Power outages, bank runs, changed financial data: Here are the 'cyber 9/11' scenarios that really worry the experts

  • It may be impossible to hedge against the next major cyberattack, but there are some lessons from recent history and some clues from the private sector on what may be the next devastating cyberattack.
  • Many experts have warned for years about an impending "cyber 9/11," and despite a nearly endless list of scenarios, there are a few that are more likely than others.
  • Attacks that spill into the physical world, those that cause a financial sector "contagion" or attacks on data integrity -- rather than theft or destruction -- are top-of-mind, frightening scenarios for experts.
Published 9:12 AM ET Sun, 18 Nov 2018 Updated 5:27 PM ET Sun, 18 Nov 2018

REUTERS/David Mdzinarishvili

For years, government security specialists have predicted the inevitable "cyber 9/11," an event originating as a digital attack that spills over into other aspects of society, causing widespread harm to people and the global financial sector.

Former NSA head Admiral Michael Rogers told CNBC last month that "nothing is beyond the pale of possibility" for cyberattacks.

Fear sells. So it can be hard to know what experts really fear might happen, versus hype meant to market a new cybersecurity product or service, or drum up attention on social media.

But there are some nightmare scenarios that have precedent. These are the scenarios that truly concern independent cybersecurity experts.

They fall into three common themes: physical attacks that shut off or damage some aspect of critical services, financial attacks that spin out of control and lead to bank runs, and hackers changing data in a way that erodes trust in the economy and critical institutions.

Knocking out basic services

Cyberattacks that cause major disruption to public services have happened many times in the real world.

Some of them are very old news, in fact. But it's easy to imagine how a similar attack could shut down basic services, like electricity or water, that affect millions of people.

In 2000, a disgruntled sewage treatment plant worker in Queensland, Australia hacked into his employer's industrial control system to unleash torrents of raw sewage onto public grounds, flooding the city's local Hyatt hotel. The perpetrator was sentenced to two years for the attack.

In 2007, the country of Estonia was subject to widespread outages in its entire telecommunications network, following a cyberattack stemming from a dispute with Russia over a military statue. The incident was so damaging, it led to a decision to place the North Atlantic Treaty Organization's Cyber Security organization in Tallinn, the country's capital.

In 2015, Ukraine's power grid had massive outages after a cyberattack — which some officials have attributed to Russia — two days before Christmas, during a cold snap. Around a quarter-million residents were left without power, but the outages only lasted a few hours before government agencies were able to restore service.

Major cyberattacks aimed at taking down official services don't need to be strictly nation-state sponsored or terrorist-backed. They can be strictly criminal in nature, or come from a malevolent backer under the guise of a criminal attack.

The NotPetya cyberattacks of June 2017, known by the name of the criminal ransomware-inspired computer virus behind it, were notorious for the real-world harm they caused to companies. In Germany, consumer goods-maker Reckitt Benckiser halted shipments of numerous products. Ships belonging to logistics giant Maersk were at a standstill, and the company later said it took a $300 million hit from the attack. In the U.S., a facility owned by Merck that makes the HPV vaccine Gardasil was shut down to such a big extent, the company had to borrow hundreds of millions of dollars worth of back-up vaccines stockpiled by the Center for Disease Control.

Power outages or water supply corruption are the most worrisome to Peter Beshar, general counsel for risk management firm Marsh & McLennan. Loss of electricity, he said, is just one piece of the greater risk for physical security stemming from a cyberattack.

"Utilities are one vital resource. But it's not just power, water is another type of utility. If all of a sudden, the quality of drinking water is called into question, and then manufacturers who rely on using untainted water for making drugs or food is called into question. That is a potential crisis," he said.

A financial-sector attack that triggers a run

Financial regulators often talk about the risk of "contagion" as a result of an attack on banks or institutions like the New York Stock Exchange. The fear is that a cyberattack could send customers rushing to banks in a panic to pull out funds.

"When you have significant impact to financial systems and people can't get to their money, they can cause just as much duress to the system as a major network outage," said Jacqui McNamara, head of cyber security services at Australia's largest telecom, Telstra, at an Oct. 23 cybersecurity conference in Australia.

These scenarios are both possible and alarming enough that companies and private-sector organizations have spun up some huge projects to protect against them.

"Imagine a cross-cutting attack that just ripples through the financial sector," said Beshar. "If consumers couldn't get cash out of ATM machines, if credit cards weren't functioning, that would be very problematic."

