Risk
7/10/2008
11:34 PM
George V. Hulme
George V. Hulme
Commentary
Connect Directly
RSS
E-Mail
50%
50%

EMP Risk Follow-Up: Blather O'Plenty, No Action

As we discussed yesterday, it's been four years since Congress was fully briefed on our nation's vulnerability to an Electromagnetic Pulse (EMP) Attack, and the debilitating impact it would have on our electro-dependent society.

As we discussed yesterday, it's been four years since Congress was fully briefed on our nation's vulnerability to an Electromagnetic Pulse (EMP) Attack, and the debilitating impact it would have on our electro-dependent society.And what steps have we taken to prepare against such an attack? You guessed it: None.

For a background on what we're talking about, and the nature of the threat, check out yesterday's post.

This afternoon, the House Armed Services Committee heard testimony on the threat of an EMP attack. But few congressmen showed up to listen. From today's DefenseNews coverage:

Only a handful of the 60 members of the House Armed Services Committee showed up for a hearing on the EMP threat July 10, and most didn't stick around for the whole two-hour session.

"It's obvious that there's not very much interest in it," said Rep. Roscoe Bartlett, R-Md., who asked for the hearing. "There are lots of seats vacant," he lamented.

While Congress may be horrendously complacent about this vulnerability to our high-tech society, the Iranians, apparently, are looking at this as if it is our Achilles' heel.

From today's Editorial & Opinion section in Investor's Business Daily:

Apparently the Iranians are aware of it [EMP threat], judging from articles in the Iranian press. For example, an analysis in the Iranian journal Siasat-e Defai (Farsi for defense policy) in March 2001 weighed the use of nuclear weapons against cities in the traditional manner, as "against Japan in World War II," vs. its use in "information warfare" that includes "electromagnetic pulse . . . for the destruction of integrated circuits."

Another article published in Nashriyeh-e Siasi Nezami (December 1998-January 1999) warned that "if the world's industrial countries fail to devise effective ways to defend themselves against dangerous electronic assaults, then they will disintegrate with a few years."

Today's Wall Street Journal addressed the threat of such a missile attack, and added to the EMP threat discussion:

Iran may already have the capability to target the U.S. with a short-range missile by launching it from a freighter off the East Coast. A few years ago it was observed practicing the launch of Scuds from a barge in the Caspian Sea.

This would be especially troubling if Tehran is developing EMP -- electromagnetic pulse -- technology. A nuclear weapon detonated a hundred miles over U.S. territory would create an electromagnetic pulse that would virtually shut down the U.S. economy by destroying electronic circuits on the ground.

The "electronic circuits" that would be affected range from the entire power grid, to medical devices, to the computer you're using to read this post, to your car's ignition. Kiss the power grid goodbye for a few months to a year; everything else is fried beyond repair.

Our advisories apparently see the cost benefit of a single-missile attack that would shut down the entire country's access to anything electronic for months to years.

It's time we -- and our leaders -- also take a closer look.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0103
Published: 2014-07-29
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

CVE-2014-0475
Published: 2014-07-29
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

CVE-2014-0889
Published: 2014-07-29
Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote atta...

CVE-2014-2226
Published: 2014-07-29
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.

CVE-2014-3020
Published: 2014-07-29
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

Best of the Web
Dark Reading Radio