Futuristic Cyberattack Scenario

This is a piece of near-future fiction about a cyberattack on New York, including hacking of cars, the water system, hospitals, elevators, and the power grid. Although it is definitely a movie-plot attack, all the individual pieces are plausible and will certainly happen individually and separately.

Worth reading -- it's probably the best example of this sort of thing to date.

Posted on July 18, 2016 at 6:27 AM • 38 Comments

Comments

chuckbJuly 18, 2016 7:50 AM

Sen. McCain will hold hearings. He will surely subpoena Tim Cook to explain how Apple thwarted the NSA from protecting us.

jaysonJuly 18, 2016 8:55 AM

Guess I'll keep my older car until I can install a secure, custom OS on my new one.

We need a nation level Chaos Monkey.

Hay nony mouseJuly 18, 2016 9:37 AM

It's all believable until you get to,

By now, officials at U.S. Cyber Command were monitoring the situation in New York.

Only for "Political dick picks" as SOP.

blakeJuly 18, 2016 10:32 AM

Targeting civilian infrastructure: still a warcrime.

I suspect the major failures will come from mistakes rather than malice, but past a certain threshold the results are indistinguishable.

BarryJuly 18, 2016 11:01 AM

Interesting article which takes me back about 10 years when, in a previous life in the industry, we researched blended threats and devised some pretty extreme scenarios. At that time some people were sceptical but with the IoT now a reality perhaps we need to sit up and consider such 'Hollywood movie' scenarios?

Not BoJoJuly 18, 2016 12:02 PM

Computer programmers were regarded as witches/wizards and burned at the stake. Membership of the flat earth society surged. Sales of dictionaries went through the roof. People asked started to watch bands performing with their own eyes instead of filming everything on their 'smartphones' (which had actually been declared as lethal weapons and made illegal).

The Internet of Ka-CHINGsJuly 18, 2016 12:06 PM

If only there were some wise old saying, perhaps involving eggs and baskets, that we could fall back on in these uncertain modern times.

Matt FarrellJuly 18, 2016 1:20 PM

At least Middleton, West Virginia is now better protecting the Eastern Power Hub.

TimJuly 18, 2016 1:26 PM

My ad-blocker detects 32 web analytics/beacons on the NY Mag story; there are probably more.

The irony of it makes me smile.

Slime Mold with MustardJuly 18, 2016 2:52 PM

From the fourth - to - last paragraph "As those who were able to sleep began to wake up the next morning, the attacks seemed to have stopped". Wouldn't NYC residents have expected the cyber attacks to have been significantly impaired when the power was cut?

"Several people who lived in homes neglected by slumlords, with only electric heaters to keep them warm, were found suffering from hypothermia ..." The author seems unaware that modern oil and gas furnaces will not operate without power. Everybody without a generator or woodstove freezes.

The NYSE, like all exchanges, has provisions to halt trading, and has done so .

The US Cyber Command says it won't even be able to train properly for a major attack on civilian infrastructure until 2019 .

rJuly 18, 2016 3:20 PM

@Slime Mould,

Just like every time estimate we review from government planners, that estimate is likely on military time.

Aiden PearceJuly 18, 2016 4:43 PM

The video game Watch Dogs is actually a "near-future fiction" that takes place in a smart city with mass surveillance, wide-spread adoption of internet of things, and lots of things that can be hacked into. Interesting thought experiment.

TedJuly 18, 2016 4:43 PM

@Slime Mold with Mustard

Great articles regarding current events and future developments. Thanks so much for sharing.

Have you heard of this program currently available for students?

National Collegiate Cyber Defense Competition

"The mission of the Collegiate Cyber Defense Competition (CCDC) system is to provide institutions with an information assurance or computer security curriculum a controlled, competitive environment to assess their student's depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems."

Jonathan WilsonJuly 18, 2016 5:05 PM

Didn't they make this one already? I seem to remember Bruce Willis was in it and there was a scene with Bruce being shot at by a hacked super-fancy fighter jet or something...

Bated BreadthJuly 18, 2016 8:13 PM

@ Jonathan Wilson

Of course, not having seen them all, I can only recall one recent Bruce Willis movie involving hacking.