One of those initiatives, Sheltered Harbor, is a not-for-profit subsidiary of the Financial Services Information Sharing and Analysis Center. It's got about 70 participants, including big names like Citi, Morgan Stanley and Goldman Sachs.

The purpose is to ensure banks can pull up the right information about customer accounts and still reconcile transactions in the face of a catastrophic cyberattack. The initiative is especially focused on an event that significantly destroys data, or takes critical systems out of service for an extended period of time.

For banks that are a part of Sheltered Harbor, the organization provides standards designed to back up the financial data they generate each day. This would give banks a way to restore data that's lost in any attack.

Changing data so it's wrong

Criminals or nation-states could also change data, like financial information on balance sheets or commands going into an industrial machine, instead of merely stealing it or deleting it.

That's a big concern for Dmitry Samartsev, CEO of BI.ZONE, a Russian cybersecurity coordination organization for the country's banks.

"The worst case scenario is when [cybercriminals] are making several attacks at one time," he said at the Oct. 23 conference.

For instance, an attacker might launch a simple denial-of-service assault on a corporation, shutting down its web site other services, then combine that with a slew of fake news on social media meant to imply major institutions are going to be out of service. The result could be panic.

There's some precedent here, too. In 2015, BNY Mellon had a technical glitch that mispriced some securities. That jammed up the algorithms that are used for executing automated trades, and the result was a swift 1,000-point drop in the Dow.

A hacker took over the Twitter account of the Associated Press in 2013, tweeting "Breaking: Two Explosions in the White House and Barack Obama is injured." The stock market instantly fell 143 points.

Tom Kellermann, a former top cybersecurity officer for the World Bank and chief cybersecurity officer of security firm Carbon Black, agreed that he's most afraid of data being altered, instead of stolen or lost.

"Integrity of data is key. If you lose your ability to trust the information that is coming out of the financial sector, that is when things can turn dark and very quickly," he said.


https://www.cnbc.com/2018/11/18/cyber-911-scenarios-power-outages-b...

Views: 626

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

Doc Vega commented on Doc Vega's blog post Department of Justice Crumbling Under the Pending Occupation by the Trump Administration!
"cheeki kea Interesting images and pretty relevant too!"
14 hours ago
Doc Vega commented on Doc Vega's blog post Biggest Hoax and Hazard to Health in US History Busted Pt. 2
"Les Prone sadly you are correct! People are way to easily manipulated like the livestock they…"
14 hours ago
Doc Vega posted a blog post

Murder is Now Widely Acceptable By the Left in America!

 Just a few short months ago prior to the presidential election, the mainstream media was screaming…See More
yesterday
cheeki kea commented on cheeki kea's photo
yesterday
cheeki kea posted a photo
yesterday
DTOM's blog post was featured

"Reset the Table" - Rockefeller Foundation planning to communize (and weaponize) the global food supply

Rockefeller Foundation planning to communize (and weaponize) the global food supplyWednesday,…See More
Tuesday
Less Prone posted a discussion
Tuesday
rlionhearted_3 favorited Sandy's photo
Tuesday
rlionhearted_3 favorited Sandy's photo
Tuesday
rlionhearted_3 favorited Sandy's photo
Tuesday
tjdavis posted a video

JUSTICE FOR HUMANITY [POWERFUL SUBLIMINAL]

You thought I was leaving you alone in these times?Powerful Endgame Subliminal designed by The Tribe Of The Chosen for these outrageous times we are in.#subl...
Monday
Burbia commented on tjdavis's video
Monday
Sandy posted a photo
Monday
Less Prone commented on Doc Vega's blog post Biggest Hoax and Hazard to Health in US History Busted Pt. 2
"Yes Doc, gullibility seems to be another unlimited natural resource that the globalist evil can…"
Sunday
Less Prone commented on Doc Vega's blog post Biggest Hoax and Hazard to Health in US History Busted Pt. 2
"Hey you "innocent" prick, do as we told you or we expose your photos and videos from the…"
Sunday
Less Prone posted a photo

Brian Thompson - UHC CEO

United Healthcare CEO Brian Thompson has been embroiled in several scandals and allegations of…
Sunday
tjdavis's 3 blog posts were featured
Sunday
Doc Vega's 5 blog posts were featured
Sunday
Less Prone posted a discussion
Sunday
Doc Vega posted blog posts
Saturday

© 2024   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted