Oct 142012
 

More freight is moved a greater distance in the US each year by rail than by any other method.

The movement of people away from rural areas and into the cities has meant that food has to travel longer distances between the people who grow it and the people who eat it.  The evolution from lots of small manufacturing companies to only a few mega-companies (in each industry) has caused a similar increase in distance as between where products are manufactured and where they are sold/consumed/used.

We can no longer obtain everything we need in our lives, ourselves, by walking or driving to the actual sources of the things we need and buying them directly.  We are reliant on other people, sometimes far away, transporting them to retail outlets conveniently close to us, and if those people stopped transporting the things we need, we’d not be able to go get them ourselves any more, because the distances are way too great.

Our ‘advanced’ economy also means that, in general, we are using more and more manufactured or processed or complicated things in our lives, rather than living primarily off items and objects produced locally.  Even if we could buy something we need locally, the chances are that the person who makes the thing we need is, himself, dependent on some raw material or essential ingredient that comes from far away.

We all sort of know this instinctively, but have you ever worked out what it actually means.  Here’s an interesting report about the nation’s rail system, and in particular, the table on page 6 is astonishing.  Without considering the distance the freight has to be moved, if you divide the total freight moved around the nation each year by the country’s population, for the last twenty years the answer has been a fairly consistent figure of 40 tons of freight is transported, each year, for each person living in the US.

This figure includes all sorts of things that we probably don’t even think about – the movement of fuel to power stations to create the electricity we use, for example, and not just stuff that needs to be moved to us for our consumption, but also the movement of stuff made by us, which is necessary for us to remain in employment.  It includes the domestic portion of goods being exported and also the domestic portion of goods being imported.

Our point is simply this.  Think about the magnitude of 40 tons of goods per person per year.  That’s almost a ton per week.  It is 220 lbs of materials of all different sorts, sizes and shapes, moved every day of the year, for each person in the country.  Some items are moved short distances only, others are moved from one side of the country to the other.

Now ask yourself – what would happen if something interfered with our nation’s transportation system, making it difficult for all this material to be efficiently moved every day (34.2 million tons every day)?  The answer, while unclear, is certainly not a positive one.

Now ask yourself the next question – is our nation’s transportation system a robust and secure system that can withstand occasional outages and service losses, or is it precariously balanced and vulnerable?

There are essentially five forms of freight hauling in the US.  Rail moves 39.5% of the total ton miles, followed by trucking (28.6%), pipelines (19.6%) and water (12.0%).  Air carries a mere 0.3% of total ton miles.

So air freight is an insignificant source of freight movements to start with.  Water freight is not something that can be appreciably grown – the few navigable rivers suitable for commercial barge freight are already being used for those purposes, and due to the slow speed of water traffic, it can only be used for some types of freight.

Pipelines show a surprisingly large percentage of total freight moved, but they are clearly only suited for some sorts of products – ie liquids and gases.  Pipelines are used to move bulk supplies of oil and gas around the country, but aren’t practical for just about anything else.

This leaves us with rail and trucking for just about everything else.  To a certain extent, it is fair to say that if there’s a reasonable sealed road, you can operate a truck on it, at least short-term (assuming there are no height, width, or loading restrictions).  In theory, the same is true of rail freight – if there’s a rail line, you can operate trains on it.

But let’s think some more about rail, which carries 39.5% of all freight (compared to trucking, which carries much less – 28.6%).  Rail is clearly a critical part of our freight system, and its importance is growing.  After decades of decline , about fifteen years ago rail freight experienced a turnaround, and has been steadily growing its share of long haul freight subsequently, in particular because it is such a cost-effective means of transportation.

First, a freight railroad needs high quality track for the very heavy trains to move over.  You can’t resurrect a stretch of abandoned rusting track, unevenly now misaligned, and with rotten cross-ties, and start operating freight trains over it immediately.  You’d probably need to upgrade the rail to a heavier type of rail, you’d need to redo the track ballast (and possibly even the underlying track bed) and the ties, and the signaling too, before you could start running trains.  There’s nothing impossible about doing that, but it for sure would take time.

Our nation does not have many railroads these days.  While there are about 140,000 miles of railroad track in total, much of this is on spurs, and there is not the same level of interconnected redundancy that there is with surface roads (of which there are 2.7 million miles of paved road plus plenty more unsealed road).

Have a look at this map (which only shows the major lines rather than minor spurs) then look at your state and count the number of ways trains can enter/exit your state.  If you live in WA, you have five paths, if you live in ID, you have six (or less – problems at key points inside the state could eliminate multiple paths in and out), if you are in MT, you have nine (or less), and so on.

The relatively small number of main railroads is exacerbated by ‘choke points’ on their routes – either tunnels or bridges.  In both cases, the loss of a tunnel or bridge would close a rail route for potentially many months or even years.

Okay, so maybe if a group of terrorists worked really hard, they could destroy 100 or 200 key bridges and tunnels that would bring the nation’s long distance rail traffic to almost a complete halt.  You can understand that, and you will probably also discount the likelihood of that occurring.

But there’s another entire level of vulnerability that you’re probably not even thinking of.  One of the big differences between rail and road traffic is that whereas road traffic is ‘self guided’, rail traffic has to be guided all the way.  The drivers of cars and trucks always know which side of the road to drive on, and rely on maps, GPS, and road signs to know where to turn to get to their destination.

Not so for rail.  Each train relies on a network of signals to tell it when it is safe to proceed or when it must stop and wait (even though the train’s driver might not know the reason for the delay or the rationale behind the ‘all clear/proceed’ signal), and every train relies on each switch that it crosses being set correctly, so that it is always switched onto the right track.

Signaling is an essential part of the safe and efficient operation of a rail system.  Most accidents (and nearly all of the preventable ones) that occur on a rail network are based on signaling failures.

Guess what.  Much/most of this control is managed by automated systems and computers these days.  If the computerized controllers were infected with a malicious bug, they might start switching east-bound trains onto tracks currently being used by west-bound trains, creating massive head-on collisions.  If the two oncoming trains were also controlled and timed so that the collisions would occur in cities, and if one train had inflammable or explosive materials, and the other train poisonous materials, the effects could be catastrophic.

In addition to setting switches incorrectly, a computer attack on railroad controllers could also misreport their status to the humans who do keep an overall supervisory level of control over their railroads.  They might think that a switch was set to ‘straight ahead’ whereas in reality the switch was set to ‘divert’.  Or maybe a switch could wait until one second before the train arrived at it to then switch over, at which point it would be too late for any override or other human response.

Of course, a switch that flicked over halfway through a train passing over it would simply derail the train and block the track for however long it takes to clear it.  It doesn’t necessarily take a railroad long to respond to and clear a single incident, but what if every train get derailed – how long to solve all those problems?

More benignly, the control systems could simply set all signals at stop.  The rail system would be paralyzed, and a return to manual control would massively reduce the volume of freight which could be transported.  Much of our rail system is single track – one track is shared alternately by trains traveling in opposite directions, a situation which requires careful sequencing and control.

Our point is this – there are some single points of vulnerability and failure that could essentially zero out our rail system if they were to fail.  And it isn’t just us hypothesizing about this – read this report where the US Secretary of Defense, Leon Panetta, specially refers to the vulnerability of railroads to computer/cyber attack.  Indeed, he talks about our nation being at risk of a cyber-Pearl Harbor.

Let’s think things through a little bit more.  If our rail system fails, we have only one fall-back option to replace the trains – truck based shipping.  But we don’t have the trucks available to suddenly handle a 150% increase in freight.  For every ten trucks on the road now, we’d need to add another 15 – where will they all come from?  And also, what would happen to our already congested roads?  If they suddenly had to handle 2.5 times the number of trucks there already are, what do you think will happen to congestion and travel times?

Even if we could miraculously get the extra trucks needed, the impact on our economy would be enormous.  Trucked freight costs five to ten times more than railed freight (per ton/mile).

Oh – and when we said, above, that road transportation is self guided, we’re only half right about that.  Think about driving anywhere – sure, you’ll follow street signs and use common sense, but there’s something else you’ll come across sooner or later.  Traffic lights.  As you know, even the failure of one single traffic signal can screw up traffic for blocks and blocks, and even if a policeman manually directs traffic, he never seems to do as good a job as a traffic light does automatically.