Bruce Willis is a former Gibbtown carnie drafted as a TSA agent in "The Men Who Stare at Totes", a tense drama in which airport security theatre finally drops the last ludicrous pretense and starts hiring "psychics". SPOILER ALERT: In the riveting climax, Willis yells out, "I sense that this suitcase has been near liquids!" and remembers -- through a machinegun-paced series of mini-flashbacks -- a previous terror attempt when the terrorist (Achmed bin Malkovich, cleverly disguised as a 600-pound Walmart customer) had flung a 128-ounce Red Bull slushie into his face and disappeared into a sea of fat scooters and Willis was demoted for firing his full-auto (rapidly blinking) psychic stares into the crowd, cardiologically wounding a six-year old girl's service gerbil. (To the accompaniment of 60,000 Wilhelm screams and a few poignant slow-pan shots of an airport floor littered with enough placed products to cover the entire budget.) In the end, Willis opts for a more terrible punishment than quick death -- he and his supervisor (Ruby Rhod) dress the handcuffed Malkovich in a Klan robe, stuff him in a suitcase plastered with White Power stickers and hack into the UPS computer to overnight him to Ferguson.

tyrJuly 18, 2016 8:34 PM


Since I read the sidebars and other trivia as well
I'm amazed at the amount of irrelevant infotainment
contained in a single page. Is this really the state
of modern journalism ?

If our homestar burps in our direction, how many of
the innocent get to be murdered by paranoids in
charge before they figure out it was a natural
event not 'evil hacking wizards and furriner
enemies that done it' ?

Most folk are seemingly unaware of how fragile the
web of trust that allows a society to remain in a
viable state is. This is usually because the events
that take one down make sure no one has the luxury
of documenting what happened. Preparing the military
to attack its own people is a really bad sign of how
degraded the leadership has become. You have to be
completely disconnected from reality to think you
can fix that fragile web of trust by attacking the
people who make it all work for you. It may be very
stylish for the so called elites to grind a boot in
the faces of the poor but none of them will pick a
crop to feed themselves, worse most of those on top
couldn't identify a crop on sight to save their own
life. There's not enough food in most cities to last
a week, and when they spill into the country you get
Cambodia as a result of that knowledge failure.

The past is clear, humans either work together to do
the enterprise of civilization, or they all die. We
can survive the random nuts labelled as "terror" but
we can't survive paranoid stupidity from so-called
leaders. Letting the ingrown psychopathies of the IC
and law enforcement create policy is absolute madness.

The IC has a function, so does law enforcement but they
need to be surveilled, curtailed, and corrected when
they go astray or we'll all be actors in Gilliams film
Brasil.

Security means building things that are not a risk, as
Doctorow puts it they need to fail safely. You can't
make them perfect so you have to make them fail the
best way, not the worst way.

Some GuyJuly 18, 2016 11:23 PM

The response and recovery to a physical world computer attack shares attributes but is not the same as the IT attack that we have much more practice with. Design of real world systems with life safety impact, including

  • Industrial Control Systems (from the story - the power grid)
  • Commercial control systems (elevators, cars, hospital equipment)
  • Business systems (Hospital patient management system)
  • IoT
  • must include true resilience that eliminates single SYSTEM failure points. Resilience enables rapid recovery.

    Design in the physical world must assume a successful attack will occur and build in alternate control paths that can be readily implemented. Resilience in the design builds this in. the Internet routing structure builds resilience in with alternate paths. Other systems use redundancy. Still others use people, which are both the most effective and most vulnerable.

    Isolation is an option. This will make an attack more difficult but at what business leaders will consider a unacceptably high cost in either a competitive market or a fixed price market. Even then, it often isn't that hard to get past this isolation if you can find the design weaknesses. You can't attack 10,000 targets that are isolated, but a motivated attacker can target and attack 10 points if it takes down the system including the designed in resilience. And if there is a single point of failure, game over.

    ☆★☆★☆July 19, 2016 2:47 AM

    This article could be a rough summary of the techno thriller BLACKOUT by Marc Elsberg (2012).

    RexJuly 19, 2016 2:59 AM

    Is there ever a good reason for critical systems like power stations or train control systems to not be air-gapped from the internet? It won't protect against social engineering attacks, but even that can be countered by proper training of employees.

    Wendy M. GrossmanJuly 19, 2016 3:21 AM

    If people haven't read it, Dexter Palmer's Version Control is a really clever look at some possible technology futures. My review is here, if you want to get the gist: http://www.zdnet.com/article/version-control-book-review-who-knows-where-the-time-goes/

    One of the key scenes in the book involves a many-car pile-up caused by a communications mismatch due to a load of drivers who spoofed an update to the car's software in order to be able to keep playing their favorite windshield video game. I thought that was a brilliantly plausible combination of technology and human psychology.

    wg

    ianfJuly 19, 2016 4:22 AM


    That article could be a rough summary of the 2012 techno thriller BLACKOUT

    If that is so, then somebody should sick lawyers of that thriller's publishers onto lawyers of NYMag's publishers in a Thunderdome® in Central Park (transmitted live until just one standing).


