In September 2010, media reports emerged about a new form of cyber attack that appeared to target Iran, although the actual target, if any, is unknown. Through the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide.
From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society. The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful attack by a software application such as the Stuxnet worm could result in manipulation of control system code to the point of inoperability or long-term damage. Should such an incident occur, recovery from the damage to the computer systems programmed to monitor and manage a facility and the physical equipment producing goods or services could be significantly delayed. Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time. The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests.
Iranian officials have claimed that Stuxnet caused only minor damage to its nuclear program, yet the potential impact of this type of malicious software could be far-reaching. The discovery of the Stuxnet worm has raised several issues for Congress, including the effect on national security, what the government’s response should be, whether an international treaty to curb the use of malicious software is necessary, and how such a treaty could be implemented. Congress may also consider the government’s role in protecting critical infrastructure and whether new authorities may be required for oversight.
Has the Stuxnet worm ushered in a new era of cyberwar, or is it simply the latest iteration of familiar strategic instruments? Has the Internet irrevocably shifted the balance between individuals and states, or will governments adapt to regain the upper hand? Does the real threat to cybersystems lie within cyberspace, or in the real world? Cyberwar has become a permanent feature of the strategic landscape, but we might hardly know it.
- Cyberwar and Cyber-attack: How is our strongest network at risk of becoming our weakest link? (tobem.com)
- Surviving Cyberwar (tobem.com)
- Cyberwar 3.0: Human Factors in Information Operations and Future Conflict (tobem.com)
- Hacktivism and Cyberwars: Rebels with a Cause? (tobem.com)
- Terror on the Internet: The New Arena, the New Challenges (tobem.com)
There are an estimated 8.7 billion devices currently connected to the Internet – and each one is a threat to its owner. Computers and computer systems rule our lives, and it is impossible to imagine life without them. But as society has become evermore dependent, both economically and politically, on the electronic flow of information, it has made us vulnerable to the real and destabilizing threat of cyber attack – the extremes of which could see us having to exist without power, vital resources and communications. Confronting this terrifying reality, Cyber Attack explores the digital dangers we face and examines the extremes they could reach. The book also investigates who is responsible and what can be done to protect us. Cyber Attack is written by bestselling author Paul Day, a former hacker turned leading computer security expert, and covers all areas of digital menace. What you learn in this book will make you think again next time you make an online transaction or send sensitive information from your smart phone.
Dynamic Radar Map from Flightradar24.com
“It is late fall 2025; Al Qaeda sleeper cells target the disruption of airline traffic into multiple East coast airports during the busy travel season from Thanksgiving through Christmas.
ADS-B IN/OUT has been fully implemented by the FAA; all commercial airlines have invested heavily to comply with the mandate. Oil prices are at an all time high and flights are carrying minimal fuel loads to save money and offset the cost of avionics.
The goal: force multiple airplanes to divert; pilots, FAA controllers and passengers to lose faith in the system; and possibly cause enough chaos to the NAS system that a few lives are lost.
The plan: exploit the U.S. dependency on ADS-B IN/OUT and GPS for arrivals into busy airports, especially during low visibility conditions.
The teams: five two man teams have been put into play for the mission. They are provided with all the commercially available technology they will need, along with a few modified laptop computers, antennas and transmitters.
The targets: Regan National, Dulles, La Guardia, JFK and Philadelphia International airports. The terrorists have been tasked to park minivans with computers containing modified software that are coupled to ADS-B OUT transmitters. The software is designed to be remotely activated and controlled over an Internet connection. Each computer is programmed specifically for the targeted airport, and transmits 978MHz and 1090MHz signals out a boosted transmitter.
As a result, airlines on final approach will receive false targets on their displays. The terrorists ghost target injects also propagate to the FAA controller’s screens. The terrorists intended these spoofed targets, programmed at conflicting arrival and departure corridors as well as in runway incursion situations, to cause multiple airports to become temporarily unusable. The resulting domino effect causes aircraft diversions and delays that will lead to chaos.”
- USAF Cyberspace Operations Doctrine Document – AFDD 3-12 (tobem.com)
- National Defense Strategy – United States of America (tobem.com)
- Air traffic system vulnerable to cyber attack (newscientist.com)
- Air Traffic Control: Insecurity and ADS-B (defcon.org)
- DEFCON 17: Air Traffic Control: Insecurity and ADS-B (youtube.com)
- DEFCON 18: Air Traffic Control Insecurity 2.0 (youtube.com)
- DEFCON 20: Hacker + Airplanes = No Good Can Come Of This (youtube.com)
- London Mil MODE-s LOGS (Military Aircrafts over London Updated every 2 minutes) (live-mode-s.info)