DDP Newsletter March 2016 Vol. XXXIII, No. 2
During a recent desert windstorm, with gusts up to 60 mph, the cell phone tower in a small new community near Tucson went down. This was a wake-up call to an associate of mine. There are no land lines there, and all his world news comes through an internet connection. He did not even own a radio. He found this so distressing that he drove to a nearby fire station to find out what was going on. The next day he resolved to buy a battery-powered shortwave radio. (You do have one, don’t you?)
It could be much worse, of course, if power lines were also down.
In our modern world we are constantly able to communicate with people even on the other side of the earth. But this depends on a high-technology array of satellites and of course electricity. Without electricity, most of us would be instantly disconnected. There would be no answer at 911. In fact, we might not be able to call.
The Islamic State warned of “dark days” if the West retaliates for the attacks in Brussels. In the event of an attack on the power grid, by electromagnetic pulse or terrorist attack on critical transformers, the darkness could be quite literal.
An ISIS animated video showing the Eiffel Tower crashing to the ground had an English-language voiceover: “We are coming to you…from where you do not expect…. We will invade London, Brussels, and Berlin…. We will make your filthy blood fill your streets….” (http://tinyurl.com/h8bsz2p).
Brussels, home of the European Union and headquarters of NATO, was partly disconnected and on lockdown after bombs exploded on Mar 22 at the airport and at a metro train station close to the U.S. embassy. Nail bombs, explosive devices packed with nails and other small pieces of metal to increase lethality, were apparently in luggage that suicide bombers pushed through the airport on trolleys. Surveillance videos showed two men wearing black gloves on their left hands only. The gloves were believed to conceal detonator devices called “dead man’s switches” because they detonate the bomb if the attacker loses his grip (News.com.au, http://tinyurl.com/gquxs27).
Bombers involved in the Brussels strikes may originally have been planning an attack on a nuclear power station. Two days after the bombing, a security guard who worked at a Belgian nuclear plant was murdered and had his security pass stolen (Threat Journal 3/26/16, http://tinyurl.com/hys8u5k). Two workers had gone to Syria to join ISIS, raising fears that they may have divulged important information about the Doel facility.
The European Union’s counter-terrorism chief warned that Belgium’s network of nuclear power plants and other major infrastructure face the threat of a cyber-attack over the next 5 years. “It would take the form of entering the SCADA (Supervisory Control and Data Acquisition), which is the nerve centre of a nuclear power plant, a dam, air traffic control centre or railroad switching station,” stated Gilles de Kerchove.
Additionally, terrorists have the “means, knowledge and information” to create a nuclear bomb,” warned International Atomic Energy Agency (IAEA) chief Yukiya Amano in the wake of the Brussels attacks. (Daily Mail 3/26/16, http://tinyurl.com/j4trzko).
U.S. cybersecurity officials are concerned about the vulnerability of computers controlling infrastructure such as the electrical grid, oil and gas pipelines, and transportation (Wash Times 12/16/15, http://tinyurl.com/j3d7fd7)
Thanks to the exceptional generosity of donors, we have been able to help fund five NukAlert Automated Radiation Measurement Stations (http://tinyurl.com/h7nepj4), which will be located in Virginia and California. Each station has the potential to save many lives, by timely warning of danger or preventing panic. Donors are also helping to jump-start a program that our nation urgently needs but that is languishing owing to lack of awareness of the threat and bureaucratic inertia. Please let us know of facilities that would be interested in having such a station!
At our annual meeting, Mr. Arthur Levy, a former assistant fire chief, will discuss the ARMS-2 system and the status of radiation monitoring in the U.S.
Keep your old clunker, writes Richard Maybury (Early Warning Report, Nov-Dec 2015). It may one day be one of the safest cars on the road. It is likely made of steel, rather than federally mandated light-weight materials that sacrifice passenger lives in collisions to better gas mileage. It does not have an automatic door-locking feature to keep Good Samaritans from extricating you. And it does not have an internet connection, like the Uconnect infotainment system that enabled hackers to take control of a Jeep Cherokee from a remote living room (http://tinyurl.com/gthzbzw). Turning on the windshield wipers and entertainment center was a prank. Taking control of the brakes, steering, and transmission while the car was traveling 70 mph on an interstate highway was potentially deadly (see video at http://tinyurl.com/qyq9ztk). “If the frequent attacks on myriad retail and financial institutions tell us anything, it’s that there isn’t a digitally connected network that is completely safe from hackers,” writes Marco della Cava (USA Today 7/22/15, http://tinyurl.com/q9vjbp8).
Thousands of medical devices are now connected to the internet—including MRI scanners, X-ray machines, and drug infusion devices. This is partly to feed data into the patient’s electronic health record. There are of course privacy concerns, as sensitive data are uploaded to servers owned by companies that could change their terms of service or go out of business. Even encrypted data can be vulnerable.
Wearable devices are also proliferating fast. Within five years there could be half a billion devices strapped onto, or even embedded in, human bodies. Nearly half a billion new devices started chattering over mobile broadband last year alone, pushing mobile traffic to 25 times what it was just 5 years ago. What if an internet traffic jam prevents timely transmission of critical data (Nature 9/3/15, http://tinyurl.com/gs4plql)?
Hackers can do worse than steal your personal data. They could alter medical records and treatment plans. One vulnerability is that the same default passwords were used over and over for different models of a device, and in some cases a manufacturer warned customers that if they changed default passwords they might not be eligible for support, apparently because support teams needed the passwords to service the systems (http://tinyurl.com/hj8r4ek). The biggest threat may be ransomware, installed on something like a pacemaker, with the threat to pay or else. Hackers have demanded a huge ransom to restore a hospital’s access to its electronic patient records system (http://tinyurl.com/hbam7vj).
Do we really want wearable devices to transmit our every movement to the cloud?
DDP, 1601 N. Tucson Blvd. Suite 9, Tucson, AZ 85716, 520.325.2680, www.ddponline.org. Follow us on Twitter @d4dp.