All traffic lights are computer controlled.  Some are semi-independent, controlled on a fixed/demand driven process by the traffic around them, others are moderated by central computer systems, but all of them use computer controllers.  What happens if they stop operating, or if they start misbehaving?  At best, you’ll have gridlock across the nation.  At worst, if traffic lights start going green in all directions at once, you’ll have accidents galore.

So, to circle back to our opening point.  We all rely on the safe and efficient transportation of 40 tons of freight a year to support our lives and our lifestyles.  And while those 40 tons of freight comprise a massive variety of different products and modes of transport, both in your local area and elsewhere in the country, with a chain of dependencies that we can’t even start to guess at, the uncomfortable reality is that just a very few failures in a limited number of key parts of the national transportation system could cause the entire system to come falling down.

Add to that the ‘just in time’ delivery system which relies on the ability of goods to always arrive where they are needed, at the time they are needed, and with little or no reserve supplies kept anywhere, and the net result could be that a failure of the transportation system 1500 miles away from you ends up with life threatening shortages of essential items in your area, too.

Being reliant on the proper movement of 40 tons of stuff a year is a huge dependency, and one we can do little to directly control.  Are you worried about this?  Defense Secretary Leon Panetta is.  Don’t you think you should be, too?

Aug 312012
 

Imagine this scene, repeated a million times across the country, all within five minutes. Here’s how it could happen.

Let’s mix together a couple of known vulnerabilities and see what might happen.

The first known vulnerability is the ‘just in time’ system whereby no supermarkets or pretty much any other business keeps a reserve stock of goods, relying instead on deliveries timed to arrive just as stocks are about to run out.  This is very dependent on the smooth predictable operating of our transportation system.  Ordering new supplies of a product that are three trucking days away involves the assumption/expectation that the trucks will indeed cover the journey in the three days anticipated.

The second known vulnerability is for viruses to infect computers and other computer controlled devices.  We’ve written about this several times – you can see a list of relevant articles about the vulnerabilities in computers and control systems here.

Now, let’s join these two risks together.  Did you know that just about all modern cars and trucks are computer controlled?  A modern vehicle has a dozen or more computer subsystems within it, controlling just about everything the vehicle can do.  These days, even the gas pedal isn’t an ‘analog’ control device such as it used to be.  In the past, when you stomped on the gas pedal, a series of link rods or a cable transferred your movement of the gas pedal to eventually a movement in the carburetor valves, increasing the flow of the fuel/air mix into the engine proportional to your gas pedal movement.  Sure, the cable could break, the link rods could stick, but there’s no way that some other person, in another country, could do something to interfere with your car (and everyone else’s car simultaneously) to stop it accelerating when needed.

But these days when you move your gas pedal, a rheostat sends an electrical signal from the gas pedal to the engine management computer.  The engine management computer interprets that signal and decides what to do in response.

We sometimes now have situations involving mysterious things like unintended acceleration.  The real cause of these is hard to establish, but one of the factors that is a possibility is a glitch in the programming that runs the engine management computers and how they interpret and respond to things in different scenarios.  We all know there’s no such thing as bug-free software, after all.

But let’s move beyond that to a less benign thing.  What say hackers deliberately infected the engine management computers of as many vehicles as they could, loading in a secret bit of code that would instruct the vehicles to maybe simply just die at a specific time.  More malignantly, they could instruct the vehicles to switch to full throttle acceleration at that time, and also make the vehicles ignore any attempts to kill the engine by turning off the ignition switch.  Depending on the sophistication of your vehicle, it might also be able to interfere with your attempts to brake, and it might even lock all the doors and roll up the windows, trapping you inside.

Such a sequence of events would either destroy the vehicle engine or the vehicle entirely, and possibly both.  It wouldn’t be very good for the people in the vehicle at the time, either!

How could this be done?  How could a hacker in, for example, Bulgaria or Turkey or anywhere somehow load a virus into your car, and into many millions of others, too?  Unfortunately, that isn’t as impossible as you might think.  Sure, your car is probably not connected to the internet.  But it regularly connects to devices which are connected to the internet, such as diagnosis computers when you take your car in for servicing.  You probably don’t realize that many times, part of a routine servicing will be uploading new patches and fixes to your car’s computer systems.  If the hacker has managed to get into the General Motors (or any other manufacturer’s) system and infect that with his virus, it will get transferred to your car as part of the update.

Alternatively, another way into your car is to infect the computer programs that run the diagnostic machines.  If the hackers can’t get into the auto manufacturers’ computer systems, maybe they can instead get into the diagnostic machines and attack your car that way.

There are lots of other ways to achieve the same objective, even loading bogus software onto a CD or DVD that powers your sat-nav system, or which simply runs in your car-stereo might do the job.

Let’s say the hackers do succeed in getting some virus code into several of the major car manufacturers vehicle lines.  Then they just program the code so that it will simultaneously fail all the vehicles at very close to the same time.  One minute, traffic is flowing smoothly across the nation, then over the course of ten minutes or so, cars and trucks start careering wildly across freeway lanes, running off roads, having multiple vehicle collisions, and blocking major freeways and arterials with the wreckage caused.

How long would it take to clear the roads – remember that the vehicles used for road clearing may be affected and inoperable too?  How long would it take to replace the disabled vehicles – either their control systems or the vehicles entirely?

There’s just not the inventory of spare vehicles or spare computer controls ready to be deployed.  Sure, we’d all rush to the nearest second-hand car dealer to get a replacement, but many of these vehicles will also be infected, and there isn’t enough inventory of second-hand cars (and, more importantly, second-hand trucks) available to quickly resupply our needs.

How long would it take to urgently build millions more control computers?  That could be somewhere between months and years.

And that three day delivery time for fresh food?  That ain’t gonna happen, is it.  Not in three days.  Not even in three weeks, and even three months is probably way too optimistic a hope.

Such a scenario is far from impossible to put together and create, and even if it only disabled one half or one third of all the vehicles out there, the effects would be much greater than a one half or one third diminution from normal.

Let’s also remember that emergency service vehicles would also be disabled.  As soon as rioting breaks out (which it inevitably would) neither the police nor fire services will be able to adequately respond.

And next time a power line goes down, will the utility company’s truck be working to go repair it?  Will it even be able to get there due to stalled vehicles blocking the road.

Sure, some food supplies could be air freighted around the country – but think through the entire process involved there.  The food and other essential goods would first have to be taken from where they were grown or made and trucked to the airport – how’s that going to happen?  Then, upon arriving at their destination, they still have 10 – 100 miles from the airport to wherever they ultimately need to get to.  So that’s not going to be an adequate or effective solution.

Let’s say that freight capabilities drop by two thirds.  What would you do if you could only get one third the food you need?  And what will your neighbors do?  Don’t say ‘we’ll live off the food in the freezer’ because the power might fail, and with tankers not being able to deliver adequate fuel to your local gas station, your generator has a problem too.

Summary

People often like to ask us ‘So what all are you worried about?’ and it isn’t always an easy question to answer, because the short answer is ‘everything’ – a response which sounds foolish to someone how hasn’t really thought through the terrible vulnerabilities that are rife in our current system and society.

We know about and can list the ‘big’ deals that could destroy our society in a flash (literally in the case of nuclear war, figuratively in other cases) but the thing is the list of risks is very open-ended, and it doesn’t just include the things we can easily think of.  It includes all sorts of other things too – things we can’t conveniently think of today.  (Maybe just point them to our entire vulnerabilities section.)

A hostile nation hacking the vehicle management computers of our nation’s vehicles, and then commanding them all to fail at the same time is a viable attack that could be conducted, and a great example of a risk that few people ever stop to consider.  How many other obscure risks are also out there?  Ten?  A hundred?  A thousand?  It is anyone’s guess, with the short answer being ‘too many’.  Prepping is essential.

This article takes a positive approach to the challenge – it tells us how Intel (and others) are trying their hardest to close vulnerabilities and make it harder to get viruses into cars.  But if they succeed in making a virus-proof computer, that would be one for the record-books – to date every virus-proof computer has always been proven to be vulnerable.

This is another reason why, in choosing bug-out vehicles, we need to favor vehicles that are as low-tech as possible.

Sure, all the modern computerization does wonderful things for our vehicles, their fuel economy and reliability, and everything else.  But they add new risks and wild-cards, and make it harder for us to manage and maintain our vehicles, by ourselves (in an emergency).  They force us to become more reliant on uncontrolled and uncontrollable third-party sources of support, which is the exact opposite of what we seek to do as prudent preppers.

Jul 262012
 

Four Star General Keith Alexander is the Nation’s Top Cyber-Warrior.

