Scott Air Force Base News

The threat of being ‘digitally dependent’ instead of ‘digitally enabled; analog insured’

On July 16, 1945, the U.S. Army executed the world’s first nuclear detonation.

On Aug. 29, 1949, the Soviet Union proved that it could match America’s destructive power by testing a nuclear bomb of its own. Since that date, America’s enemies have used that original American creation to menace its creator.

In that same context, in the early 2000s, the U.S. deployed the first computer virus intended specifically to wreak havoc upon physical “Industrial Control Systems.” Just like nuclear weaponry, this more recent invention has also been harnessed by anti-American threat actors.

In the 2016 “Institute for Critical Infrastructure Technology” publication “The Energy Sector Hacker Report” authors James Scott and Drew Spaniel highlighted American energy control and distribution system vulnerabilities in the context of their gravity in the absence of analog or manual backup systems.

In an article entitled “The Stuxnet Attack On Iran’s Nuclear Plant Was ‘Far More Dangerous’ Than Previously Thought,” Business Insider author Michael B. Kelly explains the virus’s effect on the “Natanz Enrichment Complex,” Iran’s primary nuclear enrichment facility: “Stuxnet, a joint U.S.-Israel project, is known for reportedly destroying roughly a fifth of Iran’s nuclear centrifuges by causing them to spin out of control.”

In a very basic overview, Stuxnet built upon the old computing principle of “garbage in; garbage out.” By altering the data used by the Industrial Control Systems that managed the Natanz complex’s uranium centrifuges, Stuxnet caused many of the centrifuges to spin at rates of speed which damaged their internal components, stalling the entire Iranian uranium enrichment program.

Conversely, from its inception in November 2009 through the last published annual report in 2016, the Department of Homeland Security’s “Industrial Control Systems Cyber Emergency Response Team” has responded to 1,478 critical infrastructure Industrial Control System incident reports.

Thirty of those incidents proved to be of such a dangerous nature that ICS-CERT deployed emergency response teams to the incident sites.

Across the entirety of American critical infrastructure, anti-American forces have employed cyber-attacks in attempts to compromise Industrial Control Systems at an alarming rate.

In the 2016 “Institute for Critical Infrastructure Technology” publication “The Energy Sector Hacker Report” authors James Scott and Drew Spaniel highlighted American energy control and distribution system vulnerabilities in the context of their gravity in the absence of analog or manual backup systems.

Quoting ICIT “Fellow” Juan Espinosa Parsons in a discussion of a recent cyber-attack on the Ukraine’s power grid, the report explains, “Following the cyber-attack on the Ukraine power grid, there were reports that pointed out that an important vulnerability within the U.S. is that, unlike Ukraine, our power grid typically does not have manual backup functionality. This means that if automated systems controlling our utility power grid were to be attacked, it would take much longer for the response teams to restore power.”

Furthermore, the executive editor of the website "Automation World," Aaron Hand, recently published an article entitled “The Cybersecurity Threat for Critical Infrastructures,” wherein he noted, “... the American power grid was built to be reliable, flexible, and economically competitive. It was not designed for cybersecurity.”

Finally, in an article titled “Backward is Forward: Analog Failover" by Mitre Corporation employees Emily Frye and Quentin Hodgson, the authors argue, “In the world of critical infrastructure operations, there is a subset of essential functions that are called ‘lifelines.’ Water, electricity, communications, transportation, and emergency services are the bare minimum functions that support, the basic functioning nation in the 21st Century.”

So if America’s enemies were to launch a focused, coordinated Industrial Control System attack, the U.S. could easily plummet to its terminal destruction in an exceptionally brief period of time. In order to protect American infrastructure, recover from cyber-attacks, and prevail in cyber-war, the U.S. must evolve from being “Digitally Dependent” to being “Digitally enabled; analog insured.”

To protect those functions, the authors contend: “National resilience strategy should include the preservation of analog failover operational capability for lifeline functions.

“We need a national resilience strategy that embraces universal analog failover.”

In the U.S. an overwhelming number of national “lifeline” functions are being automated in the interests of “cost effectiveness” and “administrative efficiency.” As a result, analog failsafe systems are not maintained with a consistent degree of care. Soon, most of America’s experienced “analog” or “legacy” system managers will disappear, divorcing themselves from direct, manual access to critical infrastructure through retirement.

So if America’s enemies were to launch a focused, coordinated Industrial Control System attack, the U.S. could easily plummet to its terminal destruction in an exceptionally brief period of time. In order to protect American infrastructure, recover from cyber-attacks, and prevail in cyber-war, the U.S. must evolve from being “Digitally Dependent” to being “Digitally enabled; analog insured.”

  Comments