Surviving a Public Infrastructure or Energy Grid Attack

Thursday, September 27, 2012

Dan Dieterle


Destructive cyber-attacks against critical infrastructure are coming” – Gen. Keith Alexander said recently at a public interview in Aspen Colorado.

Are you ready?

What would you do if the lights suddenly went out? If power was out for days on end? Where would you get news from? Or more importantly Water? Keep cool or get heat?

Though many disregard the government’s warnings about critical infrastructure attacks what if the worst did happen, would you be prepared? All these questions and answers became much more real to me the last few days.

Recently our city was hit by a tornado. “That’s not a cyber attack!” I can already hear many say. But if power did go out, along with other public utilities at the same time would it really be that much different? And what if it was a natural disaster instead of a cyber attack from China, Russia or Iran?

It may be neither, but faulty, antiquated or overtaxed equipment. Three Hundred and seventy million people in India just lost power through a power grid crash. That is more people than the US & Canada combined. So the question still stands, would you be prepared?

The night of the storm, we lost all electric and all means to communicate to the outside world. Land line phones were dead, cell phone towers damaged. Relatives and others that live outside the city also lost running water.

Here is a list of things that I found to be very helpful:

  • Matches, candles, and flashlights
  • Cash on hand (no ATM access!)
  • Battery powered radio
  • Ice to keep food from going bad
  • Non-perishable food items
  • Water (bottled is great!)
  • Camp Stove or even an outdoor grill!
  • Walkie Talkies especially if you have family near
  • Cell phone
  • iPad or Android Tablet – With car charger!

The worse is not knowing. Not knowing if friends and family are okay, if more bad weather is on the way, not knowing when utilities will be restored, not knowing when things will be returned to normal.

Not only was our ability to get local news hampered, local news stations were also knocked out, but voice cell phone communication was non-existent the first couple of days and texting was intermittent.

The cell phone became our life line. We ended up getting our local emergency news and reports forwarded from a relative that lived in Florida!

Food was a huge concern, especially not knowing how long power would be out. I found that three bags of ice (luckily a local grocery store was unharmed) stacked one on top of the other fared pretty well keeping the freezer cool. Eventually when emergency services supplied dried ice, a block of dried ice next to the bags of ice kept the freezer very cold and kept both dry ice and bagged ice from melting.

The iPad and Android tablets seem an odd addition to the list. You would not believe how helpful they were during the outage, especially when you live in a house full of 2.0 teenagers who are as addicted to tech as much as you are. Locally stored Kindle books helped pass the time, and the mobile devices acted as a helpful mini light source when navigating the house at night. The long battery life on the iPad was a god send too!

As roads cleared, getting out with these devices and connecting to public Wi-Fi’s helped to get news and tell family members that all was well.

Having firearms was also a huge peace of mind. It is an eerie feeling living in a blacked out city at night and seeing the random police car go by shinning his search light up and down the alleys.

This is not an exhaustive or expert guide by any stretch of the imagination. Just some information that may help out if the worse happens.

Are you ready?

Cross-posted from Cyber Arms

Possibly Related Articles:
Industrial Control Systems
SCADA Disaster Recovery Attacks Business Continuity Network Security Infrastructure Industrial Control Systems
Post Rating I Like this!
Mikko Jakonen Dan, interesting and well pushed out, difficult topic.

I want to bring a bit different aspect here to talk about the integration between information, cyber security and human psychological structure.

I feel that most critical thing what comes to the survivality of critical infra or with industrial control environments (SCADA) that we do not have yet experience based understanding
to really see what are the effects of, for example large scale, focused cyber attack against hearts and souls via ICS environments like water, heat or logistics.

Information warfare, in which cyberwarfare should be counted partially too, touches first and
foremost in these kind of examples in human needs and feelings, capability to enable and consuming motivational aspects.

Bad thing for cyber attack compared to natural hazards is amount of "knowing". It is hard to understand why ICS/SCADA works as it does under attack,
how it will survive or does it survive? Natural hazards hardly ever wipe out configuration data or PLC programs from ICS; hacking may wipe.

This kind of scenario does NOT require a large scale offensive, just merely limited but highly accurate touch, which in turn may
escalate hard case to turn back to normal within "normal" timeline, and THAT is the worst thing which consumes resources.

The question what would you do if lights go out and related are good examples of very narrow scale offence
which in escalation might turn really bad. Most of us, the people, have not spend days without electricity.

The worst thing in situation escalation is no one really knows what is the situation, how it is managed and what is the motivational
level capability to operate in situation where everything common, infrastructure and information seems to be in undesired level and nothing
is sure.

We will learn, not by enabling only guidelines and practices, but also by experience.
History has witnessed so many times different IT security principles to be totally wrong in situation shown and in turn,
caused potentially more hassle.

Heavy stuff. More complex we turn, more fragile we are. Resilience is the key. In human high-level capabilities too.
Chris Adams The northeast got a taste of this scenario last fall. After Tropical Storm Irene, some people bought generators. After freak Winter Storm Alfred a lot of people bought generators. The utility company had offices without power, so they exercised their contingency plans as well and learned what they need to do to improved them. Southern New England is at least better prepared.

When the 'big one' hits some day, it will be a tragic wake call for many. And the 'big one' could be either a cyberattack, another man-made disaster, and a natural disaster.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.