Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/9/2008
11:36 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

It's Time To Defend The U.S. Against The Ultimate Denial Of Service (DOS) Attack

Thursday, Congress will be hearing testimony on a potential attack that could shut down most every electronic device, everywhere, and render the entire U.S. power grid dysfunctional for months, if not for more than a year.

Thursday, Congress will be hearing testimony on a potential attack that could shut down most every electronic device, everywhere, and render the entire U.S. power grid dysfunctional for months, if not for more than a year.The House Armed Services Committee will be getting an earful of testimony from William R. Graham, who was President Reagan's science adviser and is the current chairman of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack.

Simply put, an Electromagnetic Pulse attack would occur when a nuclear weapon is discharged at a very high altitude. The explosion affects the ionosphere and Earth's magnetic field in such a way as to cause an electromagnetic pulse to rush down to the surface. That pulse then bakes just about every electronic device within a very wide geographic area. By some estimates, a single device detonated over Kansas could cripple the nation's entire technical infrastructure.

From the 2004 Executive Report by the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack:

Depending on the specific characteristics of the attacks, unprecedented cascading failures of our major infrastructures could result. In that event, a regional or national recovery would be long and difficult and would seriously degrade the safety and overall viability of our Nation. The primary avenues for catastrophic damage to the Nation are through our electric power infrastructure and thence into our telecommunications, energy, and other infrastructures. These, in turn, can seriously impact other important aspects of our Nation's life, including the financial system; means of getting food, water, and medical care to the citizenry; trade; and production of goods and services. The recovery of any one of the key national infrastructures is dependent on the recovery of others. The longer the outage, the more problematic and uncertain the recovery will be.

It seems to me, from a layperson's perspective on this issue, that it's not feasible to protect against widespread damage from such an attack -- it's just not economically viable to protect all electronic components. Yet, it is feasible to significantly mitigate the impact of an EMP attack by hardening key power generating facilities, switching stations, and telecommunications infrastructure -- so that much of the damage that is inflicted by an EMP explosion to the core communications and power infrastructure can be restored in a time period that is measured in days and weeks, certainly not months or more than a year.

What's increasingly of concern about the potential of a EMP attack against the critical infrastructure is how relatively cheap such an attack could be. From the same report:

What is different now is that some potential sources of EMP threats are difficult to deter -- they can be terrorist groups that have no state identity, have only one or a few weapons, and are motivated to attack the U.S. without regard for their own safety. Rogue states, such as North Korea and Iran, may also be developing the capability to pose an EMP threat to the United States, and may also be unpredictable and difficult to deter. Certain types of relatively low-yield nuclear weapons can be employed to generate potentially catastrophic EMP effects over wide geographic areas, and designs for variants of such weapons may have been illicitly trafficked for a quarter-century.

If that's the threat from North Korea and Iran, what's our risk if a significant adversary such as China or Russia decide to turn our lights out for a year?

It's been four years since Congress was warned about the real-world impact of an EMP attack. Let's hope the update from William Graham on Thursday has some news about what steps our government has taken to protect us from this threat.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31618
PUBLISHED: 2021-06-15
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why...
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...