The most fascinating aspect of writing Trident Code and Lethal Code, my first two books in the Lana Elkins cyber-thriller series, was examining the potential convergence of computer science with other “traditional” terrorist threats, as well as the harrowing impact cyberwar and cyber-sabotage could have on deep environmental vulnerabilities caused by climate change. The latter, to my knowledge, has not been explored in fiction or non-fiction, though it is hard for me to believe that most of what I’ve come up with hasn’t already been the subject of cyberwar-game scenarios in the Department of Defense. If I’m presuming too much about the Pentagon, then we’re really in trouble.
Elkins is a first-rate cyber spy, a former high-ranking expert in the National Security Administration, NSA. She now runs a private cyber security firm, CyberFortress, which works very closely with her former employer. The series is set in the near future. In Lethal Code she finds herself in the midst of a massive attack on the nation’s grid. That’s no spoiler, as you’ll see in the first few pages of the book. But such cyber attacks are fiction, right? The “fi” part of sci-fi. The answer: would that it were. Here’s some background you might want to take with you as you turn yourself over to perils of Lana and her cohorts.
In November 2014, Admiral Michael Rogers, head of both the NSA and the U.S. Cyber Command, which is a military arm charged with preparing for cyberwarfare, told the House Intelligence Committee that the U.S. is vulnerable to attacks that could shut down utilities, fuel and water delivery, aviation, banking, and other computer-based systems.
“Other computer-based systems?” Basically, that would mean everyone in our country could, figuratively speaking, be frozen in place—unless you’re trapping, hunting, and farming off the Grid. Grizzly Adams I’m not; and if you’re reading this, the same could be said for you.
In fact, Joel Brenner, former NSA counsel, told The Washington Post that cyber infiltration has already begun: “Every expert I know believes our electricity grid has been penetrated by Russia and China. Our military correctly assumes these penetrations would enable future attacks and disruptions.”
That dire point of view is supported by a recent survey of computer security experts by the Pew Internet and American Life Project. Many of those consulted said the U.S. can expect to see such an attack on its systems before 2025. Other experts say widescale attacks could be imminent. Cyber attacks on a smaller scale take place nearly every second of every day by hackers working directly for foreign governments or corporations, or by our own homespun hackers taking aim at everything from Disneyland to the White House.
So what about that most ubiquitous of all items, cell phones? Surely they’re safe. After all, phones are probably the single most used device in our inventory of electronic gizmos. Alas, the answer is they could be shut down as well.
First, let’s look at the history for some guidance. Cellular networks have been slowed, and even stopped altogether, during the 9/11 attacks, Hurricane Katrina, and the Boston Marathon bombings. Now the primary cause in those cases was the overloading of the networks. But…cell towers need AC power, so if they don’t have an automatic backup system, they would stop faster than the Energizer Bunny without his Eveready batteries.
But just like that pink bunny, in a blackout cell phones would work—for a while. How long would depend on factors such as the age of batteries and the load they would have to carry. Some cell towers have backup generators. But here’s an interesting twist: Security researchers theorize that hackers could disable mobile phone networks using a technique that’s similar to distributed denial-of-service, DDOS, attacks on websites. That’s when hackers flood an Internet site, server, or router with so much data that the site is overwhelmed and can’t respond. Researchers say it’s now possible to swarm a cellular network in a similar fashion and shut it down. The cellular DDOS attack would involve cloning identification information from SIM cards onto duplicate SIM cards in hundreds of thousands of cellphones. Then the deviousness gets even deeper because that could allow hackers to make multiple roaming calls from widely separated locations that would appear, at least to cell towers, to be the same phones. The attack would amplify the effort it takes to authenticate a roaming call by deliberately confusing the network with a number that appears to be in hundreds of places at once. You can almost hear the towers groaning.
What about cyber sabotage that could shut down a dam’s spillways and sluice gates? Sci or Fi? Definitely sci, and already happening with centrifuges—rotating devices that spin at extremely high speeds and are essential to the operations of all kinds of devices. Case in point: the U.S. and Israel’s infamous Stuxnet attack on Iran’s nuclear centrifuges in 2010. Malware designed to attack industrial systems penetrated an Iranian uranium-enrichment plant and caused the fast-spinning centrifuges to tear themselves apart. Unfortunately, Stuxnet, which was supposed to attack only the Iranians, went viral—as in a computer worm that infected every corner of the world.
But that’s not all. In 2014 hackers struck a steel mill in Germany by gaining access to the plant through its business network. Then the hackers worked their way into production networks to access systems controlling plant equipment. “As a result,” investigators said, “the plant was unable to shut down a blast furnace in a regulated manner, which resulted in massive damage to the system.”
But it’s not just cyber security systems that have failed. Oftentimes, we humans are the weakest link. For Stuxnet, someone used a USB drive infected with the malware. That led to the worldwide infection. The German steel mill appeared to have been the target of spear-phishing. That’s when hackers send email that appears trustworthy, then tricks recipients into opening a malicious attachment or visiting a malicious website.
Lana Elkins encounters even more devious cyber-attacks in her series, along with plenty of kinetic warfare. The two go hand-in-hand, not only in fiction but at an ever increasing rate in the real world.
—
Thomas Waite is the author behind the Lana Elkins series and has just released the second book, Trident Code. You can find more information about Thomas Waite at his website.
