Cyberattacks need to be taken seriously
The Colonial Pipeline isn't the first and it won't be the last
Technology is both a blessing and a curse. It makes our lives easier in many ways, but it also makes them more complicated in others. One of the complicating factors is that we are vulnerable in ways that we were not during a simpler time.
The reality of cyberattacks is one example of a vulnerability that did not exist a few decades ago. This week, the big news is the ransomware attack on Georgia’s Colonial Pipeline, which Steve Berman described this morning. The attack raises the possibility of gas shortages in the Southeast, which could lead to price spikes and slowed production and delivery of goods.
The Colonial Pipeline attack is only the most recent high-profile example of cybercrime. Last year, news broke about a hack at SolarWind, a US government contractor. The hackers not only were able to access classified information across multiple agencies but reportedly were able to insert their own malicious code in an attack that went undetected for months.
Prior to that, there were multiple attacks on US election infrastructure during the 2016 election. Many on the right viewed reports of the cyberattacks as an excuse for why Hillary lost, but even Trump Administration officials acknowledged the seriousness of the attacks, which were traced to Russia, a usual suspect in cybercrime. Targets of the attacks included both state and local election administrations as well as voting machine companies.
Russian cybercriminals are suspected in the Colonial Pipeline attack, but the Russian government has been directly implicated in other attacks. In any case, there is often a thin line between Russian criminals and the Russian government, which is clearly using cyber warfare against both commercial and military adversaries.
In 2007, the former Soviet republic of Estonia became the first country to be the target of a national cyber attack with Russia as the perpetrator. When Russia invaded Ukraine in 2014, cyberattacks were part of Vladimir Putin’s arsenal. The attacks on Ukraine included taking control of electrical grids and shutting them down to cause blackouts.
That’s one of my nightmare scenarios. I used to dread the possibility of an electromagnetic pulse attack that would shut off the electricity for much of the country. The book “One Second After” by William Fortschen chillingly describes the aftermath of such an electricity-killing attack in our world in which almost everything is electric and most of us have only enough food stockpiled to last a few days.
The reality is that today an aggressor would not have to launch a nuclear EMP attack to switch off America’s electricity. It would only require a coordinated attack on the electrical grids that supply us with power. This is a threat that should be taken very seriously, especially since the Russians have a history of testing this sort of warfare.
And some in the government do seem to be taking the threat seriously. US News reported that the US was aiding Ukraine in fending off a new spike in Russian cyberattacks in April 2021. In helping allies to fight off Russian attacks, we can strengthen our own defenses, but this also requires a public-private partnership since our electric companies and other utilities are often privately owned and operated.
I’ll add that the problem is not only a Russian problem. China has also had its fingerprints on cyberattacks against US companies in recent years. Even Iran and North Korea, countries usually associated with rogue nuclear threats, have gotten into the cyber warfare business.
Going forward, as we become more dependent on electricity and the internet, cyberattacks will become even more attractive for our enemies. The investment is much less than for nuclear programs, but the results of a large-scale attack could be almost as devastating to a country. If an attacker thinks they can remain anonymous or shift the blame, the temptation to launch such an attack might be overwhelming.
Cyber attacks are going to be a problem that we must deal with for the foreseeable future. Companies, especially those that are vital for power and food, should be working with the federal government to strengthen their defenses.
And Americans should keep a stockpile of emergency items just in case.
If you haven’t subscribed to the Racket yet, click the button below to do so while it’s still free. And remember, with the Racket you get MORE than what you pay for!
You can also find us on Twitter and Facebook. Join the discussion online with our Racketeers Facebook group.
The Racketeers are Jay, Steve, and David. Click each name to contact us on Twitter!
As always, we appreciate shares. If you see something here that you like, please send it to your friends and tell them that all the cool kids read the Racket!
I know there are low-tech ways of crippling the electric power grid that are difficult to defend against. I'm much less familiar with what it takes to prevent cyber attacks but I believe it could be done easier than physically protecting facilities.
I wonder how much a general system backup can be used to restore access and functionality. At least a couple of days is somewhat bearable (see power safety shutoffs in CA - thanks PG&E!): we haven't invested in surge equipment that can handle a major solar event, which could knock out systems for months.