Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/10/2008
11:34 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

EMP Risk Follow-Up: Blather O'Plenty, No Action

As we discussed yesterday, it's been four years since Congress was fully briefed on our nation's vulnerability to an Electromagnetic Pulse (EMP) Attack, and the debilitating impact it would have on our electro-dependent society.

As we discussed yesterday, it's been four years since Congress was fully briefed on our nation's vulnerability to an Electromagnetic Pulse (EMP) Attack, and the debilitating impact it would have on our electro-dependent society.And what steps have we taken to prepare against such an attack? You guessed it: None.

For a background on what we're talking about, and the nature of the threat, check out yesterday's post.

This afternoon, the House Armed Services Committee heard testimony on the threat of an EMP attack. But few congressmen showed up to listen. From today's DefenseNews coverage:

Only a handful of the 60 members of the House Armed Services Committee showed up for a hearing on the EMP threat July 10, and most didn't stick around for the whole two-hour session.

"It's obvious that there's not very much interest in it," said Rep. Roscoe Bartlett, R-Md., who asked for the hearing. "There are lots of seats vacant," he lamented.

While Congress may be horrendously complacent about this vulnerability to our high-tech society, the Iranians, apparently, are looking at this as if it is our Achilles' heel.

From today's Editorial & Opinion section in Investor's Business Daily:

Apparently the Iranians are aware of it [EMP threat], judging from articles in the Iranian press. For example, an analysis in the Iranian journal Siasat-e Defai (Farsi for defense policy) in March 2001 weighed the use of nuclear weapons against cities in the traditional manner, as "against Japan in World War II," vs. its use in "information warfare" that includes "electromagnetic pulse . . . for the destruction of integrated circuits."

Another article published in Nashriyeh-e Siasi Nezami (December 1998-January 1999) warned that "if the world's industrial countries fail to devise effective ways to defend themselves against dangerous electronic assaults, then they will disintegrate with a few years."

Today's Wall Street Journal addressed the threat of such a missile attack, and added to the EMP threat discussion:

Iran may already have the capability to target the U.S. with a short-range missile by launching it from a freighter off the East Coast. A few years ago it was observed practicing the launch of Scuds from a barge in the Caspian Sea.

This would be especially troubling if Tehran is developing EMP -- electromagnetic pulse -- technology. A nuclear weapon detonated a hundred miles over U.S. territory would create an electromagnetic pulse that would virtually shut down the U.S. economy by destroying electronic circuits on the ground.

The "electronic circuits" that would be affected range from the entire power grid, to medical devices, to the computer you're using to read this post, to your car's ignition. Kiss the power grid goodbye for a few months to a year; everything else is fried beyond repair.

Our advisories apparently see the cost benefit of a single-missile attack that would shut down the entire country's access to anything electronic for months to years.

It's time we -- and our leaders -- also take a closer look.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.