Here’s a somewhat unfocused article that covers a lot of topics, but which quotes Gen Keith Alexander, the Director of the National Security Agency, and also the head of the Pentagon’s Cyber Command unit (this unit is sort of explained here) as saying

The conflict is growing [and] the probability for crisis is mounting.

Not only does Gen Alexander see a growing probability for a cyber attack on the US, he also worries that our vulnerability to the effects of such an attack is growing more severe, too.

Our point is simply this.  We’ve been commenting, repeatedly, about our nation’s vulnerability to cyber attack.  General Alexander – a full four star general – is probably the person best placed to understand the scope and extent of our known vulnerabilities (note the emphasis on the word ‘known’ – our biggest fear is from unknown and unexpected vulnerabilities that none of us have even thought of yet) and he agrees with us.

We, as preppers, aren’t Chicken Little type doomsdayers, obsessed with nameless fears about things that will never happen.  Quite the opposite – in every respect, our concerns are shared by mainstream thought leaders.  The only difference between us as preppers, and most other people, is that we not only recognize the vulnerabilities in our society, but we also choose to respond pro-actively to them, to safeguard our future survival.

Jul 152012
 

Computerized device controllers are commonly connected to the internet, and with very inadequate security protections.

It isn’t just us who are warning about computer vulnerabilities.  Now the Department of Homeland Security is getting in on the act too.  On Friday it warned that more than 11 million computerized device controllers around the world are vulnerable to cyber-attack by hackers.

These units control all manner of different things, from elevators to medical equipment, from security systems to other ‘sensitive operations’ at DoD facilities.  The common point of vulnerability they all share is a type of remote access/control system called the Niagara Framework.

This is a sophisticated type of universal access software that has over 4 million lines of code within it, and is used by devices in over 52 countries.  With so much sophistication, it is unsurprising that there may be some overlooked subtle bugs and vulnerabilities.

It isn’t just a case of ‘may be some bugs/vulnerabilities’.  It is a case of ‘yes, there definitely are known bugs and vulnerabilities’.  Indeed, some of the known vulnerabilities were discovered over a year ago, and remain still vulnerable now.

Note in this earlier article the myopic view – attacks on Niagara connected devices were thought to be unlikely because it was thought hackers would not be interested in such devices, and a large part of the ‘security’ was simply making the devices ‘hard to find’ – a nonsense claim as you’ll appreciate when you understand about software that seeks out all known types of internet connected devices, such as we explain and discuss here.  (Ironic note – when we wrote that article, barely a week ago, we were headlining the presence of 40,000 known vulnerable systems around the world – it seems that a week later, we need to increase that count from 40,000 to 11+ million!).

That concept of ‘security’ has been shown to be nonsense – one researcher managed to, single-handedly, discover thousands of Niagara connected devices on the internet.  And a couple of amateur ‘good guy’ hackers, also working on their own, have managed to uncover 25 serious different vulnerabilities that exist on network attached controllers.  After a day or so of research, it took them five minutes to be able to find a way to download details of all the usernames and passwords for any given Niagara connected system.

The Moral of the Story

The people who assure us of the security of the systems they design and sell have many times been shown to be making such claims based on ridiculous approaches to security.  It is like they lock the front door, then hide the key under the door mat, on the basis that ‘no-one is likely to visit your house, and if they did, well, they’d never think of looking under the doormat for the key’.

This is a dismaying insight into how the people we trust to protect the systems we both trust and rely upon in so many aspects of our regular lives, actually define ‘security’.  Unfortunately, as has been proven many times, people who seek to unlawfully access and exploit computer systems are massively more creative than the people we have charged with protecting and securing the systems.

The internet potentially allows anyone, anywhere, to access 11+ million different devices that apparently have somewhere between weak and no security at all protecting them from being taken over by unauthorized users.  What would happen if a coordinated cyber-attack simultaneously took over all 11+ million devices, and instructed them to misbehave?

Or, in a more subtle manner, what would happen if attackers took over the control systems for some of the DoD security monitoring systems, so as to gain physical access to installations that might well contain our own stockpiles of ‘weapons of mass destruction’ in some form or another.

Jul 132012
 

Our national grid relies on 2100 of these mammoth – and in many respects, irreplaceable – transformers.

We regularly worry in our articles about a failure of our nation’s electricity grid – the criss-crossing network of power lines that connect the various power generating facilities around the country with the various power consuming facilities – most particularly, the major switching substations that route the highest voltage connections around the country.

Think of the power grid a bit like a transportation network.  We have super-highways, regular freeways, highways, arterials, surface roads, minor roads, cul-de-sacs and so on.  For example, to drive from home to work, you first leave your driveway, maybe go down a residential street, then to a more heavily trafficked street, then to a major arterial, then onto a freeway, then through an interchange and onto another freeway, then off, via various surface streets, and ending up in the parking garage underneath your office.

It is the same thing with the movement of power across the country.  Power originates in a generating station, then travels to a switching station where it then joins a ‘super highway’; it travels across the country, and perhaps goes through some interchanges as it changes ‘freeways’, then starts to feed down through surface streets and their intersections, until ending up coming in to your own household.

The key points of vulnerability to the power network are not the thousands of miles of power line.  It is the ‘interchanges’ – the switching stations.  The power is useless and meaningless in the power lines – it only has value if it can pass through all the ‘interchanges’ and ‘intersections’ and complete its journey at your light switch and light.

Our Power Grid is a Mismatch of Incompatible Components

Unlike our national interstate system (and also unlike the internet), there aren’t a huge number of different routes power can travel to the people who need it.  And not every different path is fully compatible with every other different path.

There are 2100 major high voltage transformers (consider them as freeway interchanges) and in total, the nation’s power grid is operated not by a single authority or even by a coalition of half a dozen major players (as is the case with the internet, for example) but instead by an assortment of some 5,000 different entities, most of whom are competing with each other.

Furthermore, these 2,100 transformers aren’t all the same and interchangeable.  An industry rule of thumb says that for every 13 transformers, you’ll encounter ten different designs.

Unsurprisingly, all these different pieces fit together somewhat clumsily.  For example, this article talks some more about the vulnerability of the power grid to solar storms.

Repairing a Damaged Grid is Difficult

A retail chain, some years ago, had a famous and very successful slogan – ‘It is the putting right that counts’.  The key concern, with our power grid vulnerability, really is not so much the vulnerability itself (although that is of course a concern too) but rather ‘the putting right’ – restoring electrical service to the nation if/when it is disrupted.  If power can be restored in a matter of hours, then it is hardly life changing.  But if a grid failure could lead to many years without any power at all, then clearly it becomes a matter of highest national strategic importance.

Unfortunately, for anything other than very minor disruptions, restoring the grid becomes a huge and lengthy problem.  The main reason for this?  The US no longer makes high voltage transformers itself.

These days, if we want a new high voltage transformer, we have to order it from an Asian (ie Chinese) manufacturer and wait for it to be built then shipped to us.  Due to their size and weight, they can’t be airfreighted.  A new transformer can weigh up to 200 tons, and they are too large to be trucked to their ultimate destination – they have to travel on special flat-bed rail wagons (and these rail wagons are in short supply, too).

The need to ship by rail adds another dimension to the problem of replacing transformers – as our nation’s rail network shrinks and shrivels, many places that formerly had rail lines leading directly to them have lost their track, leaving different remaining distances for the transformers to somehow be transported from the nearest railhead to the switching power station where it is needed.

Because transformers normally last for about 50 years, and because in much of the developed world, there’s only modest ongoing growth in power consumption, there’s not a lot of manufacturing capacity.  Only 2% of transformers need to be replaced each year, and usually these replacements are planned well in advance.  Most power companies and most manufacturers don’t keep an inventory of spare transformers – a problem made worse by the lack of standardization of transformers.

It is generally accepted that a new order for a transformer will take around 3 years for it to be made and shipped.  If there was a rush on transformer replacements (eg after a solar storm damaged many) then the first 2% of transformers could be made in 3 years, the next 2% would have to wait another year, and so on and so on.  It could take as much as a decade to replace a major series of transformer failures.

And this decade guesstimate assumes that the Chinese manufacturers dedicate all their capacity to our country’s needs, and also assumes they urgently expand their production capabilities.  Can we really rely on other countries such as China – countries that don’t necessarily have our best interests closely at heart and inseparably aligned with ours – to help us when we’re at our most vulnerable?

This article details some more about transformer issues.

