Hack­ers could ren­der us pow­er­less

The Compass - - Editorial - Rus­sell Wanger­sky East­ern Pas­sages

Across the At­lantic prov­inces, we’re fa­mil­iar with the oc­ca­sional bout of un­pre­dictable and vi­o­lent weather. The ques­tion, some­times, seems more like, “whose turn is it this time?” than any­thing else.

Last win­ter, it was New Brunswick’s ice storm; in Jan­uary of this year, more than 130,000 New Brunswick power users were with­out power. At the out­set, it was thought to be the worst power out­age in the prov­ince since — you guessed it — an­other weather event, post­trop­i­cal storm Arthur, when 60 per cent of the prov­ince’s elec­tri­cal con­sumers, 195,000 cus­tomer ac­counts, lost power.

But by the time ev­ery­thing had been tal­lied up — and af­ter some cus­tomers had been with­out power for more than a week — new es­ti­mates sug­gested the ice storm had had af­fected 200,000 cus­tomers in all.

Hur­ri­cane Juan and win­ter storm White Juan in Nova Sco­tia and Prince Ed­ward Is­land, hur­ri­cane Igor in New­found­land and Labrador; they are the sort of hard­ship book­marks that many have in their mem­ory. We’re trundling to­wards that time of the year again, at least as far as hur­ri­canes are con­cerned.

But some storms don’t have sea­sons.

What if the storm was tech­nol­ogy-based? In 2006, a fire in a tele­phone com­pany fa­cil­ity in St. John’s saw New­found­land and Labrador lose in­ter­net ser­vice prov­ince-wide, with bank­ing ma­chine, debit and credit sys­tems all go­ing black. The 911 sys­tem was also shut down, with all of the sys­tems knocked out for more than five hours.

Ran­somware hacks have struck uni­ver­si­ties and hos­pi­tals — but what if the mal­ware tar­get was an en­tire elec­tri­cal grid?

As tech­nol­ogy in­ter­twines and in­ter­con­nects more and more, it’s not only the weather that presents a prob­lem.

A lot of peo­ple are prob­a­bly aware of com­puter ran­somware — where in­di­vid­u­als are locked out of their own com­put­ers by ma­li­cious hack­ers, and are forced to pay to get ac­cess to their own data and sys­tems. Ran­somware hacks have struck uni­ver­si­ties and hos­pi­tals — but what if the mal­ware tar­get was an en­tire elec­tri­cal grid?

In­dus­trial con­trol sys­tem mal­ware has ac­tu­ally twice hit the Ukrainian power grid; last year, two mal­ware pro­grams, In­de­stroyer and Crash Over­ride, not only dis­rupted the Ukrainian sys­tem, but erased util­ity com­puter mem­o­ries as well.

At the Black Hat 2017 cy­ber­se­cu­rity con­fer­ence in Las Ve­gas this past week, there was con­sid­er­able dis­cus­sion about whether the sys­tem dis­rup­tions were a full-scale at­tack, or a test drive for some­thing else — some­thing that might be ex­ceed­ingly hard to stop.

“It doesn’t rely on vul­ner­a­bil­i­ties, it doesn’t rely on spe­cific sys­tems be­ing in place, it’s very much just op­er­a­tional knowl­edge of how to ma­nip­u­late elec­tric grids,” Robert M. Lee of cy­ber­se­cu­rity firm Dra­gos said in an in­ter­view with the In­for­ma­tion Se­cu­rity Me­dia Group.

Grid op­er­a­tors are good at bring­ing their sys­tems back up with­out their com­puter sys­tems, so, Lee, pointed out, there’s no need for every­one to get an un­der­ground bunker ready, but said “this is some­thing that will af­fect us all.”

“Our ad­ver­saries are learn­ing from each other, they’re learn­ing from them­selves,” he warned.

The tools used in Ukraine can mod­i­fied, he points out, to be ap­plied to al­most any ma­jor util­ity grid. The only thing slow­ing down com­puter hack­ers is learn­ing the ins and outs of the in­dus­trial sys­tems them­selves. What’s it mean?

Well, it goes back to an old mes­sage, one that the Red Cross talks about to any­one who will lis­ten. The prob­lem is, not enough of us do lis­ten.

Be ready, the Red Cross says, to be com­pletely on your own for a min­i­mum of 72 hours in a ma­jor emer­gency. That means wa­ter, food — and even cash in small bills in case good old non­elec­tronic cash is the only cur­rency that’s us­able.

Be­cause you never know what kind of storm you’ll face.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.