In general, fearmongering is not productive. It’s one thing to raise awareness or express concern about an issue. It’s quite another to say that it’ll lead to the end of the world as we know it and everyone should drop what they’re doing immediately to address it.
One is a serious, substantive conversation.
The other is outright panic porn mixed with doom-saying.
This is why certain alarmists are hard to take seriously. I believe that climate change is real. I believe it’s a serious issue. However, I think those who just publicly yell about how awful the situation is and how terrible it’s bound to get aren’t helping. They’re just making it easier for people to write off valid concerns as fearmongering.
I don’t want to fall into that trap whenever I talk about issues I think warrant serious concern. At the very least, I’d like to raise reasonable awareness about an issue that may very well affect large swaths of people, both locally and globally. Even if an issue is urgent, we can’t let fearmongering obscure the issue.
Having said all that, I want to state outright that we should all be very concerned about the recent cyber attack on a major pipeline in the southern United States. You may not have felt its effects yet, but it’s likely you’ll notice the next time you have to gas up your car. To appreciate just how serious this attack was, here’s the story from Reuters.
Reuters: Cyber attack shuts down U.S. fuel pipeline ‘jugular,’ Biden briefed
Top U.S. fuel pipeline operator Colonial Pipeline shut its entire network, the source of nearly half of the U.S. East Coast’s fuel supply, after a cyber attack on Friday that involved ransomware.
The incident is one of the most disruptive digital ransom operations ever reported and has drawn attention to how vulnerable U.S. energy infrastructure is to hackers. A prolonged shutdown of the line would cause prices to spike at gasoline pumps ahead of peak summer driving season, a potential blow to U.S. consumers and the economy.
“This is as close as you can get to the jugular of infrastructure in the United States,” said Amy Myers Jaffe, research professor and managing director of the Climate Policy Lab. “It’s not a major pipeline. It’s the pipeline.”
Now, before you start freaking out about the possibility of terrorists hacking major utilities, it’s worth looking at this attack in context. This was not an attack done in the mold of the movie, “Live Free Or Die Hard.” These criminals were not Hans Gruber or some super-hacker in the mold of “Tron.” This was a ransomware attack.
For those not familiar with cyber crimes, a ransomware attack is when someone gets into a network or a specific computer and installs a piece of software that effectively locks all your drives. The only way to unlock it is to pay the hacker a certain sum of money, often in Bitcoin.
In general, these cyber-criminals are out to cause chaos and destroy entire countries. They’re just looking for some money. I guess in that sense they are like Hans Gruber.
For most people, there are established procedures to protect against ransomware and to weed it out. However, that’s just for personal computers and basic IT infrastructure in an average company. This attack hit a major utility. That fundamentally changes the context of this attack.
Ransoming someone with poor computer skills is one thing. That person will only suffer so much loss and frustration if they cannot save their data. A major utility is very different by orders of magnitude. Utilities like the Colonial Pipeline are critical for the basic functioning of our infrastructure. Shutting them down, even for a brief period, can cause a lot of damage.
On top of that, you’d think that a major utility would have some pretty robust cyber security, but you’d be distressingly wrong. Major government networks are still routinely hacked and hacked successfully. While most of these attacks are after personal data, the idea of a more malicious cyber attack is not an unreasonable concern at this point.
If a simple ransomware attack can disrupt a major pipeline, then what could a more coordinated attack do? It’s a disturbing question with equally disturbing answers. Remember, those who attacked the Colonial Pipeline were just after money. Imagine if they were looking to cause serious damage and loss of life.
This kind of cyber attack is not the stuff of science fiction and sub-par Die Hard movies. It has happened in the real world, the most famous being the Stuxnet attack that crippled Iran’s nuclear weapons program. That was a government-on-government attack that had major geopolitical ramifications.
Also, that’s just an attack we know about. I don’t think it takes an elaborate conspiracy theory to surmise that there have been other attacks like this that have not been made public. Some of those attacks might be many times scarier than either Stuxnet or the Colonial Pipeline.
This is all serious cause for concern. With each passing year, the world is becoming more connected and more tech savvy. An entire generation is coming up in a world where the internet is everywhere, both in industrialized nations and in developing countries. Like every generation before it, there will be conflict. It just won’t be fought in the same ways we’re used to.
If it’s possible to shut down a country’s pipelines, electricity, and communication networks without ever dropping a bomb or deploying a single troop, then we can’t assume it’ll never happen. We also can’t assume that it will, especially if we actively work on addressing the issue.
We managed to do that with nuclear weapons. We should make a similar effort with cyber attacks. We just learned that hackers can disrupt a major utility using a type of attack that is almost a decade old. Let’s not wait for another bolder attack on a larger target.
That still doesn’t mean freaking out and trying to live off the grid. It just means doing the necessary work to improve computer security, both on a personal level, as well as a governmental level. I don’t claim to be an expert in either, but if we can all do our part by just not having such an easily guessable password, we can all make a difference.
Jack Fisher's Official Publishing Blog 