Storm Related Outages Are Different

Maybe you’ve had a power outage yourself – perhaps after a windstorm, or perhaps due to some inexplicable thing that you never really were told exactly what it was.  Maybe it was just for a few minutes, maybe it was for a week or longer, and maybe the outage was limited to only a half dozen houses, or maybe it extended over a half dozen states.

Outages are nothing new, indeed, on average, half a million power customers have some type of outage every day.

But – and here’s the catch.  These outages are very different to the ones we are considering.  They are typically due to power poles being blown over, or trees falling on the power lines, or, at worst, a very minor substation transformer blowing.

Fixing these outages simply requires a crew to re-run the power lines, or to truck in another transformer, and maybe to shift some loads in some parts of the grid.

These outages – even when extending over several states – are not due to one, or ten, or a hundred or more of the 2,100 major super-transformers failing, and so are easy to respond to and resolve.

But if we do lose a number of the super-transformers all in close succession, we have nothing to replace them with.  We can’t restore power until we get new super-transformers, some years later.

Not Just Solar Related Dangers – Hackers Too

In addition to the random acts of the sun’s solar storms, we also have to consider more directed attacks on our power grid – manmade attacks.

The easiest way to disrupt the power grid is of course simply to physically blow up transformers.  With only 2,100 key transformers in total, and only a small percentage of those needing to be disabled to impact on many millions of people, and little or no effective security protecting the super-transformers, it is far from unthinkable that terrorists might attempt a low-tech old-fashioned bombing campaign to destroy a region’s power network.

But that is, indeed, a low-tech and old-fashioned approach, and not without difficulty and risk to the terrorists.  A much easier approach is to hack into the control systems – the computers that control the operation of the transformers and the flow of power across the network.

While some commentators say ‘it is not possible to do this’ and promise us that the control computers are secure, they are, alas, talking nonsense.  It serves their purposes to downplay the extent of the risk and the vulnerabilities that are already being exploited, but when you can get people to talk more frankly, for example as reported in this Wall St Journal article, the truth is scary.  Not only are our power control computer networks vulnerable, but they have already been hacked into and compromised.

This is unsurprising.  It seems there is no computer on the planet which is not now connected to the internet, and if we and the Israelis can hack into Iran’s nuclear research and development computers and take them over, causing the computers to run amok and destroy the centrifuges they are controlling, surely other nations can do the same to us.  We’re not the only nation with precocious teenage hackers by any means.

Although the April 2009 Wall St Journal article we linked to immediately above reported – as all such articles do – on how steps are being taken to improve the security of the power grid, here’s a December 2011 article in the Christian Science Monitor headlined ‘Power Grid grows more vulnerable to attack’.

The article quotes an MIT study which suggests that the electrical utilities are creating new vulnerabilities faster than they are patching old ones.  The good news is the cost of improving the grid’s cyber-security is low – about $4 billion.  The bad news – the utilities feel that the possibility of being attacked is too low to worry about, and not worth spending $4 billion to protect against.

The MIT report disagrees and views cyber-attacks on the grid as inevitable.  It isn’t a case of if, it is a case of when.

An interesting related thought – the Wall St Journal article mentioned that some of the cyber-attacks have come from China.  What happens if the Chinese destroy our transformers, then refuse to sell us replacement ones?

More Risks – EMP

We explain what EMP type attacks are, here.

In the specific context of power grids, they have two vulnerabilities in the event of an EMP attack.  The first is the E1 pulse, which could destroy many or all of the control computers that manage the electricity grid.  If the controlling computers go down, so too does the grid.

The second vulnerability is the E3 component, which would be received through the power lines acting as gigantic antennas, and then directed into the transformers and destroying them.

As we discuss in the next section, our grid has become more vulnerable to solar storms; and the mechanism which creates a vulnerability from solar storms is identical to the E3 component effects of an EMP.

How Severe a Problem Are the Grid’s Vulnerabilities?

Opinions differ as to the extent of the vulnerabilities that relate to our power grid.

At one extreme are reports such as this article in Time, which says ‘because we’ve never had a total disruption before, there’s no danger of one in the future’.  That’s brilliant logic, isn’t it, and sadly consistent with much of the non-prepper mindset.

The article goes on to say ‘Don’t worry, all essential services have backup power supplies’.  We don’t find that very reassuring.  Just a week ago, Amazon’s web services had a power related outage.  What happened to their backup power supplies?  We’ve no idea, but we do know that Amazon’s terms of service specifically exempt them from liability in the case of power supply failure.

We also know that the state of the art ultra-sophisticated super-hardened colocation facility where our primary webserver is located has also suffered power failures in the past too, even though they have more in the way of backup systems and redundancies than any two normal computing centers would have.

We wonder further what happens when the backup diesel generators run out of diesel.  If there’s a regional outage of power, there’ll be no diesel being refined, shipped, or pumped.

And, anyway, while it might be a reassuring thought, to some people, that hospitals and internet services can survive for a month or two, what about us?  There’s no backup power supply for regular consumers.  How long can we personally survive, how long can businesses survive, without power?

As well as unrealistically optimistic articles like the Time story above, we also have more soberly realistic articles such as this in Scientific American, which talks about how if a solar storm which occurred in 1921, causing only minimal damage then, was to re-occur now, the result would be a loss of 300 of the super-transformers and  130 million people being without power for years.

Part of the reason we are more vulnerable to such natural impacts is due to the changing nature of our power grid.  We have more and longer runs of power lines now than we did before – in the last 50 years the total length of power line in the country has increased ten-fold, and the average length of each highest capacity line has grown four-fold.  This four-fold increase in length makes it a better ‘antenna’ to receive the electro-magnetic interference from the sun, and for this interference to then overload and burn out the transformers.

The 2011 Scientific American article also says that NASA now has vital early warning capabilities.  We suggest that is an over-optimistic statement – as this article of ours, written a year later in July 2012 points out, NASA and NOAA are still unable to consistently predict and agree upon solar impacts.  In other words, even the more realistic articles are still showing themselves as being overly optimistic.

Summary

The security of our nation’s power grid is a bit like the security of our front door.  Hopefully you’ve never had burglars break into your home.  And you lock your door.  But you know in your heart of hearts that the lock doesn’t really give you true security.

A determined burglar will pick the lock or kick the door out of its frame, and be inside in less time than it takes to read this paragraph.  And a runaway vehicle that crashes into your front door at 60 mph is going through it, lock or not.

That sums up the ‘security’ of our power grid.  A determined hacker/terrorist, or a severe natural event, could destroy it in a flash.  Much or all of the country could suddenly find itself with no power, and the restoration of power could take 5 – 10 years to complete.

We’re not going to guess as to if a grid failure will be due to malicious deliberate attacks by our enemies, or by the awesome natural power of the sun, or through some other random act of chance.

But we do view the risk of a catastrophic long-term widespread failure of our power grid as severe, and creating either a long-term Level 2 or possibly even a full Level 3 situation.  Your response to such a threat has to involve abandoning the city you probably live in now and moving to a safe and sustainable rural retreat.

Jul 092012
 

You don’t even need to know how to program a computer to be able to hack into it.

Power plants.  Water treatment facilities.  Hospitals.  Forensic labs.  Rail and road traffic control systems.  Flood control systems.  Wind farms.  Automatic door openers.  Building energy management systems.

What do all these types of devices have in common?  They, and many other devices are all controlled by electronic controllers – no surprise there.  But the dismaying thing is that the electronic controllers are connected to the internet.

If you know the system’s IP address, the port it communicates on, and the communication protocol it uses, you can access the device.  Maybe it has a simple password block on it, and maybe it doesn’t – in some cases, these devices are totally open and unprotected.

But – you might think – finding these devices would be like finding a needle in a haystack.  With all the gazillions of devices on the internet, how could anyone find vulnerable industrial control systems?

The answer is sadly readily at hand – you use a computer to find a computer.  You can use search programs out there that will patiently scour the internet, one internet address after the other, slowly working through every possible combination of addresses and ports, until it finds potentially vulnerable systems.

Indeed, it is so easy that anyone can do it – go visit this website which offers a public service to search for such vulnerable devices.  Pay them $19 and get special unrestricted access if you really want to have a good search.

