Comment by tosapple
13 hours ago
What I am starting to appreciate about these digital infrastructure attacks is that they may be reversible and or temporary. It can be a nice feature.
13 hours ago
What I am starting to appreciate about these digital infrastructure attacks is that they may be reversible and or temporary. It can be a nice feature.
Time matters.
Imagine the power grid fails in an entire city for 48 hours. How many apartments or shops have backup power for 48 hours? What about hospitals or cellphone towers or traffic lights?
How long before someone cannot make a 911 call or hits another car at night or dies in intensive care because the machines don’t work anymore? What about all the food in a refrigerator, or CCTV cameras, or POS payments or a thousand other things? And if sometimes physically fails, how long before a technician (who was himself relying on that power grid) is able to reach the place, carrying whatever spare part they have, and fix the thing?
Or, take a dam. I’m no dam expert, but how long does it take before a flood happens? And when water starts flooding the streets, how long before people can’t get out of their homes, cars are swept away, and so on? How long before standing water starts carrying diseases?
Deaths resulting from such attack are not reversible.
Then you're missing the point.
If they succeed they may well not be reversible. The question is if this had succeeded would we have shrugged it off again or responded appropriately?
Can you give some examples of? I can imagine that under the right circumstances you might succeed in blowing up some transformers or even a turbine, but it seems like you’d be up to speed within a month or two on the outside? Or am I missing the gravity somehow?
Pardon? A month or two without power does not seem like an enormous crisis?
Stuxnet destroyed centrifuges. It does not seem impossible that a sophisticated attack could shred some critical equipment. During the Texas 2021 outage -they were incredibly close to losing the entire grid and being in a blackstart scenario. Estimates were that it could take weeks to bring back power - all this without any physical equipment destroyed or malicious code within the network.
Edit: Had to look it up, the Texas outage was "only" two weeks and scattershot in where it hit. The death toll is estimated at 246-702.
https://en.wikipedia.org/wiki/2021_Texas_power_crisis
> Or am I missing the gravity somehow?
Yes, there is the risk of cascading failures, some industrial processes are very hard to re-start once interrupted (or even impossible) and the lead time on 'some transformers' can be a year or more. These are nothing like the kind that you can buy at the corner hardware store. A couple of hundred tons or so for the really large ones.
Grid infra is quite expensive, hard to replace and has very long lead times.
The very worst you could do is induce oscillations.
Transformers and turbines of any significance are not off the shelf parts and can have lead times of years
4 replies →
I've seen less-than-credible software in an ATM and in a "ring up your own groceries" station. No idea who's behind it or who would care, though.
It's middle of winter, and it gets pretty danged cold. Being without power in such weather might well end up being deadly, even with short durations.
Consider that if a cyberattack could destroy a major power grid transformer, for a marginal cost approaching zero, versus the low-end US$10 million a Kinzal ballistic missile would cost to do the same thing (presuming you only need 1 which is...unlikely), that that might be a significant military capability.
I wasn't commenting on any particular case. I was stating that flipping a switch is less costly to reverse than blowing up a dam.
These attacks are not at the level of 'flipping a switch'. If they succeed they can destabilize the grid and that has the potential to destroy gear, and while not as costly as blowing up a dam it can still be quite costly.
9 replies →