Bombs, bullets, mortars, tanks. They are all so World War II. The next war, if it happens, will be waged in cyber-space.
Imagine the chaos of no air traffic control, no electrical grid, no banking, money, food or fuel. In a matter of days, life as we know it will be either over or damn close to it. No soldiers needed, no buildings blasted to smithereens. Cyber war is the doomsday scenario being played out in war game exercises around the globe.
Penetration Testing at NATO
NATO’s annual cyber-attack exercise, “Locked Shield,” prepped member states in how to deal with a cyber-attack. Over 2 days, different teams from different nations simulated attacks that compromised air-traffic control centers and the electric grid.
“You don’t need to start a war by targeting the military,” Merle Maigre, Director of NATO Cooperative Cyber Defense Center of Excellence recently said. “Malicious codes could render fighter pilots unable to respond even before they take off.”
Cyber Security Damage is Extensive
If that isn’t a concern for you, then add in the rest of the damage a cyber-blast could affect: banking, food distribution, power, fuel. These are most of the things we need in modern society to survive.
Our systems were set up in the 1970s, well before the current level of concern existed. We are clearly vulnerable and way behind the times – and the threats. Our society is so intertwined we can no longer survive without each other. We need to get ready.
30 countries from the EU and NATO took part in the exercise held in Tallinn, Estonia. U.S. Commander Michael Widmann said real-world practice exercises are needed to prepare for an attack. He claimed, “we look at real-life incidents and then we apply them to our exercises. We’re not trying to make things up.”
It Sounds Like a Sci-Fi Novel, But Cyber Attacks Are Real Threats
This is not a future maybe. Cyber attacks have already presented real damage to areas or industries we thought untouchable. So for those of you who play a role in protecting the cyber security of your organization, let us show you how very real these cyber attack and security breaches are – these are some real examples of what cyber criminals have done before.
The Breach of Hospital Ventilation Systems
In 2011, a data breach affected the ventilation system of a hospital. The hacking took place by injecting malware into the hospital computer system. The vulnerability caused significant physical damage to the hospital and as a result the HVAC system stopped. This immediately put patients at risk and placed an immediate threat on the medical supplies held at the hospital. In this incident, the hacker compromised the system and controlled both the air and heating systems from a remote location. As a result of this issue the hospital made proper cyber security measures a priority and performed several server hardening tasks to better protect their data.
A Compromised Turkish Oil Pipeline
Another serious incident occurred in 2008 when hackers disabled the pipeline computer systems. There was no serious damage, but the potential risks were immense – causing the businesses to hire a managed security services provider. If this incident had not been controlled properly, people in Southern California would have been exposed to an immense oil leak along their coastline – and it would have gone undetected by the pipeline management system.
Derailing of a Train
A teen in Poland used a homemade transmitter to trip the rail switches and redirect four trains. As a result of this compromise, 12 people were injured when a train derailed.
German Steel Plant Explosion
In 2015, a steel plant in Germany experienced severe consequences due to hacking. The compromise closed crucial areas of the plant and caused a furnace that was not shut down properly to explode.
Raw Sewage Dump
Hackers can oftentimes be very disgruntled and take out their frustrations on IT systems. Back in 2001, a young Australian hacker took out his vengeance on the town he lived in by hacking into the town’s computerized waste management system and spilling millions of gallons of raw sewage into the town’s parks and rivers.
Power Grid Sabotage
Back in 2015 another critical compromise occurred showing us just how much damage cyber attacks can really do. Faulty firmware placed into a power grid in the Ukraine caused the blackout of an entire city.
Please Pay Attention!
Cyber attacks are no longer confined to stealing information or ransoming information for money. Sometimes hackers just want to do physical damage to a community, a city, an institution or a business. In order to prevent or avoid these horrendous possibility of a Cyber World War III, it is imperative that we implement server hardening measures that prevent infiltrations and improve cyber security.
If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.
Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.