What if terrorists could override or reprogram these industrial controllers – to make wind turbines race over speed and fly apart, to make power stations melt down, to make hospital power supplies fail, to alternate traffic lights between gridlock causing all lights red and accident causing all lights green.  To have burglar and fire alarms go off in succession, all around the cities, so that exhausted police and firemen end up forced to ignore all emergency calls – always assuming they could get there with the traffic signal chaos that would also be underway.  Actually, why limit oneself to road traffic signals – why not mess up with train switching and signalling too – get an express passenger train hurtling towards a freight train carrying thousands of tons of deadly chemicals or inflammable fuels and have them collide in a central city area – far from impossible as this article points out.

Cause industrial refrigerators to fail and bulk stocks of food to spoil, to cause buildings to go crazy hot or freezing cold, to flood entire counties or even countries (ie The Netherlands), and so on and so on and so on.

All of a sudden, our transportation gets gridlocked.  Our power grid goes down, plus many power stations get destroyed.  And so on – be imaginative.  Maybe destroy the pumps in a water pumping station, like it is alleged Russian hackers did in IL late last year.

One researcher recently reported that in the last few years, his count of known internet connected and vulnerable devices has increased from 7,500 to 40,000 units.  Who knows how many the actual true total count may be.

This is not a war we’re winning – it is a war we’re setting ourselves up to spectacularly and suddenly lose.  Here’s a sanitized recent BBC Radio report on the matter that doesn’t go nearly far enough in terms of exploring the vulnerabilities caused by these online systems.

Our biggest vulnerability isn’t merely from bored teenage hackers.  It is from unfriendly countries and government sponsored hacking attacks.  Here’s a recent example of the Chinese getting restless and testing our satellites for vulnerabilities – and finding them, too.

Update, a Week Later :  When we wrote this, we were reporting on an article that indicated how 40,000 computer control systems have been found, accessible via the internet.  That’s – for sure – a lot.  But less than a week later, a new story has come out, that discloses the existence of another 11+ million connected computer controllers, and with known security vulnerabilities.  Oooops!  Click the link in the preceding sentence for more on this.

Jun 052012
 

The next attack on the US may be via cyber-warfare rather than traditional means.

Here is an interesting two page article on the CNBC website.

It is interesting and also has some irony in it.  The irony is that one of the best known ‘virus hunter’ companies out there, Kaspersky Labs in Moscow, is rumored to be associated with the Russian intelligence services.  Are they really friend or foe – good guys or bad guys?

And even if not controlled by or working in cooperation with Russia’s security services, note also the comment about its passive non-activities when confronting Russian originated cybercrime – and the huge $12 billion a year value of cybercrime at present.

Kaspersky’s call for an international treaty banning cyber-warfare seems naive and would disadvantage us if passed.  Cyber-warfare is, by definition, discreet and obfuscated; and if successful one never really knows what happened, how, or why, and – most to the point – one never knows which nation originated the attack.

An international treaty against cyber-warfare would only constrain ‘honest’ countries – the countries we have the least to fear from, while doing nothing at all to discourage dishonest countries from pressing forward with their cyber-warfare plans.  Unlike the complex industrial processes needed to research and built a nuclear weapon, cyber-warfare research leaves no clues of its presence.  All the attackers need are a few computers.

However, when Kaspersky points out that a cyber-attack could disrupt power grids and financial systems, and wreak havoc with military defenses, he is echoing our concerns, and when he says cyber weapons are the most dangerous innovation of this century, he is exactly correct.  He goes on to explain that a growing array of countries and shadowy other entities (terrorist organizations, organized crime groups, etc) are using ‘online weapons’ because they are thousands of times cheaper than conventional armaments.

He doesn’t say, but could, that cyber attacks are also thousands of times safer for the attacker.

Implications for Preppers

The main reason for our several mentions of cyber-threats recently is simply to point out another area where society is vulnerable to a massive failure that could mean the end of Life as we know it (LAWKI).

As Kaspersky points out, a computer virus could disrupt/destroy our power grid or our financial system, and that’s just the start of a long list of vulnerabilities.  As we’ve said before, we challenge you to mention any essential part of our life today that doesn’t rely on computerization.

The bottom line is clear (at least to us as preppers).  Many people, with both eyes tightly shut, like to think of modern society as invulnerable, or at the least, as ‘fault tolerant’ and resilient.  If something fails in our modern society, these people like to think that it would only require a few minor adjustments to return life pretty much back to ‘normal’.  We disagree.

Modern society is not fault tolerant.  It has a growing series of interlocking dependencies, and with ‘just in time inventories’ and with much less underlying industrial capacity and longer lead times to retool up and create productive capacity to manufacture just about anything and everything, it only requires the failure of one seemingly small part of the total structure of our society to result in the entire edifice crumbling and crashing to the ground.

Many of these vulnerabilities are subtle and are things that we’ve never even stopped to think about – for example, the fire in a single small factory in Germany that now threatens the global automobile industry.  While that is hardly a society-destroying failure, it indicates how small things have unexpected and much larger consequences, and who knows what the next failure or consequence might be.

We can’t prevent such failures from unexpectedly occurring, and neither can we predict what they are and when they might happen and what the outcomes might be.  All we can do is prepare for the consequences.

Our Retreat Systems Are Vulnerable Too

One more thing.  It is wise to maintain a general distrust of all computerized equipment.  Computer viruses don’t just attack what we think of as computers – devices with a screen and keyboard which we can browse the internet on.  They also attack computer controllers – the internal control circuits that are becoming an essential part of almost everything, from automobiles to elevators, from home automation systems to industrial machines, from credit/debit card readers in a store or gas station to stop lights and other traffic management systems, from airplanes to telecommunications, and for sure, the network hubs and routers that are the glue that binds the internet together.

All of these computer controllers can be infected with viruses to disrupt how they control the device they are installed inside, and with many times a very wide range of different devices all using the same internal controllers, the potential for widespread havoc and disruption is magnified.

For example, at your retreat, you may have some electricity generating equipment – maybe a generator, maybe solar panels, maybe even a wind turbine.  And you probably have a bank of batteries to store electricity.  Which means you also have some sort of charging and battery management control system, which almost certainly is managed by a computerized controller.  What happens if the computerized controller starts misbehaving?

It is probably impossible to build an effective efficient retreat without using some computerized controllers, and the risk is that for all you know, the computerized controller has within it a hidden line of code that says ‘On Dec 21, 2012, stop working’ (a terrorist with a sense of humor!).  Of course this is just one example of how a virus could be activated, there are many other ‘trigger’ events that could apply too.

All we are saying is that after you’ve built your first layer of preparations, start to think about ‘what if’ events that could impact on them.  In the case of computerized controls, you need to consider a double vulnerability – not just cyber-warfare, but also to EMP effects too.

May 302012
 

Could an airplane's computers be tricked into misbehaving and causing the plane to crash?

In our recent article about the implications of a war with Iran, we mentioned the potential of Iran to mount a bloodless cyber-attack against us, with their hackers attacking our infrastructure’s computers from the comfort of their homes and offices in Iran, rather than soldiers attacking us more directly.

It is our feeling that few people appreciate the dangers and risks of a cyber-attack, and in the last couple of days there have been a couple of interesting news items that help to put this in context.  We discuss these below.

But, first, as a quick summary about cyber-vulnerabilities, do you remember back to the fuss about the Y2K bug?  This concern happily did not translate to a nightmare reality – but not because the concern was unfounded, but due to enormous efforts (and many billions of dollars) at rewriting and updating software in the several years prior to that date subsequent to people realizing that there was a problem that otherwise would occur.

The concern back then was what would happen if all sorts of computers started to malfunction due to date logic errors – computers as diverse as those that operate lifts, those that operate food refrigeration facilities, and so on.  Think of anything you do in your life today, and you’ll quickly find some sort of computer/controller is directly related to the smooth experience you expect and usually enjoy.  Indeed, we challenge you to think of something that is moderately important in your life which could work if the ‘behind the scenes’ computers malfunctioned.

The invidious nature of cyber-attacks is that to defend against them, the computer systems being attacked must be 100% invulnerable and bug-free.  As you surely know, the 100% perfect, bug-free,.computer program or operating system does not exist.  Such paragons of computing perfection may have existed, decades ago, when computers were very much simpler.  But nowadays, with millions of lines of programming in modern computer programs, and many more millions of different combinations of scenarios/events, it is close to impossible to make software bug-free.  As proof of this impossibility, a decade or two ago, software developers rewrote their guarantees and they no longer warrant their software to be bug-free and for sure they disclaim any liability for any problems arising from bugs in their software.

