“This is the way the world ends. Not with a bang but a whimper.”
~ T.S. Eliot, The Hollow Men
“Portland Tower, NW flight 337 heavy”
“Flight 337, Portland Tower”
“Portland Tower, flight 337, we are experiencing instrument inconsistencies. Could you give us your read on our altitude and location?”
“Flight 337, are you declaring an inflight emergency?”
“Negative Portland, we just want to validate what are instruments are telling us.”
“Flight 337, we have you at 4-7-thousand about 100 miles west of Boise, at 490 knots.”
“Portland, be advised, we will need your assistance until otherwise notified. Instruments have us at mach 3 entering Canadian airspace.”
Not the only problem noted, but one of the first recorded. Aircraft throughout the west coast begin reporting similar instrument failures. The Air Traffic Controllers quickly push the issue up the chain, and the FAA, in consultation with the DHS and the President, grounded all flights over California, Oregon, Washington, Idaho, Montana, Utah, Arizona, Nevada, Alaska and Colorado.
Verizon, AT&T, and Sprint, became flooded with notices that cellular phones were inoperative. All carriers receive similar reports. The same collection of western states is now plagued with lack of wireless service, and land-based communications are soon overwhelmed.
Many hospitals began reporting that their medical paging systems were no longer operational. ATM’s all over the west coast were no longer amenable to giving you your hard earned cash. The ports of Los Angeles, Long Beach, San Diego, Seattle/Tacoma, and San Francisco lose the ability to track ship traffic, and cargo had to stay ocean bound while a low tech solution was used to allow ships to safely enter and leave the ports. On ship gyroscopes were giving ship’s navigators inaccurate readings, as the gyros are calibrated using GPS. Many cargo ship captains choose to stay far out at sea for fear of hitting other vessels. Anti-collision digressed to visual spotters and binoculars.
Rail traffic slowed to 10% of capacity, as the presidentially mandated Positive Train Control (PTS) caused collisions and near collisions by reporting train location data incorrectly.
Rolling blackouts began to occur as electrical grid operators were no longer able to synchronize power with other grid dwellers. To make matters worse, some of the smaller electrical suppliers began suffering Aurora Vulnerability failures.
Likewise, water and sewer operators began suffering catastrophic failures of large electric pumps, again from Aurora Vulnerability. Domestic water service was spotty, and waste water began exploiting emergency overflow plans, causing contamination and potential disease issues.
Industry officials reported that the software addressing Rockwell International Programmable Logic Circuits (PLC), the most common PLC in use in America and commonly used in SCADA (supervisory control and data acquisition) controls had malfunctioned. The result was physical destruction of the pumps and generators.
Social media spreads the word about inaccessible ATM machines. By the time banking hours rolled around, people fearing their lack of ATM access to their cash began drawing out large sums. Retailers start moving towards cash only transactions. Civil disturbance became a potential issue for local law enforcement.
The military began a flurry of activity to mitigate the impact of these occurrences on their Power Projection capabilities. A Power Projection Platform (PPP) is “an Army installations that strategically deploy one or more high priority active component brigades or larger and/or mobilize and deploy high priority Army reserve component units.” This disruption has taken out PPP for three key locations: San Diego, Tacoma, and Colorado Springs. Even the remaining 12 platforms were degraded, as the cascading effect of crippled west coast rail traffic slowed rail traffic to east coast sea ports.
The Air Force was concerned about air sovereignty for a significant portion of the US land and sea border. The Navy was repositioning ships, but cautiously due to the increase of directionless cargo ships. As the military scrambled to find answers, they discovered that five (5) GPS satellites had been “spoofed” which alters the satellite’s transmission from their internal atomic clocks. The result is inaccurate positioning data. Much worse, the GPS clock data is used for cell phone tower coordination, electrical grid synchronization, gyroscopic system validation, stock market fraud prevention, and many other infrastructure systems. Just knowing you are being spoofed does not provide immediate relief. Since the GPS signal is spoofed after it leaves the satellite, the fix is not at the satellite. The spoofing has to be stopped.
Once the news of the spoofing leaked out, unscrupulous stock traders tried to exploit the time inaccuracy to leverage advantageous stock purchases. If you know in advance a stock is going up, and you can use the time inaccuracy to “back date” your purchase, you can win every time. The New York Stock Exchange closes until the vulnerability can no longer be exploited.
The net result is economic crisis, transportation gridlock, much of the west coast population is challenged by a lack of water, power and sewer, degraded military capability, crippled supply chain, disrupted crop cycles (irrigation), and lack of capacity for just-in-time perishable commodity delivery.
In designing this scenario, I limited myself to existing technology, capabilities, and conditions. I have cited references for those who disbelieve or want more information. An attack of this magnitude would require the sophistication and resources of a nation state. I assert this is the same formula that describes the STUXNET attack on the Iranian nuclear centrifuges. The technology in the scenario already exists, and is, generally speaking, readily available. One of the additional advantages of a cyber-based attack is that none of the cited technologies allows for easy attribution. Against whom do we retaliate?
