.

 

However, I was surprised to see video of gas stations closed due to electrical outage during the recent “superstorm Sandy”. I worked for a while driving a truck that I sometimes refueled at an old ex-National Guard armory, which due to remoteness and cost cutting, was off grid, but kept it’s underground tanks fueled. I had a little portable gasoline generator tied in the loft of the truck, which I’d get down, connect to the pump, fire up, fuel up the truck, then shut everything down and stow it away for next time. Why major commercial chain gas stations don’t have emergency preparations similar to this, I’m at a loss to explain.

 

Refineries will have to shut down because portable generators just won't cut it. Our trucking industry will have to shut down.

I’m not sure about that. I’ve found several references to “off-grid co-generation” for refineries, where they get their electricity (as a rule of thumb, it takes 5kWH (18 mJ) to refine each gallon of gasoline from crude oil) from on-site generators powered by waste from the refining process. Even if they had to use some of their refined product, it seems to me that good, well-funded engineers could get a big oil refinery running complete off the main power grid fairly quickly.

 

I would guess law & order will break down, and armed gangs will roam around taking what they want. Considering the number of guns owned by the public, a bad situation will go downhill very fast.

We’ve a lot of 20th and early 21st century history of such breakdowns (eg: during the Bosnian and Iraq wars), and I personally know civilians who lived through both. While law and order did break down, it wasn’t as complete a breakdown as my 1970-80s survivalist upbringing led me to expect – which has led me to question much survivalist dogma, such as unchecked armed gangs taking what they want. That didn’t really happen in Sarajevo in 1992, or Bagdad in 2003.

[Deepwater6]

I manage 4 water plants in the northeast. All together we can produce 160 MGD a day. Our usual load 3.5 to 4.0 megs depending on the season. Since we are a publically held company with share holders we have access to more investment that small town water utilities don't.

 

We have two services coming into the main plant. We also have (5) 2 meg gens for back-up which we did use for Sandy. We have been asked and do participate in a payed program that agrees we will take our load off the grid when asked to by the electric provider. This usually occurs when a heat wave occurs and they have trouble keeping up. They pay us for the year just to be on standby even if they don't use us, but every year we get more calls than the last. This tells me ey are falling further and further behind.

 

There a few things to remember with water utilities. They share resources through inter-connects, however that only goes so far. Oue entire SCADA network that controls punp drives, chem doses, open/closing valves throughout the entire complex is completly separate from all other computers on the property. It has no link to the web through sats or hardline.

 

As someone above stated there are alot gaps in the system and as a country we are not prepared for a CW. We happen to be ahead of the curb because of the finaince. I can't speak for gas/electric companies. I do know the PUC, DEP, EPA, to name a few, question us about our computer system. I know they visit other utities so the same questions must be asked. In addition my operators know how to run the plant in manual control should they ever need to. Remember utilities were in operation long before computers came along.

[Lancewen]

I manage 4 water plants in the northeast. All together we can produce 160 MGD a day. Our usual load 3.5 to 4.0 megs depending on the season. Since we are a publically held company with share holders we have access to more investment that small town water utilities don't.

 

We have two services coming into the main plant. We also have (5) 2 meg gens for back-up which we did use for Sandy. We have been asked and do participate in a payed program that agrees we will take our load off the grid when asked to by the electric provider. This usually occurs when a heat wave occurs and they have trouble keeping up. They pay us for the year just to be on standby even if they don't use us, but every year we get more calls than the last. This tells me ey are falling further and further behind.

 

There a few things to remember with water utilities. They share resources through inter-connects, however that only goes so far. Oue entire SCADA network that controls punp drives, chem doses, open/closing valves throughout the entire complex is completely separate from all other computers on the property. It has no link to the web through sats or hardline.

 

As someone above stated there are alot gaps in the system and as a country we are not prepared for a CW. We happen to be ahead of the curb because of the finance. I can't speak for gas/electric companies. I do know the PUC, DEP, EPA, to name a few, question us about our computer system. I know they visit other utilities so the same questions must be asked. In addition my operators know how to run the plant in manual control should they ever need to. Remember utilities were in operation long before computers came along.

 

It's not just computers that get fried by a nuclear EMP. You won't be getting any power off the grid and whatever backup resources you have won't last very long. Also, I'm thinking the damage probably won't be equal all over, but whatever resources are available will be allocated to only high priority usage (water will be quite high on the list), but the average Joe citizen will really be in bad shape for awhile.