Because we don’t know what, where, and how such bugs exist and can be exploited (if we did know, the bugs would presumably be resolved), it is very hard to safeguard computers from cyber-attack.  Even if we completely disconnect computers from the internet, they are not truly isolated.  The underlying operating system and the even lower-level firmware and BIOS type programming built into the actual hardware all had to come from somewhere – there are plenty of examples of infected distribution disks that people have used to load computer operating systems onto fresh new computers, or infected software direct from a manufacturer, or of actual hardware with ‘back doors’ (see below) deliberately engineered into them.

The vulnerabilities continue.  Every time a person shares a file, there is a chance that there is some sort of infection in that file.  Even a simple safe seeming word processing document can contain programs these days.

An Example of a Current Cyber-Attack

With that as background, it is helpful to see the latest real-world example of a military style cyber-attack.  As we mentioned in our earlier article about Iran, while Iran is one of only five nations known to have a cyber army, Iran is – to date – more notable for having been on the receiving end of cyber-attacks rather than of generating them.  The Stuxnet virus was the highest profile (but not only) example of a cyber-attack on Iran when our article was written, but now news has come out of a newer more sophisticated attack, using what is termed the Flame virus.

Here’s a good article about what Flame is and be sure to look at the graphic that sets out some of the things this virus can do as well.  Amazingly, it seems that the Flame virus has been ‘in the wild’ – ie, out there, infecting computers, and collecting/distributing data – for between two and possibly five years, and only now is being subject to public disclosure.

At present, the big difference between Stuxnet and Flame is that the former was used to destroy equipment controlled by virally infected controllers (here’s an explanation), whereas the latter is currently operating in an intelligence gathering mode.  But who knows what else Flame might be capable of, and also, who knows what other independent infections Flame hasn’t subsequently created in the machines it now inhabits.

Our point is simply this.  If a country as ‘closed’ as Iran, a country that has been subject to past cyber-attacks, can be re-infected again and again with viruses, and if it can take up to five years for these infections to be discovered, who knows what is residing on key computers here in the US already, let alone what might infect them in the future.

Planes Falling From the Skies – An Example of a Potential Risk

Now for something a bit closer to home.  Until recently, all planes were controlled mechanically.  The pilot would turn the control column in the cockpit, and a series of wires would then carry that movement back to the ailerons, elevators and rudder and make them move in direct response to the movement on the control column.  Similarly, moving the throttle levels on the quadrant in the cockpit also directly controlled the engines.

It used to be the same in our cars, too.  In nearly all cases, our brakes are still directly controlled, albeit with ‘power’ boosting systems, and the same with the steering, but most modern cars these days no longer have a physical link between the gas pedal and the carburetor (of course, most cars don’t even have a carburetor now, they use fuel injection instead).

The reason our cars still have direct links between the controls we operate and the wheels is for safety.  There’s much less that can go wrong with a mechanical series of levers and rods and wires.

With planes as with cars, the increasing complexity of modern jet or car engines saw the mechanical linkage between throttle levers and the engines now replaced with computer controls.  Your foot on the gas pedal or the pilot’s moving the throttle lever merely sends a signal to an engine management computer that you want more or less power, and the computer then decides how to interpret that control, not just adjusting the fuel flow but also adjusting timings, compression levels, and possibly gear selections too.  This makes our cars (and planes) run more smoothly and fuel efficiently, and is generally a good thing.

For a plane, moving the flight controls – the control column – also have interactions with the plane’s speed and need for engine power, in a complex and changing relationship depending on many factors, so airplane manufacturers are replacing the previous mechanical linkages to the flight control surfaces on the plane’s wings, rudder and elevator with computerized controls.

Now, when the pilot moves the stick back and to the right, the computer thinks about that instruction and decides how best to interpret it with an optimized combination of engine setting adjustments, and movements to all three primary flight control surfaces, as well as to secondary control surfaces too (trim tabs, air brakes, etc).  The computer is supposed to be more clever than the pilot, and won’t allow dangerous flying commands to be accepted (although usually there is a command mode that can be manually selected where the computer is told to obediently do everything exactly as instructed, even if the computer thinks the command is wrong).  The flying control instruments on a modern Airbus plane are almost exactly the same as the joystick and throttle lever you can buy at a computer store to connect to your computer to play a Flight Simulator game.

Fly by Wire Introduces Vulnerabilities as well as Conveniences

This new type of airplane control is called ‘fly by wire’ in the sense of flying by computer control rather than by direct pilot control.  It is usually considered to be a good thing, although there are possible cases where a ‘miscommunication’ between the pilots and the flight computer may have resulted in airplane crashes (most recently the Air France flight AF447 that crashed in the Atlantic en route from Rio de Janeiro to Paris in June 2009).

However, what happens if the computer that interprets the pilot’s requests and decides how to translate a movement of the pilot joystick into changes in the airplane’s control surfaces and engine power settings deliberately does the wrong thing?  What say the request to the computer to just do exactly what the pilot is asking is ignored?  Or maybe the computer misunderstands exactly what the pilot is asking.  This sounds like the HAL 9000 computer from the movie/book 2001: A Space Odyssey and indeed, that is a great example of the possible outcomes.

The famous ‘blue screen of death crash’ in Windows could be a literal blue screen of death crash on a plane – with a misbehaving computer causing the sea to fill the pilots’ windshield as a plane plunges unstoppably out of the skies and into the ocean beneath (as was what happened with AF447).

It is rather scary that we now risk our lives on planes controlled by computers when we know, from personal experience, that computer ‘crashes’ are common events.  The number of fly-by-wire airplanes is increasing, not only with every new Airbus plane sold, but now with new Boeing planes also being fly-by-wire.

We have been talking about inadvertent errors and logic bugs.  What say the computer controllers were deliberately infected with malicious code that was designed to cause planes to unstoppably crash?  What say, for example, these controllers had a virus in them that said ‘at exactly a particular time on a particular day, move engine power to maximum and set the plane in a crash dive’.  So that at the same instant, all around the world, hundreds (more likely, thousands) of planes all simultaneously went into nose dives and crashed into whatever was below, and of course, in all cases, killing everyone on board.

That could never happen, right?  Wrong!  It is all too easy to see how such a thing could happen.  Maybe while we are protecting our airports and airplanes with metal detectors and scanners to check the passengers, the real threat to our aviation system is something very different indeed – an ‘invisible’ passenger – a cyber threat that the airport security guards have no way of detecting.

For a specific example of a specific vulnerability, please see this article about how one of the control chips in modern military and civilian planes has a ‘back door’ written into it – a way for instructions to be secretly inserted into its control code, bypassing the normal way of doing so and the controls/restrictions placed on that normal way.

Back Doors

Think of this back door as being like a secret passage in an old house.  If you know exactly where to press the secret opening lever, all of a sudden, a wall in the study/library swings open, and you can then roam around the house at will, using secret spy holes to peek in on what people are doing in other rooms in the house, and using other secret doors to appear in other parts of the house unexpectedly.  Other people in the house might suspect there are secret passages, but if they don’t know exactly where and how to press the hidden lever, they’ll never get into the secret passages.

It is the same with computers.  There might be an entire set of instructions hidden inside a computer chip, but when some trigger event occurs, these extra instructions will suddenly start executing.  A similar thing is relatively common for benign purposes – what are called ‘Easter Eggs’ – hidden extra routines in programs that if you know exactly what set of key strokes to enter, you can trigger.  Here is one such list of computer easter eggs to give you examples of what they are and how they appear.

The article also obliquely and delicately points out a vulnerability that impacts on nearly every piece of computer control circuitry these days.  Although the chips may be designed and developed in the US or other ‘friendly’ country, they tend to be manufactured in a third party country outside of our direct control.

What is to stop the chip manufacturer (in this particular case, in China) from deliberately changing part of the specification so as to create an obscured ‘back door’ for future exploitation?  With millions of transistors and other devices on a single chip, and space for thousands/millions of lines of built-in programming, how can such vulnerabilities be completely tested for prior to deployment of each batch of chips?

Implications for Preppers

We’re not saying don’t fly on modern planes.  And we’re not saying turn off every computer controlled device in your home, office, car, retreat, wherever.

We’re simply pointing out that there are unseen and unthought of risks and vulnerabilities in our lives that could suddenly create major havoc in our world as we currently know and enjoy it.  A Y2K bug type scenario might be unleashed upon us by a foreign power, and with even a small part of our computer controlled lives destroyed, our entire lives could be destroyed.  Kill the computers that manage our water system.  Or the computers that manage oil refineries and pipelines.  Or the computers that run the electricity grid.

