02.02.12

So many Doomsdays

Posted in Cyberterrorism, Imminent Catastrophe at 7:43 pm by George Smith

Taking up the first 130 words of a 1700 word piece on the potential for cyberattack, an Asbury Park Press reporter presents what’s standard practice — the fictional doomsday.

From the newspaper:

Power generators at a plant in New Jersey spin wildly out of control, then grind to a halt.

Other utilities step in to carry the extra load, but they, too, suffer internal malfunctions. Soon, cascading outages take out the power grid in the eastern half of the country – all carefully timed to happen in the dead of winter. Gas utilities are next.

But this isn’t like the week without power in parts of Central Jersey caused by downed limbs and trees felled by the freak October snowstorm. Power is out for much longer because the heavily damaged equipment is difficult to replace.

No heat, no running water, no toilets, no phones. Small generators die when fuel quickly runs dry. Hospitals, transportation, the banking system, the telecommunications grid – all down.

An apocalyptic fantasy or an actual threat? The prospect is something political and military leaders and security analysts have been raising alarms about for several years.

Former chairman of the Joint Chiefs of Staff Adm. Michael Mullen, who retired in September, said during his tenure that cyberattacks pose an “existential threat??? to the United States.

Over the holidays I was a source for the piece. For the phone chat, which lasted long enough, the readers gets:

Yet not every expert buys the grim scenario of a downed electrical grid.

It’s almost progress. Most of the time such stories don’t contain anything but the presentation of a future doomsday and then three or four business interests or government men saying it’s all true.

But first, a detour. Which Doomsday will strike the country first?

In the past months we’ve had doomsday from an electromagnetic pulse attack, doomsday from really bad solar weather, financial doomsday from cyberattacks on Wall Street, and doomsday because you can make biological weapons in a high school biology lab.

And today, this idiotic quote on cyberwar, from some random computer publication, delivered by the businessman selling data protection services and consulting:

The consequences of a successful attack against critical infrastructure makes these cost increases look like chump change. It would put people into the Dark Ages???, commented Larry Ponemon, chairman of the Ponemon Institute.

The Dark Ages. Sounds bad.

To a person, all the journalists I’ve spoken with (and there have been lots over the last decade) never step outside their beats to see how regular the warnings about doomsday are in every domain having to do with national security. If they do, these things either don’t register or are considered unimportant, not part of their world.

I’ve not infrequently asked something like which doomsday is it to be? All of them? One? Some? None? How can you tell from reading the usual public testimony of the experts?

I’ve come to believe there’s a defect in American thinking, one brought about by the conjunction of national paranoia after 9/11 and the fear-based economy. And that defect paralyzes the ability to think critically, to take time to consider the passage of recent history, context and perspective. It can also be said that it’s virtually impossible to get someone to look at things a little differently when their job and usefulness to higher ups depends on them always predicting disaster.

It’s far easier to just shut up and unquestioningly accept all the arguments presented from authority. The only silver lining, and it’s a really thin one, is that reality just often doesn’t give a shit about what’s printed in newspapers, shown on tv and emitted in policy documents.

And this is, at the root, fundamentally what the Asbury Park Press news report, a long one for the topic, does. It presents two views but the one that gets the most attention is the implication that electrical grid collapse is probably coming because we’re not doing enough about it. And this is the central feature of all future doomsdays. There’s never enough being done. We cannot imagine what trouble awaits if the warnings are not heeded now.

For this the reporter commits one sin. But it’s one I repeatedly touched upon in interview.

And it has to do with the claim that “cyberintruders” caused power blackouts in foreign cities.

This is the infamous story of the Brazil blackouts.

Reporter Ken Serrano uses it as one of three examples of infrastructure cyberattack, given to him by James Lewis of the Center for Strategic and International Studies.

It reads:

“A blackout in Brazil – it is hotly contested whether a cyberattack was responsible.”

Fair enough. Then the newspaper puts its fingers every so lightly on the scale.

Two or three paragraphs on Serrano writes:

In May 2009, President Barack Obama spoke about the risk of cyberattacks.

“We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control,??? the president said. “Yet we know that cyberintruders have probed our electrical grid and that in other countries cyberattacks have plunged entire cities into darkness.???

Early in his presidency, Obama issued a preliminary cybersecurity strategy and this official statement was part of the news surrounding it.

In making the claim the “other countries cyberattacks have plunged entire cities into darkness” the President was invoking the same Brazil/blackout rumor (it had been started a year earlier) — made vague with no who, where, when, what and why.

And it was a claim originally presented by a vendor of computer security training at a computer security conference.

One data point to demonstrate an argument cannot be made into two simply by passing it through different sources from authority, even if one of them is the president.

General interest readers are certainly unlikely to know such a thing. And they certainly do not understand nor should they be expected to know the genesis of all the myths and contested claims.

However, it is the journalist’s job to tell them. And the Asbury Park Press, for this feature, was apprised of the details.

In any case, eventually the “opposing view” is presented — in small print. (Read the story, note how all the bold print is employed. I had to grin a bit.)

Here is the opposing view, mine. And it’s a challenge none of the other sources polled for the story have any good answer for:

“If you make extraordinary claims, you need to produce extraordinary proof,??? said [George Smith, GlobalSecurity.Org Senior Fellow) who has been writing about national security and technology issues for more than a decade.

As for a blackout in Brazil in 2007 being caused by a cyberattack, he said, “It’s been debunked. They’ve never produced any extraordinary proof.???

Many in our government have become very accustomed to never providing extraordinary proof to back up anything. It is a very bad habit, one that has had horrible results for the country.

And James Lewis, resourced for the story and formerly an employee of the US government, simply goes back to the stock play book to answer the criticism:

Lewis stands by his sources on the Brazilian blackout, adding that it involved an insider and software manipulation.

Translated: I know it because I have sources.

James Lewis often appears in the news to discuss matters of national cybersecurity and cyberwar. Often what he is reported to say is informative and reasonable.

But for the newspaper this was lame. Everyone knows the standard abuse — the government man, or the ex-government man, always has the inside information. Their say trumps everyone else’s, no proof necessary. QED.

“Lewis fears that it will take a catastrophe for changes to occur,” reads the newspaper. Then, the inevitable mentions of Pearl Harbor and 9/11.

Cybersecurity remains a topic for serious discussion at the national and the grass roots level. And the Asbury Park Press is part of that. However, it’s also a topic that is not served by now far too overused appraisals of what’s going to happen.

---

Footnote:

Reads another quote from the Asbury Park Press:

“Stuxnet demonstrated how all industries can be at risk,??? said Joe Weiss, a blogger on cybersecurity and consultant to companies using Industrial Control Systems.

That consultant was responsible for a recent viral news story, now withdrawn, on alleged attack on a heartland water system, commented upon here.

Permalink