[Deepwater6]

Agreed, as stated in the post, there are gaps and we are woefully unprepared as a society. Storms like Sandy give people a taste of what it would be like. It also gives the government a chance to learn how to cope with it on smaller group rather than a macro outage.

 

The storm prompted three of my employees to buy natural gas driven generators. They have large holding tanks, but as you said it will only last them so long. After that we are screwed :(

[Lancewen]

 

We’ve a lot of 20th and early 21st century history of such breakdowns (eg: during the Bosnian and Iraq wars), and I personally know civilians who lived through both. While law and order did break down, it wasn’t as complete a breakdown as my 1970-80s survivalist upbringing led me to expect – which has led me to question much survivalist dogma, such as unchecked armed gangs taking what they want. That didn’t really happen in Sarajevo in 1992, or Baghdad in 2003.

 

That may have been true in those places, however we already have a sizable gang problem that wouldn't hesitate to take advantage of the situation. Also, I'm sure most people would live through it, but the quality of their lives would suffer a great deal to the point that many might not care to live through it. Certainly the very old and very young might find it hard to survive the ordeal.

[Deepwater6]

That may have been true in those places, however we already have a sizable gang problem that wouldn't hesitate to take advantage of the situation. Also, I'm sure most people would live through it, but the quality of their lives would suffer a great deal to the point that many might not care to live through it. Certainly the very old and very young might find it hard to survive the ordeal.

 

http://www.cnn.com/2012/11/08/us/northeast-weather/index.html?hpt=hp_t1

 

If you did have self generated power in the winter when everyone is out you would become a target. All they would have to do is see the lights on at night to find out. If it gets to the point where you can't use your own power for fear of people coming for it, then you won't be able to use it much yourself. Your quality of life will definetly change prepared or not.

[Buffy]

I think it's important to note that the actual outcomes of cyber war will probably heavily depend on the motivations behind the attack. There are lots of others, but the two main ones I worry about are:

• Anti-western/technology terrorism: al Qaeda-style extremists--while happy to use technology as a tool and weapon--really seem to be interested in destroying technology even for themselves because it is a "corrupting influence", and once in power it becomes a threat to control. These are the folks I worry about the most, who are most likely to actually want to pursue attacks like EMP'ing or hacking the DNS roots.
  
• State-actors: States acting against one another--China or Russia or even Iran vs. US/EU--are not seeking to destroy the technology itself because their own states depend on it. As a result, anything that destroys the infrastructure of the internet is just as bad for them as it is for the country they might attack. As a result their targets are most likely to be individual targets.
  

The important thing for the latter group is that what these actors are seeking is *competitive advantage*. Starting a war with another country these days really is seen as counter-productive by just about everyone these days because the instant costs of declaring war are so high: only countries with demented leadership (e.g. North Korea) really want to go to war these days.

 

So if you're China or Russia, you actually are more interested in *stealing stuff* and getting away with it without leaving any damage; and when you think about it, if you can break into a bank, steal it's money, and then leave it so that the bank doesn't know how you got in, you can come back and steal more stuff later! In this situation, who wants to break anything?

 

If you're the US or Israel trying to prevent Iran from getting The Bomb, the goal *is* to break stuff of course, but the problem is you're going to be accused of it even if you leave not tracks, so it becomes very important to try very hard to stay inside at least the "spirit" of UN-Sanctions or diplomatically engineered coalitions supporting such action. It's still cyber war of course.

 

If you're a terrorist though, just monkeywrenching anything gets you attention, and as the title implies, creates terror. That's probably the biggest risk that we have to deal with and several of you have discussed scenarios for that above.

 

On the plus side, the proliferation of technology actually is making it harder to even find stuff once you've gotten past a firewall, or know what to do with it even if you can get there. Stuxnet, which "someone" used to attack Iran's nuclear centrifuges, was not all that ingenious as a computer worm: it basically used techniques for passing the virus that go back to the pre-network days of spreading viruses through floppy disks (with thumbdrives filling the role now). What really made the thing work though was complete, inside-out knowledge of the actual process automation hardware and software (Siemens I think) that really is only available to people who develop gigantic factories: you're talking about at most a thousand or so people in the entire world have this knowledge and even fewer the access to the systems to test the bug on to figure out how to make it do what you want to do (order the centrifuges to overspin so they destroy themselves). That kind of ability takes a huge amount of resources to develop, and isn't readily available to 4 radicalized grad students in Somalia.

 

I think if it was, we'd have seen a whole lot more of it already.

 

The only winner in the War of 1812 was Tchaikovsky, :phones:

Buffy