Are Squirrels A Bigger Threat To Our Critical Infrastructure?

"The real threat to global critical infrastructure is not enemy states or organizations but squirrels, according to one security expert." Long-time Slashdot reader randomErr quotes the BBC. Cris Thomas has been tracking power cuts caused by animals since 2013... His Cyber Squirrel 1 project was set up to counteract what he called the "ludicrousness of cyber-war claims by people at high levels in government and industry", he told the audience at the Shmoocon security conference in Washington. Squirrels topped the list with 879 "attacks", followed by birds with 434 attacks and then snakes at 83 attacks.
Those three animals -- along with rats -- have caused 1,700 different power cuts affecting nearly 5,000,000 people .

We understand the "squirrel problem"

[davidwr]

Problems like this have existed for decades or more and we know how to prevent it.

It's a business decision whether to invest in prevention, mitigation, both, or neither.

The "foreign government cyber-warfare" problem is less well-understood and is ever-evolving.

----
For what it's worth, most "mother nature" problems can be handled by having adequate redundancy and/or backup systems and, for most users, having an expected service level that allows for the grid (or internet, or other utility) to be offline for several seconds at a time while backup systems kick in. A state-level attacker is likely to be aware of the backup systems and attack both simultaneously.

Re:Squirrels spread their attacks conveniently

[Sarten-X]

How many spies and saboteurs with well-placed bombs (or high-powered rifles) would it take to disable the power grid? Not many, I would think. There are a lot of threats besides 'the cyber.'

Far more than it takes to set a flag on a C&C server. Those spies and saboteurs also have to be physically present around the time of the coordinated attack, increasing the risk they'll be caught, and the opportunity for them to double-cross the attacker and reveal the plan to the target.

On the other hand, malware can lurk for years undetected from a single entry point. A small team of sub-sub-sub-contracted service technicians can deploy malware to an embedded system, and walk away. Sufficiently advanced threats can hide their traffic inside the normal monitoring operations of the utility, cross through the network, and even add personnel records, effectively making their actions look like legitimate employee operations until they shut everything down.

Targeting infrastructure has been a military strategy for as long as there have been militaries. Modern tactics, however, focus on efficiency. If five malware-assisted spies can take down a target country's utilities with no risk, why spend the budgeted resources to recruit and train (and possibly extract) fifty to do the same job? That budget can then go toward hiring cryptographers to decrypt the target's movement orders, so you spend less budgeted resources trying to find the enemy units. That leaves more budget to use on building better bombs and guidance systems, and so on.

Ultimately, the goal is to win the war. With modern society relying on border-crossing communications, it is no longer really important who can put supplies into what territory, as was important until around 1960. Now, it's important to convince the locals that you're protecting them from the evil oppressive enemy, and doing that means minimizing civilian deaths. Better targeted bombs, better intel, and attacks that don't involve blowing up a power plant full of civilian workers, are all ways to reduce your side's death count.

Security is something for professionals like us to think about always while we're working, but it's not something to panic about. A lot of these news stories like this one are designed to spread panic...

There's very little panic, except for a few uninformed headlines where a laptop with malware became a complete takeover of the US power grid. On the other hand, the DNC hack is a great example of how information-based warfare will be conducted, and the news article you linked explains it well. Unlike Watergate, there was never a Russian physical presence in the DNC. There's nobody in the US that can be arrested for it. After the initial breaches, there was almost no evidence of the digital presence. The reality of the situation once it was discovered was met with skeptics like you, who underestimate how useful such an attack could be.

While that holds true, the attacks won't likely escalate. As soon as an enemy attacks the American power grid, every American company will treat information attacks more seriously, and the low-hanging fruit will disappear.

...and to increase power to those who are spreading panic.

There's nobody really getting more power from this, though, except for a few hucksters who are selling fraudulent security systems. The threats have been real and the attacks have been ongoing for the past few decades, and the people who have been wise enough to care have found that there are solutions available. There are backup generators and UPSes protecting vital systems from outages of the power grid. There are airgaps and mitigations protecting secret information. There are encryption algorithms and opsec protocols protecting identities... Security is cheap, but it is very user-driven. The user has to care for security