GPS spoofing has already occurred, both intentionally and unintentionally. Allegations were made that North Korea jammed the GPS signals near the North/South border. Although denied by the North, the following advisory came out to pilots operating in the area:
CAUTIONARY INFORMATION FOR AIRCRAFT OPERATING IN INCHEON FIR:
PILOTS HAVE REPORTED THAT GPS SIGNALS ARE UNRELIABLE OR LOST INTERMITTENTLY IN INCHEON FIR.
EXERCISE EXTREME CAUTION WHEN USING GPS. 28 APR 00:32 2012 UNTIL 03 MAY 15:00 2012 ESTIMATED.
CREATED: 28 APR 00:34 2012.
Of course the criminal element would not want to miss out. Here is a quote describing the economics GPS spoofing: “Criminals could also spoof GPS timing for profit. The US National Association of Securities Dealers requires financial traders to time-stamp transactions with an accuracy of within 3 seconds. The bad guys would spoof the timing at their preferred site and, watching an upward trend, buy stock a few seconds in arrears,’ says Humpreys. ‘Those three seconds could be worth a lot of money.”
Another GPS disruption impacted the San Diego area. Traced to a US Naval exercise, it impacted GPS navigation, ship tracking, ATMs, cell phones, and emergency medical paging. GPS jamming on a smaller scale is both cheap and easy, thanks to internet retailers. Truck drivers who don’t want their bosses to know where they are can jam the signal coming from their truck. Some toll roads use GPS as part of the toll system. Jammers can provide a free pass through the toll gate.
We have become very reliant on GPS, not just for navigation, but for that precise internal atomic clock that is necessary for GPS to work. The technologies that rely on that clock are varied. For example, the ability of electrical grid operators to synchronize the electricity on the grid from multiple generation sources is essential for inter-system electricity distribution. This synchronization is done with GPS.
There is a system that provided an alternative to GPS navigation. Called eLORAN, it is still used in many countries, but is being abandoned in the US, leaving us no alternative to GPS.
GPS is also an essential part of the Positive Train Control system (PTC). The Rail Safety Improvement Act of 2008 (RSIA) (signed by the President on October 16, 2008, as Public Law 110-432) has mandated the widespread installation of PTC systems by December 2015.
Let us not forget that many of the precision weapons the military now uses rely upon GPS to insure they hit the right target. These include several of our rockets, bombs, and torpedo systems. Spoofing the GPS would render these weapons inaccurate, thereby mostly unusable. Viewed from a cost benefit perspective, the US spends about $18,000 for each of a particular kind of GPS guided bomb. Imagine how many cyber hackers can be trained for that same $18,000. Multiply that by an order of magnitude in the thousands, and you can see the advantage for the developing nation. Buy one bomb versus train and employ a team of hackers.
And finally, the scenario’s PLC attack is an echo of what was seen with the Stuxnet worm. After Stuxnet was isolated and identified, the rest of the world (i.e. those not responsible for its creation) was able to learn of its etiology. Stuxnet was designed to find a specific type of Siemens controller that the Stuxnet creators knew was being used in Iran to control their nuclear centrifuges. Although Siemens has much of the market worldwide, Rockwell International is very common in the US market. Now that Stuxnet is out in the wild, it would be easier for an antagonist nation to reverse engineer the capabilities of Stuxnet, and point them at the programming for a Rockwell control. If this worm could be used to knock the power out of phase for a larger electric motor or generator, then you get an Aurora Vulnerability. Like the Stuxnet attack in Iran, an Aurora Vulnerability causes physical destruction of the asset, not just destruction in the virtual world.
Although there is nothing available that specifically tells the story of how Stuxnet got into the Iranian centrifuge control system, it might be relevant to point out that the Iranian system is “air gapped” which means that it is not directly connected to any external network, including the internet. Using an air gap is a common method of foiling internet based intrusions. To illustrate vulnerability, refer to an experiment conducted by DHS. This experiment was designed to see what government employees would do if they found a disc or USB memory stick in their parking lot. 60% of employees plugged the found device into their work computer. If the device had an official seal on it, that number rose to 90%. Keeping this study in mind, how hard would it be to infect the host network (i.e. the municipal network, the company network)? Once the common network is infected, how long would it take before someone crossed the air gap with a now infected USB device, or how long before the laptop used on the common network is later used on the control network? Before you know it, the worm is in the control, awaiting action.
America is the only remaining super power in the world. As a result, it would be fool hardy to attack the US with traditional tools of war. Our enemies already recognize this, and are planning accordingly. The scenario outlined here does not require jet fighters, destroyers, helicopters, technological superiority, or even rifles. The war begins without firing a single shot.