    @ Rex asks “Is there ever a good reason for critical systems like power stations or train control systems to not be air-gapped from the internet?

    (Were Clive Robinson here, he'd have a 7kB thing or two to say about energy-, not mere air-gaping, so you get off easy).

    The (second-hand) reasons usually given in post-catastrophic press conferences, etc., are that RESTRICTED/ CONTROLLED, BUT Internet access was needed for routine maintenance and "future proofing," by which is meant that "we don't know where this thing will be in 10 years' time, so we may as well now probe the envelope for potential breaches and weak points/ nodes before we go wild with all things Internet all the time.” Which sounds logical, and, in places where old/ but not IP-based/ electronic control systems are retained AND maintained in parallel, it is a forward-thinking strategy.

    Only, as we know, complex systems disasters do not happen because of some single, petite, testable errors in just one point, but as a result of unforeseen sequences of events at many levels of the whole, that finally "tips over" into self-destruction. And Internet access makes things more complex by a magnitude. That is where catastrophe preparedness usually fails, not enough fantasy by the planners, and too much not-rocking-the-boat pooh-poohing the scaremongering scenarios from obnoxious underlings.


    ADMINISTRIVIA @ Wendy M. Grossman

    If people haven't read it, This Author's Book Title…

    As a writer (reviewer) presumably with ambitions of being read, you should know better than to address anything to "people." We, the participants of this forum, may be a kind of loose "collective" with some common denominators of interests in crypto and cyber security, but each of us reads the forum SOLO. So you think of/ address the reader as an individual, if you haven't read it…, not as a part of some amorphous "people." Got it? At ease.

    Some GuyJuly 19, 2016 6:46 AM

    @Rex: Is there ever a good reason for critical systems like power stations or train control systems to not be air-gapped from the internet?

    I know of no control system for the 17000 substations in the bulk electric system that uses the Internet. It's one tiny step from illegal. But they are all interconnected on private networks that run many protocols, mostly based on IP.

    This communication is critical to balancing power between the end customer, the 100,000 total transmission and distribution substations, and 10,000 generators spread across 4 separate (connected by DC transmission) North American power grids.

    What happens when it fails? Read the 2003 northeast blackout report. Lack of visibility and situational awareness by operators was a significant factor.

    While size and interconnection allows large outages, it also gives you the broader reliability that means a storm won't take you down. One grid is smaller than the other 3. Texas, because it's Texas, runs a smaller independent power grid to avoid interstate commerce regulations (historically). This smaller grid is much more fragile, is why in really ugly supply/demand conditions you see utilities paying $5/kWh instead of 5 cents in Texas. It's not that frequent, but it happens.

    Who?July 19, 2016 8:31 AM

    @ Matt Farrell

    Are you sure? They are running SCADA systems yet.

    -- Thomas Gabriel

    albertJuly 19, 2016 3:01 PM

    "...By now, officials at U.S. Cyber Command were monitoring the situation in New York....", and the rest of the paragraph.

    I feel so much better, knowing that they're -monitoring- the situation.

    Right away, they start to talk about -attribution-.

    Let's punish the bad guys.

    Then the CS experts investigate -exactly- the same attack vectors that have been used in the past.

    "...The city’s head of cybersecurity was fired, as were several of the engineers who had plugged in the USB sticks...."

    This is irrational and useless. You can't stop stupid people from doing stupid things. It's what they do. You -can- eliminate USB and optical drives from critical systems. You -can- force good passwords and secure private networks. You -can- eliminate remote programmability.

    An ounce of prevention is worth a pound of cure.

    It's only a matter of time before the next big one.

    . .. . .. --- ....

    Clive RobinsonJuly 19, 2016 7:26 PM

    @ Rex,

    Is there ever a good reason for critical systems like power stations or train control systems to not be air-gapped from the internet?

    It depends on how you look at it...

    From a technical viewpoint, you can install your own compleatly independent network, and long ago that is what many if not all utilities and transport organisations did.

    However justifing the cost involved is one that has legal implications for the executives. Put simply shareholders can take action for reduced profits thus reduced dividends and share price. This has happened in the past and some organisations that had issued public shares ended up buying back the shares rather than have the longterm growth threatened by short term share holder interest.

    The big issue with "air gapping" a Command and Control network is the "communications" between nodes. Many people who frequent this site don't actually have the level of experience required to be able to establish and maintain a wide area reliable and secure isolated communications network, of the sort required by such infrastructure organisations. Arguably even the military and security services don't have the resources and knowledge to properly isolate such communications against other state level attackers.

