By Dan Tynan
Technology drives just about everything we do, and not just at our jobs. From banks to hospitals to the systems that keep the juice flowing to our homes, we are almost entirely dependent on tech. More and more of these systems are interconnected, and many of them are vulnerable. We see it almost every day.
But what if instead of simply a denial-of-service attack against select Websites, the entire Internet suddenly stopped working — or for that matter, Google could not be reached. What if instead of a mere data breach, our financial institutions were attacked by a weapon that could instantly neutralize all electronic transactions? Or if hackers wormed their way into the systems that control the power grid?
Heck, what if God decided she’d had enough of us and decided to send a solar storm our way?
If you think these things can’t happen, think again. Some already have occurred on a smaller scale. But we thought it might be fun to turn up the volume and see what might happen — how likely a “tech doomsday” scenario might be, how long it would take us to recover, and how we might prevent it from coming to be.
What could possibly go wrong? Try these scenarios for starters.
Tech doomsday scenario No. 1: America goes dark
News flash: A coordinated hack attack on our nation’s power grid caused massive blackouts across the United States, leaving more than 300 million people without electricity for days.
The Supervisory Control and Data Acquisition (SCADA) systems that run U.S. power plants were built some 40 years ago, when the Internet was just a handful of university computers connected via 300-baud modems.
“Back then every power grid system in the world was considered its own island,” says Robert Sills, CEO of RealTime Interactive Systems, which provides security solutions for industrial control applications. “There wasn’t technology available to connect them. Now there is.”
And the downside of all this connectivity is that once a local grid gets overloaded, others connected to it may tumble like dominoes. That’s what happened in August 2003, when overgrown trees and human error triggered a power outage at Ohio’s FirstEnergy. That failure caused a cascade that ultimately left 55 million people in the United States and Canada without power.
It doesn’t take an act of God or Homer Simpson at the controls to cause a cascading power failure. It could be a rogue employee seeking revenge — like the software engineer who hacked into an Australian water treatment plant‘s SCADA system in 1991, releasing 264,000 gallons of raw sewage.
Or it could be an external attacker who gains entry into a SCADA system’s maintenance ports via war-dialing, and then uses social-engineering or spear-phishing attacks to gain entry into the network.
Sills says the vast majority of power substations are vulnerable to such an attack. From there, the attacker simply needs to change a few settings and let the grid’s automated fail-safe systems do the rest.
“Right now it’s a system that’s pretty wide open,” says Sills. “There are any number of ways someone could make unauthorized transactions via routine maintenance. You could create an outage simply by pushing the wrong key.”