Municipalities are prepared for when natural disasters strike, but are they ready to handle the damage from a possible cyber-attack? Critical infrastructure systems such as the power grid, water treatment facilities, nuclear power plants, natural gas pipelines, public transportation and a vast array of interconnecting utilities are vital services that could be disrupted by foreign computer hackers. Software could be implemented over the internet to shut down a generator, flood a water treatment plant and turn off a pipeline.
Many of these critical systems do have backup equipment and emergency power supplies, but that won’t stop the hackers from probing their way in. Hackers seek out a “zero-day” which are vulnerable security gaps in the software of a system in order for them to exploit it. From there, they can use malicious software that is designed to act like a time bomb, staying dormant and unnoticed before finally attacking its target.
It may seem that cyber threats that attack the physical elements of a city are unfathomable, but some have already happened. In Queensland, Australia there was a cyber-attack that released up to one million liters of raw sewage into the local parks, surrounding river and coastal water. As a result, there was death of marine life, water turned black and the stench was unbearable for the residents. The hacker was able to attack the city by using software on his computer to gain unauthorized access to send controls to the sewage equipment.
Software as a Weapon
One of the most powerful malicious software that has been used as a weapon for attacking a city was Stuxnet. Parts of the software have been discovered in nuclear power plants, factories, and traffic control systems around the world. Some of the abilities of Stuxnet include turning up the pressure inside nuclear reactors and turning off oil pipelines without the system operators noticing anything is wrong.
The specific target of the software were the centrifuges that spin nuclear material at Iran’s enrichment facilities. According to the Institute of Science and International Security, the Stuxnet computer virus allegedly shutdown 1000 centrifuges in Natanz which is Iran’s main nuclear facility in 2010. The attack on Iran’s centrifuges set the nuclear production of the country back by two years. Stuxnet was purposely designed to be a weapon.
What’s even more threatening about Stuxnet is that the software is still out there. It’s available for anyone to download for free from the Internet. A hacker could rewrite the software code of Stuxnet so that it is directed to attack any critical infrastructure system of their choice. Stuxnet is an open source weapon that flies under the radar before finally using its capabilities to attack elements that are vital for citizens.
Since much of the public’s way of life depends on electricity, natural gas, water, and petroleum products, cyber-attacks on these critical systems have the potential to cause large-scale disruptions throughout cities in the United States.
Just like with natural disasters, municipalities should be prepared to protect their residents from cyber-attacks that threaten their city. Computer hackers from all over the world are targeting the vulnerabilities in a computer system which can cause physical damages like flooding, blackouts, and explosions. Addressing cyber security concerns in local government can help reduce the chances that these cyber threats will leave a devastating effect on the jurisdiction.