    It's a problem that was realised by those working at Bletchley Park during WWII and an issue that Gordon Welchman spent the next third of a century thinking about as he researched, designed and proposed systems for the USG, part of which gave rise to the Internet.

    It's actually a very hard problem, and the only commercial organisations that appear to be able to put the resources in are those involved in high frequency trading and similar.

    JasonJuly 20, 2016 2:18 AM

    @ Rex,

    Internet is a resilient network designed to withstand catastrophic attacks. An infrastructure must protect itself from not only the digits but any type of physical interruptions. The levels of transport security, thanks to the likes of our host, have grown to confident levels that the delta is in favor of it in comparison to physical separation. The insurers would be better protected in the event of natural disasters.

    DroneJuly 20, 2016 3:35 AM

    And People transfixed by hacked mobile Pokemon started walking in front of real busses and off real cliffs and rooftops.

    albertJuly 20, 2016 11:04 AM

    @Clive,

    Public utility infrastructure improvements like increased computer security aren't even secondary considerations. This is 'throw the dice and cross your fingers' management theory. Most corporations live from one 'crisis' to the next, whether it's the stock price, or a real disaster. (Dismantling [reform is impossible] the stock market is a discussion for another time)

    Remember, in the old days, telephone leased lines(cheap) and microwave relays(expensive) were used. 'Broadband' was just coming in. Physically damaging the networks was the only way to disrupt the system, and they were relatively simple to repair.

    Now, systems can be disrupted and even damaged from the comfort of your living room, while you munch pizza and sip a cold one. Not only that, but you can gain access to the central control systems, something that used to require physical access. IIRC, the Ukraine incident didn't involve physical network attacks. I don't think such attacks would be the first choice. If you control the computers, you control the system, even it has the most secure, dedicated physical network money can buy. The Iranian incident showed that air-gapping can be bypassed.

    So there!

    . .. . .. --- ....

    Clive RobinsonJuly 20, 2016 12:30 PM

    @ Albert,

    Physically damaging the networks was the only way to disrupt the system, and they were relatively simple to repair.

    Not quite, those VHF, UHF and microwave links realy were quite vulnerable.

    To save money they often used a repeater that was also shared by the PMR comms in the works vehicals etc. It did not take much effort to hit the VHF and UHF links and could be done by a couple of young teen schoolboys with an interest in pirate radio.

    It does not take magic to read a map and get on the roofs of towerblocks and other high places with a telescope and a compass. Thus finding the repeater locations whilst not quite childs play was not difficult.

    Once found a close look at the antenna with either the Mk1 eyeball or with moderate oprtics would give you an aproximate idea of the wavelength. A quick look in the PMR etc listings would enable you to get the aproximate frequency within a few MHz. You take a frequency meter an antenna amplifier and appropriate antenna to quite close to the site and usually within a half hour or so the repeater would fire up and you get the ouput frequency displayed on the frequency meter.

    Knowing this you can tune in a scanner to the frequency and with a tape recorder and high stability audio oscilator record both the ouput and input audio of the repeater (you sent the audio to the left audio mic input and the audio oscilator to the right mic input to use as a refrence to eliminate tape speed issues).

    Back in your home lab you can decode the access tones and any data that was sent on subcariers etc by observation on the scope screen using the audio tone to either trigger or provide the X input for XY display mode).

    Usually generating the "selcal" tones was not dificult, cut-n-splice of audio tape usually worked. And a simple test with another PMR car unit purchased from an Amateur / Ham rally or borrowed from a friend in the taxi business got the relay to work for you.

    At which point you effectivly owned their network, as data transmission was easily recognised and with a little effort decoded as it was not protected in any way.

    The hard part was Direction Finding the "out stations" to work out what each data signal was likely to be... But as a very limited amount of equipment was used getting the commercial specs was not that difficult.

    In some ways microwave links were easier as they were all point to point and finding out where they were pointing was simply a matter of using a direction finding compass and a map. Finding the frequencies would have been much harder if it was not for the fact the UK gov actually made the information available in published form...

    So you can see what mayhem was possible if we teenagers had decided to do so...

    However we had a much better use for these repeater networks, we pirated them for our own communications. We eventually with a little help pirated satellites due to the simple way they worked. But that as you say is a story for another day.

    ianfJuly 20, 2016 12:51 PM


    @ Drone “And People transfixed by hacked mobile Pokemon started walking in front of real busses and off real cliffs and rooftops.

