Modern societies run on a set of networks whose hardware and software represent a modern technology Faustian bargain: achieve unparalleled efficiencies of economic cost and social interconnection at the price of equally unparalleled exposure to several forms of catastrophic “cascade” failure.
Specifically, the hardware and software infrastructures that enable prosperous modern life in advanced societies are relatively simple—and hence increasingly tempting—high-value targets for our enemies. Portents of what we face now have been largely ignored for decades.
Worse, our prime threat is not your archetypical teen hacker typing away amidst bags of potato chips and cans of soda. These are malicious nuisances like the “Legion of Doom” group that in 1990 rerouted phone calls from 911 to a dial-a-porn service. Our adversaries today are far more dangerous, because many are sponsored by rogue states. The Sony attack apparently was carried out by North Korea. Far less publicized—for want of celebrity email gossip—was a $40 million attack on billionaire Sheldon Adelson’s Las Vegas casino in February 2013, attributed to Iran. Both countries have drawn from vastly superior malicious software—“malware”—resources offered by China and Russia.
Worse still, software holes now on public display are but half the network risk. On the hardware side is the vulnerability of the nation’s multi-trillion dollar electric grid to a phenomenon called “EMP”: a series of intense electromagnetic pulse emissions from a high-altitude nuclear detonation. Some pulses penetrate surge protectors and “fry” electronic devices; others cascade through electric networks to fry power transformers. Ironically, because silicon chips are 10 million times more sensitive to EMP effects than vacuum tubes, modern networks are vastly more vulnerable than older ones.
Rogue powers like Iran and North Korea have test-fired from small sea-based platforms missiles capable of lifting nuclear warheads to high-altitude. Nuclear weapons designed as “super-EMP” can weigh as little as 110 pounds. Fired from a few hundred miles at sea, a “Scud” missile warhead—similar to those fired during the 1991 Gulf War—could detonate 20 miles over Pennsylvania and fry the Eastern Interconnection that powers 70 percent of the national grid. A congressional EMP panel concluded that a long-range missile launched offshore could lift an EMP warhead 300 miles above Kansas, and potentially fry 90 percent of the full grid. In a matter of days, as backup systems failed, Americans could find themselves returned to pre-electricity days. Recovery could take years, as critical electric transformers are only made overseas, with multi-year order backlogs. Since the panel’s reports (2004 and 2008) some hardening of network electronics has reportedly been done. But key components remain vulnerable and hard to replace rapidly.
A 1989 National Research Council report, Growing Vulnerability of the Public-Switched Networks (to which the author was senior adviser), warned: “Public communications networks are becoming increasingly vulnerable to widespread damage from natural, accidental, capricious, or hostile agents.” In 1990 AT&T lost 58 percent of its long-distance capacity on high-traffic Martin Luther King Day. A single software coding punctuation mistake at the end of one of millions of lines of code caused a crash that cascaded through its entire network in 19 minutes. It took two weeks to fix the bug.
Another NRC report, Computers at Risk, warned in 1991: “The modern thief can steal more with a computer than with a gun. Tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb.” North Korea’s strike against Sony did just that. Not only was its $44 million investment in a film, The Interview, erased in a few keystrokes; Sony’s capitulation, promptly followed by theater chains and Hollywood (George Clooney excepted), effectively subordinated free-speech—the core of our Bill of Rights—to the vengeful whim of a cartoonish rogue tyrant.
The past generation saw a little-noticed, paradigm shift in the role of the customer: from passive user to active manager of network services. Back then the customer dialed a number and either got a busy signal or heard a ring at the other end. Every other decision was made within the telephone network. Networks today are far more flexible, and decisions are made by users every day hitherto left to network managers. When you decide to use 3G or 4G networks to bypass expensive hotel Wi-Fi, you are managing your network connection. When you block spammers you are managing your connectivity. When your high-speed cable network crashes and you switch your computer to a backup wireless network, you are managing networks.
There are four common vulnerabilities inherent in widely interconnected networks. They are easily accessible, global in reach, readily programmable, and fragile—they can break easily and are hard to fix. A fifth factor is the user: Just as a secret is as safe as the biggest gossip that knows it, a network is as secure as its most careless user. A hostile agent needs but one entry point to break in.
Fixing the hardware problem within a few years is relatively straightforward. Invest a few billion dollars to better protect key electric and communication nodes and make available on the market newer, more capable surge protectors for everyone’s computers and smart devices. Fixing software is a more complex task. Networks not designed from the ground up with security in mind are endemically vulnerable. Four types of separation can help: put key software functions in hardware; take key hardware and software networks off the public Internet; require multiple, independent command authority for potentially catastrophic decisions; and require multilayer authentication—who you are (fingerprints, retinal scan), what you have (smart card, network administrator status) and what you know (passwords, answer to personal questions) are examples. Some steps are already underway: 600 million devices have migrated critical software functions to hardware in Trusted Program Modules. TPM “vault” chips are very hard to reverse engineer or destroy. Such efforts should be accelerated. One final crucial step: the government must accept “common defense” responsibility to protect private firms against state-sponsored threats, whether terrorism or cyberwar or in any other form. The Constitution requires no less.
In sum, cyberwar and EMP are deeply complementary: the software and hardware sides of catastrophic cascade failure. We continue to defer remedial steps at our growing, extreme peril. Our mortal, Mephistophelian adversaries would like nothing better.