What would you do if water no longer appeared by magic every time you turned on a tap or flushed a toilet?  What would food processors do without water, too?

If we lost the ability to refine and transport bulk oil/gas products, how would you get to work each day?  No cars, no buses.  If your business has to close down, how will that impact other businesses that rely on its products/services (assuming they haven’t already had to close down too)?  And how would food get to the supermarket without trucks to transport it there?  Even if it got there, how would you go to the supermarket to get the food and bring it home?  And all those oil and gas-fired power stations?  Take those away and our electricity supply starts to crash, even without needing to infect computer control systems for the electricity grid.

Modern society is an example of the old rhyme ‘For want of a nail, a kingdom was lost’.  With all the layers of interlocking dependencies that go into every part of our lives, if a single one of those dependencies should fail, the whole lot might fail.

There’s nothing we can individually do about this. But we can, individually and in our families and communities, prepare for the consequences of a failure.

May 272012
 

The Iranian Flag

The war drums are beating ever louder in prelude to a possible war with Iran.  What will this mean for us back in the US?

Although it might seem at odds with our current President’s world-view and values, it is hard to overlook the increasing amount of news stories that are being released or strategically leaked, all of which seem to indicate that we may be initiating war with Iran shortly.

For our part, we don’t understand how it is for year after year after year Iran has so successfully played us for the fools that, alas, our State Department so often truly is on the world stage, while at the same time, inexorably getting closer and closer to having a credible arsenal of nuclear weapons, and research facilities so hardened and so far underground as to be impregnable to anything we might bring to bear.

It is a bit like blackberry bushes in spring.  You can cut them back when they first start to spring up, this being an easy simple process that takes but a few minutes.  But if you delay, each extra day you do nothing makes the eventual task so much harder when you subsequently reach your wife finally insists you attempt to recover your yard and garden from now dense infestations of blackberry bushes.  Iran is getting stronger and more resilient with every passing day.

It is hard to know what Iran’s capabilities are at present.  They’ve been lying to everyone for years, and most countries (many of which would prefer to see Iran succeed than the US) and UN organizations have been happy to accept the lies at face value rather than to confront the ugly and deepening reality of Iran’s nuclear capabilities.

Just because we’re being told various stories, some contradictory, about the lack of threat Iran currently poses does not mean this is so.  It is interesting to contrast all the publicity surrounding Iran’s nuclear program with the silence with which other countries have developed nuclear weapons.  It seems other countries successfully completed nuclear weapons programs in less time and with less fuss or commitment (for example South Africa, India, Pakistan, North Korea, even Israel).  If these other countries can make nuclear weapons, and can secure support from more advanced nations in their efforts, why not Iran, too?

Until now, our various misadventures in the Middle East have been against countries with no nuclear weaponry, and no ability to project power much beyond their own borders.  And so while we’ve been able to swamp them with our high-tech weaponry and resources, they’ve not been able to fight back, and most of all, they’ve not been able to bring the battle back home to us.

A Quick Backgrounder on Iran

Those issues do not apply quite so directly with Iran.  Iran is the 18th largest country in the world (in terms of its landmass size – slightly smaller than Alaska), and is overwhelmingly Muslim (89% Shia, 9% Sunni).

Iran – formerly known as Persia until 1935, has a population of 79 million.  Since its revolution in 1979, it has a complicated government – think of it perhaps as having way too many checks and balances.  It has a steadily growing albeit somewhat troubled economy – largely oil based – but not much wealth, and an official unemployment rate of at least 15%.

Iran produces 4.3 million barrels of oil a day.  Iraq, in comparison, produces 2.6 million and Kuwait produces 2.5 million.  It is the fourth largest oil producer in the world – Saudi Arabia produces 10.5 million, Russia 10.3 million and the US 9.7 million.

Iran has the world’s second largest proven natural gas reserves, and the world’s fourth largest proven oil reserves.

In part because of its oil production and exports, Iran has a massive positive balance of payments and steadily increasing reserves of gold and foreign exchange – $79 billion in 2010, rising to $110 billion in 2011.

The Iranian Military

Iran has a strong military, with 20 million males 18 – 49 fit for military service (and, theoretically, another 19 million women).  Men are required to spend 18 months of military service, and each year, another 715,000 males reach the age of military service.

Leading US generals have described the Iranian military as the strongest in the Middle East.  However, they probably were not talking about its Air Force, which is made up largely of older planes (many of them from the US) and only a few of which seem to be airworthy.

But Iran does have a moderately capable navy, and indeed, in the confined waters of the Persian Gulf, and the Straits of Hormuz in particular, their ships could fire their anti-ship missiles at US naval targets without leaving port.  The ability of US aircraft carriers to withstand any type of missile attack has never been tested in real life, and there have to be real concerns about their survivability in the event of a massed attack of multiple missiles launched for a simultaneous time on target strike.

As well as surface ships, Iran also has three Russian Kilo class submarines.  These are diesel-powered, but are typically quieter than most nuclear powered submarines when operating on their batteries.

One wonders if the US military command are willing to risk the loss of one, two, or more of their 11 aircraft carriers, particularly when you consider that each aircraft carrier has almost 6,000 personnel on board.  While aircraft carriers are great for effective force projection, their vulnerability is a matter of concerned debate, and the US has been fortunate not to have deployed them – so far – against an enemy with credible anti-ship missile capabilities.

If the US can not use its carriers, and with difficult relations with countries that border Iran (ie Pakistan, Afghanistan and Iraq – not even Iraq seems to like us much even more) and an always complex relationship between Saudi Arabia and both Iran and the US, the US would not have a lot of places for forward bases to support any operation.  Turkey is another uncertain ally, and Israel – the country with apparently the greatest vested interest – is too far away for practical support purposes, and would require over-flight permission from Jordan and Iraq or Saudi Arabia.

That’s not to say the US couldn’t prevail.  It would almost certainly follow the standard pattern of an initial high intensity surprise attack with cruise missiles to disable as much of Iran’s air defenses as possible, supplemented in this case by an attack on naval targets too.  Once it had control of the skies, it could have ground attack aircraft patrolling the country with impunity, and taking out targets as and when they wished.

But how it could move from there to a ground war is less clear.  Where would it pre-stage 100,000 or more troops, and all the tanks, trucks, and other equipment needed to occupy the ground?

It is helpful to keep in mind that in the war with Iraq, the US was facing a country with less than half as many people and only one quarter the land mass.  In the war with Afghanistan, the US was (is?) facing a country with one third the land mass and 40% the population.  Iran is very much larger in every respect.

On the other hand, the chances are that the Iranian army would be no more effective than the Iraqi army was when faced with the modern capabilities of US forces.

We’re not saying a war with Iran is not winnable at all.  It almost certainly would be, inasmuch as you can consider our war with Iraq was a ‘success’ and the same with our war against Afghanistan.  We could overwhelm the country’s armed forces, for sure, but what about the peace that follows?  That is the bit we’re not quite so good at optimizing!

While there are some opposition elements in Iran, it is hard to see any truly pro-western factions rather than merely different elements but still Muslim oriented and primarily anti-western.  It is appropriate to remember that the 1979 revolution was a very popular uprising by the country as a whole against the US supported previous regime; there is little evidence of any broad base of opposition to the present regime and even less evidence of any pro-western sentiment among the opposition forces that might be present.

Although we probably could win a war with Iran, we do make the point that there may be more damage inflicted on US forces than we’ve experienced in other recent conflicts, and the logistics of supporting an Iranian conflict look to be more complex than supporting the wars with Iraq and Afghanistan.  (The US has lost 2000 people in the Afghan conflict so far, and 4500 in Iraq).

Anyway, these issues are secondary to the main topic of this article.  The implications of a war with Iran for us, hopefully safely located back in the Continental US.

Other than a possible increase in ‘one off’ type terrorist attacks that might be regrettable but hardly life changing for most of us, we see three areas of risk to LAWKI.

Risk 1 :  Nuclear Attack

We’re going to go out on a limb here and say that we’d be totally unsurprised to learn that Iran already has nuclear weapons.  It probably hasn’t tested them yet, but we’re going to say that, other than tightening down the last few screws in the cover and charging up the batteries, Iran is probably in possession of 98% completed nuclear weapons.

This report suggests Iran sort of has enough materials for five weapons already.  Let’s take that number and instead of ‘could build five weapons in the future’ change it to ‘has five weapons now’, just for the sake of this discussion.