    You don't know how prescient you are. I live in a country where that P. thing hasn't officially been released yet (or so I hear on TV news), yet yesterday I encounter seemingly somehow connected people standing in clutches at the entrance to a park with a kindergarten inside, all entranced[sic!] by their little smartphones. Pedophiles, I think (not). Maybe something ominous has happened in the world while I was shopping, and they look up news about that event? I inquire with one of them. Poke-bloody-mon hunting all, or something. WTF is in it for them, free pick of Thai Mail Order Brides?

      Hate to be so uncivil, but is there something that could be done to abet these people onto these cliffs and off the rooftops? Something akin to the software "condom" that was the first line of defense against the 1988? Morris worm (=a token at a specific memory location that told multiplying instances of the worm, that this mainframe already been infected—so quit. BTW. I only remember it, because I read about it in TIME Magazine, where it was remarked upon that the word "condom" now could be uttered in print).

    albertJuly 20, 2016 1:02 PM

    @Clive,

    Interesting. I didn't know that folks were messing with microwave relay links back then.

    It's hardly low-hanging fruit compared to cutting telephone cables:)

    . .. . .. --- ....

    Clive RobinsonJuly 20, 2016 3:19 PM

    @ Albert,

    It's hardly low-hanging fruit compared to cutting telephone cables:)

    True, but even rats can and do cut telephone cables for lunch, where's the fun and skill in that ;-)

    tyrJuly 20, 2016 11:51 PM


    @Clive, et al

    What I find bizarre is that all of the specifics
    were working long before anyone had heard the
    word interNet. Once it appeared supposedly the
    new thing didn't need any of the past safeguards
    because "better" and everything that was sround
    suddenly got hooked to the Net "because it was
    possible". The technicals bitched like mad at the
    time
    but were over-ridden or were starry eyed about it
    themselves. Now that rationality has reared its
    ugly head in the realm of consequences there's
    a sudden rush to re-invent the wheel.

    The economies of scale and unbelievable levels of
    access changed the whole complexion of the interNet.
    Most of it happened without a corresponding level
    of education as to how it worked. It hasn't gotten
    better and we're still bitching to the clueless,
    who always palm off the problem on the shareholders
    because economics fed them that phony myth about
    how things work.

    The instant that IP socket opens the answer to 'who
    gets access' is everybody gets access. Now the question
    should have been is it a good idea to give everybody
    access to your favourite (insert critical infrastructure
    name here). IoT just increases the scope of the same
    problem and for the same idiotic set of reasons. Do we
    have to have every lightbulb hooked up so everyone has
    access to it ?

    Once you decide the technical people can be ignored it
    is a recipe for disaster. Education decided that you
    can manage without any expertise beyond glad handing
    and playing cover your ass and what you see time and
    again is the ugly problems it makes for later.

    Clive RobinsonJuly 21, 2016 3:29 AM

    @ tyr, et al,

    Education decided that you can manage without any expertise beyond glad handing and playing cover your ass and what you see time and again is the ugly problems it makes for later.

    As I've indicated befor there is a stratagem for the sociopathic tree climber's with their sights set on the top.

    As we know business like life in general is full of risk and those following the law of the jungle. Which means if a risk goes bad you get eaten by the competition.

    So the trick is how to minimise your personal risk and continuously look like a winner. Supprisingly the answer is simple once you get past the initial unavoidable risk in your tree climbing.

    Any project requires resources one of which is time. A properly managed project brings the other resources to the table in a timely manner. Which means there is a lag between inception and production, and nearly all projrcts are a success in the early phases, it's later where the "hidden" problems bite.

    Thus what you do is become a project evangalist, but take care to jump ship at an appropriate point.

    Thus as an evangalist you are a "big ideas and stratagem overseer" you claim great things and get the budjet to start the project, on the principle that the more zeros in your budjet, the more respect you get, thus the easier it is to sell blue sky acreage...

    You then spend the budget getting tallent etc to start building the skeleton of the project, providing good reports etc to other stake holders. It's at this point when all is apparently going well you go somewhere else and start another grandiose project. If the project you left succeeds you claim it was your good groundwork and vision that others simply followed to success. If as is more likely the project eventually fails, you blaim those that came in to replace you for not following your vison and building on your good ground work. Either way you are a winner, and that's what you sell to others to get your next big project. The bigger the project the longer you can stay in the innitial success zone and the more visionary you can be...

    For those that find this incredulous look at the big consulting firms and big four accountants, this is exactly what they do to make the big bucks.

    No matter how many road crashes they have behind them these people are like the snake oil salesmen of old selling a dream not a reality, and they are long gone before you can climb out of the wreakage...

    Leave a comment

    Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

    Photo of Bruce Schneier by Per Ervland.

    Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.