Jun 052012

The next attack on the US may be via cyber-warfare rather than traditional means.

Here is an interesting two page article on the CNBC website.

It is interesting and also has some irony in it.  The irony is that one of the best known ‘virus hunter’ companies out there, Kaspersky Labs in Moscow, is rumored to be associated with the Russian intelligence services.  Are they really friend or foe – good guys or bad guys?

And even if not controlled by or working in cooperation with Russia’s security services, note also the comment about its passive non-activities when confronting Russian originated cybercrime – and the huge $12 billion a year value of cybercrime at present.

Kaspersky’s call for an international treaty banning cyber-warfare seems naive and would disadvantage us if passed.  Cyber-warfare is, by definition, discreet and obfuscated; and if successful one never really knows what happened, how, or why, and – most to the point – one never knows which nation originated the attack.

An international treaty against cyber-warfare would only constrain ‘honest’ countries – the countries we have the least to fear from, while doing nothing at all to discourage dishonest countries from pressing forward with their cyber-warfare plans.  Unlike the complex industrial processes needed to research and built a nuclear weapon, cyber-warfare research leaves no clues of its presence.  All the attackers need are a few computers.

However, when Kaspersky points out that a cyber-attack could disrupt power grids and financial systems, and wreak havoc with military defenses, he is echoing our concerns, and when he says cyber weapons are the most dangerous innovation of this century, he is exactly correct.  He goes on to explain that a growing array of countries and shadowy other entities (terrorist organizations, organized crime groups, etc) are using ‘online weapons’ because they are thousands of times cheaper than conventional armaments.

He doesn’t say, but could, that cyber attacks are also thousands of times safer for the attacker.

Implications for Preppers

The main reason for our several mentions of cyber-threats recently is simply to point out another area where society is vulnerable to a massive failure that could mean the end of Life as we know it (LAWKI).

As Kaspersky points out, a computer virus could disrupt/destroy our power grid or our financial system, and that’s just the start of a long list of vulnerabilities.  As we’ve said before, we challenge you to mention any essential part of our life today that doesn’t rely on computerization.

The bottom line is clear (at least to us as preppers).  Many people, with both eyes tightly shut, like to think of modern society as invulnerable, or at the least, as ‘fault tolerant’ and resilient.  If something fails in our modern society, these people like to think that it would only require a few minor adjustments to return life pretty much back to ‘normal’.  We disagree.

Modern society is not fault tolerant.  It has a growing series of interlocking dependencies, and with ‘just in time inventories’ and with much less underlying industrial capacity and longer lead times to retool up and create productive capacity to manufacture just about anything and everything, it only requires the failure of one seemingly small part of the total structure of our society to result in the entire edifice crumbling and crashing to the ground.

Many of these vulnerabilities are subtle and are things that we’ve never even stopped to think about – for example, the fire in a single small factory in Germany that now threatens the global automobile industry.  While that is hardly a society-destroying failure, it indicates how small things have unexpected and much larger consequences, and who knows what the next failure or consequence might be.

We can’t prevent such failures from unexpectedly occurring, and neither can we predict what they are and when they might happen and what the outcomes might be.  All we can do is prepare for the consequences.

Our Retreat Systems Are Vulnerable Too

One more thing.  It is wise to maintain a general distrust of all computerized equipment.  Computer viruses don’t just attack what we think of as computers – devices with a screen and keyboard which we can browse the internet on.  They also attack computer controllers – the internal control circuits that are becoming an essential part of almost everything, from automobiles to elevators, from home automation systems to industrial machines, from credit/debit card readers in a store or gas station to stop lights and other traffic management systems, from airplanes to telecommunications, and for sure, the network hubs and routers that are the glue that binds the internet together.

All of these computer controllers can be infected with viruses to disrupt how they control the device they are installed inside, and with many times a very wide range of different devices all using the same internal controllers, the potential for widespread havoc and disruption is magnified.

For example, at your retreat, you may have some electricity generating equipment – maybe a generator, maybe solar panels, maybe even a wind turbine.  And you probably have a bank of batteries to store electricity.  Which means you also have some sort of charging and battery management control system, which almost certainly is managed by a computerized controller.  What happens if the computerized controller starts misbehaving?

It is probably impossible to build an effective efficient retreat without using some computerized controllers, and the risk is that for all you know, the computerized controller has within it a hidden line of code that says ‘On Dec 21, 2012, stop working’ (a terrorist with a sense of humor!).  Of course this is just one example of how a virus could be activated, there are many other ‘trigger’ events that could apply too.

All we are saying is that after you’ve built your first layer of preparations, start to think about ‘what if’ events that could impact on them.  In the case of computerized controls, you need to consider a double vulnerability – not just cyber-warfare, but also to EMP effects too.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>