The bigger issue, as we see it, is one of delivery.  How would Iran get nuclear weapons to the US?

It seems that its longest range missiles currently can reach no further than 2,000 miles.  So we’re safe, right?  The shortest distance from Iran to the US is 6,000 miles.

Wrong.  Go play on Google Earth and see what places are within 2000 miles of the US.  For example, Washington DC is less than 2,000 miles from the closest parts of Venezuela, and with a dying President there who hates the US, is it impossible to foresee a situation where he agrees to go out in a splash of shared glory with Iran?  The two countries are becoming increasingly friendly and cooperating on a range of different projects.

Alternatively, what’s to stop Iran from forward positioning missiles on freighters and simply sailing the ship to within 2,000 miles of a US coast.  There’s no shortage of tempting targets on either coast.

One other possibility is to smuggle the weapons into the country in shipping containers, or, for that matter, as airfreight cargo in an airfreight LD-3 container.  Isn’t this the ultimate ‘cruise missile’ – a civilian passenger or freight jet, flying on a regular approved flight plan.

So maybe Iran couldn’t conveniently use traditional intercontinental ballistic missiles to deliver its warheads.  But it has plenty of other choices.

How/Where to Target Five Missiles/Bombs

What would a country do as part of a ‘suicide’ mission to detonate five nuclear weapons on US soil?  Where would it send the missiles?

A good answer to that question can be seen from the actions of the 9/11 attackers.  While we don’t know if the urgent landing of all airborne planes forestalled other pending attacks (probably not, but who knows for sure) what we do know is that with four ‘weapons’ (ie planes) the terrorists decided to send two to New York and two to Washington DC.

It is almost certain that these two cities would be the prime targets of a nuclear attack, too.  And while one nuclear explosion above DC and Manhattan would be more than sufficient, we’d expect that due to the unreliability of both the weapons and the missiles taking them to their targets, the attacking force would at least ‘double up’ and send two to each target, which would leave a single ‘bonus’ fifth weapon.  That too could be sent to NY or DC, but it might perhaps instead be sent as a ‘bonus’ to a third target; most likely to be another major US city chosen for its iconic status and economic impact rather than for any strategic/military value.

An attack on the US would not be designed to win the war.  It would be designed to inflict maximum civilian and economic damage in relation.

Risk 2 :  EMP

This is the risk that really has us worried.  Instead of sending five bombs to DC and NY, which while having a devastating impact on these two population centers, would have little impact on the rest of the country; why not just send one for a high altitude airburst with an EMP that will destroy much of the entire nation’s electronic and electrical infrastructure.

Indeed, with five weapons, why not detonate one, then a second one two days later so as to take out much of the backup systems that may be held in protective storage, then a third one two weeks later to zero out any remaining backed up backups, leaving two more for ‘bonus’ attacks in the future.  Or perhaps, the two spares to Europe to take out the rest of the western world at the same time.  Imagine that :  No US and no EU – two continents instantly reduced to a non-mechanized farming level of subsistence.

With all due respect to New York and DC, and the people living there, the country would survive their loss.  But a staged series of EMP attacks?  That would plunge all of us back to the near-stone age.

Many of us have prepared for some degree of EMP response, although none of us really know how protective our ‘do it yourself’ Faraday cages may be, and even if we did survive the first round and start deploying our backed up equipment, what happens when the second EMP takes out our backups?

This, we feel, is the greatest vulnerability of all – a second EMP strike several days after the first.  It is hardly an innovative idea.  World War 2 saw the use of delayed fuse bombs, with the concept being that the first wave of explosions would destroy buildings, and the delayed explosions would then take out the responders, leaving the area vulnerable to a future bombing attack, due to having killed the firemen, paramedics, etc, and having destroyed their vehicles.  There is every reason to believe that any nation planning to launch one EMP device would choose to launch others subsequently to take out whatever level of backup equipment was being taken out of protective storage and deployed.

We can not overstate the danger of EMP attacks.  They are ‘low tech’ and easy for an attacking nation to stage (assuming it is nuclear capable), and at present our country is massively vulnerable to such an attack.  Using nuclear weapons merely as high explosive devices these days is old-fashioned and no longer the best use of the weapons.  Much better to reprogram their missile delivery systems to activate them at high altitude for maximum EMP effect with a 1,000 mile or greater radius, rather than at relatively low altitude for a blast with a lethality radius of ‘only’ five or so miles.

Risk 3 :  Cyber Attack

Iran is one of five nations known to be developing a ‘cyber army’ – soldiers who do battle not with a gun and bullets, but with a computer mouse and datalink.

This is perhaps only fair, being as how Iran has been on the receiving end of a shadowy cyber-attack itself – the Stuxnet virus intended to destroy its centrifuges that are used to separate Uranium 235 from the regular mix of primarily Uranium 238.

Our nation’s increasingly fragile infrastructure is largely computer controlled.  Real people aren’t standing watch in power stations, pumping stations, distribution points, and so on, with their eyes locked on a battery of gauges and dials, and their hands ready to spin control levers in response to changing indications on the readouts.  Indeed, even if that were the case, the chances are the readouts are digital rather than analog – that is, they have gone through microprocessors prior to appearing on displays, and the controls too are probably ‘fly by wire’ type controls that would just control a computer rather than be physically linked to huge big valves and switches and things.

Anything that harms the control computers can destroy the structures that are being controlled.  It is all too easy to mis-direct control system computers so that they send the wrong instructions to the equipment they are controlling, destroying the equipment in the process (this is, simplistically, one of the things the Stuxnet virus did to Iran).  It is possible to reprogram the logic of the controllers, causing nuclear power stations to melt down, for example.  To overload transformers in the national grid.  To allow turbines to overspeed and break in our hydro-electric power stations.  To over-pressure and rupture our gas and oil pumping lines (or just to open the wrong valves and pump oil or gas into sensitive areas).  To open up floodgates on dams, sending tidal waves of water downstream (and also then emptying the dams of the water needed for regions and their agriculture and people to survive).

Truly, there is no limit to the mischief one can create.

Furthermore, our infrastructure is also increasingly networked and linked up through public internet channels.  Anyone who believes that utility companies and government departments have adequately secured their computer systems to make them invulnerable to cyber-attack needs to do some internet surfing to disabuse themselves of such notions.

For example, look at the case of Gary McKinnon, the eccentric English guy and Asperger’s victim who allegedly penetrated to the highest level of NASA and DOD computer networks.  If one single amateur UFOlogist (ie McKinnon) can gain access to the tightest security computer networks and do damage to them inadvertently, what can military teams of dedicated opponents do?

A cyber attack could be almost as damaging as an EMP in terms of massive widespread disruption to our support systems and infrastructure.  It could not just knock out our power grid and our oil and gas pipelines, but it could also damage their physical structures such as to take years to repair.

Best of all (from Iran’s perspective) the attacking nation doesn’t need any nuclear weapons or ballistic missiles.  It just needs a regular computer and a connection to the internet.  Indeed, it is possible to disguise the location where the attack originated from – Iran (or any other country with national hacking capabilities) could destroy our nation’s economy and we might never even know for sure it was Iran who did it.

Summary

Neither Iraq nor Afghanistan had nuclear weapons, and neither did they have much in the way of cyber capabilities.

On the other hand, Iran may already have nuclear weapons, and definitely has cyber warfare capabilities.  It also has an extremist leadership who views not just our armed forces and our politicians as their enemies, but who views the entire American value system and way of life as an evil to be exterminated and replaced by their Muslim ideologies.  We are all the enemies of these people, whether we are soldiers or not.

It seems likely that if Iran’s leadership felt its future was being credibly threatened, they’d have no hesitation at all in inflicting the maximum amount of damage on the US civilian population and economy.  They wouldn’t even care if this resulted in us abandoning our attack on Iran or not; all that would matter is that they managed to inflict maximum damage on the US.

In our long time stand-off with Russia/the former Soviet Union, the doctrine of ‘Mutually Assured Destruction’ worked, because neither we nor the Soviets wanted to risk the certain destruction of our own world as a cost of destroying the other country.  We both feared MAD.

But Iran shows no fear of the concept of MAD.  It almost seems to welcome it.

Iran may or may not be able to mount a nuclear attack or to detonate an EMP device in the US, but it does seem to already have capacity to bring cyber-attacks against who knows what broad range of vulnerable computer control systems across the nation, disabling our supply lines and support systems as a result.

A war with Iran is a high-risk venture, accordingly – not just to our military, but to ourselves back home, too.