If a reduction in globalization is the worst case scenario the authors envision in the next 20 years, I think they may be lacking somewhat in imagination.
[1] Generally watching the Arab spring is like watching a referendum vote on the principle of separating church and state. But done with guns, bombs, and civilian casualties rather than a voting box.
Really, they project China as #1 and Russia on a major downwards trend. Astonishing that this would be the reaction.
The whole cyber-attack warning reminds me of all the Ma Bell projections of phone outages during the phreaking era :P
I wonder about this. It seems like every study about the dangers of terrorism mentions this kind of cyber-attack as a possibility, and I just don't see it as being feasible. Hurricane Sandy cut out my own power for a week, and several people I know were without power for 2 weeks, and we got through it. I just don't believe that a cyber attack could damage the electrical infrastructure so badly that it would kill thousands.
Yes, but there are many people who are not young and healthy.
The worst impact would be on hospitals, nursing homes, the homes of elderly, etc, who require electricity for something other than productivity and comfort.
If more regions or a large part of the country is affected, that's going to be hard or impossible.
Providers don't staff for that kind of disaster, they rely in part on each other.
The more likely case is that power would be down until the stations could be disconnected, computers brought back online and the station brought back up in an orderly fashion -- not unlike the situation in 2003, where extra line crews were largely unnecessary.
Though if such an attack could cause physical damage to transmission or generation equipment, I don't think even loaner crews would help much. Downtime would likely be gated by how quickly new equipment could be made and shipped.
If they could damage notably more parts than are annually made for replacement/expansion... it could be much worse than widespread downed lines.
Will this ever go away? Have terrorists ever pulled off a meaningful cyber attack? Why didn't the study mention the risk of those aliens from "Mars attacks" flying in and vaporizing important COLO sites?
[1] http://www.wired.com/politics/security/magazine/15-09/ff_est...
So the challenge is on par with saying "find a particular unsecured box on the internet". Without per-target research, you don't have a whole lot to go on. You can find tons and tons of targets. But the odds of them being the one you wanted, or even of the type you wanted, are pretty low.
Which isn't to say it's less a threat. But, rather, it's a threat that isn't likely to be casually exploited. Anyone who goes through the trouble of per-target research and exploitation of a number of such targets, isn't likely to pull the trigger for the lulz.
Even a "trial run" of an exploit would be a risk. You'd be inviting scrutiny of the trial machine, including logs at the ISP (and NSA) going back cheney-knows-how-far, and if nothing else, have drawn attention to the very problem you're hoping continues to be ignored.
Hactivists exist, obviously, but your brand-name terrorists like Al Qaeda have not used the Internet as an attack vector.
Yet.
https://www.google.com/search?q=sandy+generators+hospital
I don't dispute that they wouldn't receive government help as quickly as possible, but playing the loss of electricity as having zero impact is also unreasonable.
Further, there's an economic impact to businesses. A terrorist attack need not take lives, just damage something.
Once hackers start mucking around with the grid, things start shutting down by themselves (cascading failures like in the 2003 blackout that you mentioned in another comment). In this situation, damaged equipment can be replaced fairly quickly (far quicker than if, say, a $60 billion storm throws trees across the wires).
I guess I was just looking more for responses from actual electrical engineers with knowledge of the problem. Otherwise we're all just talking out our collective asses, right?
A huge swatch of the north-east US lost power for a couple days, not all that long ago, because of a tree branch. And efforts to contain the problem were hampered by an obscure bug in the management software.
If a freak accident can expose a cascade of unexpected fail-over behavior, do you really think the grid is hardened against deliberate malfeasance? Particularly when we consider that the vulnerabilities from which voltage irregularities could be created, could quite likely attack or destroy the management software itself.
Mix in the likelihood of attackers having access to several nodes on the grid at once and regional blackouts seem quite plausible.
In which case a country-wide blackout is merely a question of whether attackers could compromise enough stations across enough of America to effect several concurrent regional blackouts.
Why is control of the electrical grid accessible to the
internet?
There are people asking that question, it just doesn't get press. Because the reality is quite likely that there are solid business reasons for some access and the real problem is piss-poor security on that access [1].
So you either report on computer security details or alarmist disaster scenarios [2]. And one of those lines of reporting will sell more copies than the other.
[1] If there was no business value in access, they wouldn't have paid to install data lines. I'd imagine remote administration, monitoring and centralized reporting are quite useful, particularly when observing large swaths of the grid.
[2] Which means, yes, people tend to get caught up in infeasible scenarios like hackers causing nuclear meltdowns. But the unlikelihood of those types of catastrophes does not mean that there are no catastrophes that can be caused by compromised infrastructure control machines.