Power outages, bank runs, changed financial data: Here are the 'cyber 9/11' scenarios that really worry the experts

  • It may be impossible to hedge against the next major cyberattack, but there are some lessons from recent history and some clues from the private sector on what may be the next devastating cyberattack.
  • Many experts have warned for years about an impending "cyber 9/11," and despite a nearly endless list of scenarios, there are a few that are more likely than others.
  • Attacks that spill into the physical world, those that cause a financial sector "contagion" or attacks on data integrity -- rather than theft or destruction -- are top-of-mind, frightening scenarios for experts.
Published 9:12 AM ET Sun, 18 Nov 2018 Updated 5:27 PM ET Sun, 18 Nov 2018

REUTERS/David Mdzinarishvili

For years, government security specialists have predicted the inevitable "cyber 9/11," an event originating as a digital attack that spills over into other aspects of society, causing widespread harm to people and the global financial sector.

Former NSA head Admiral Michael Rogers told CNBC last month that "nothing is beyond the pale of possibility" for cyberattacks.

Fear sells. So it can be hard to know what experts really fear might happen, versus hype meant to market a new cybersecurity product or service, or drum up attention on social media.

But there are some nightmare scenarios that have precedent. These are the scenarios that truly concern independent cybersecurity experts.

They fall into three common themes: physical attacks that shut off or damage some aspect of critical services, financial attacks that spin out of control and lead to bank runs, and hackers changing data in a way that erodes trust in the economy and critical institutions.

Knocking out basic services

Cyberattacks that cause major disruption to public services have happened many times in the real world.

Some of them are very old news, in fact. But it's easy to imagine how a similar attack could shut down basic services, like electricity or water, that affect millions of people.

In 2000, a disgruntled sewage treatment plant worker in Queensland, Australia hacked into his employer's industrial control system to unleash torrents of raw sewage onto public grounds, flooding the city's local Hyatt hotel. The perpetrator was sentenced to two years for the attack.

In 2007, the country of Estonia was subject to widespread outages in its entire telecommunications network, following a cyberattack stemming from a dispute with Russia over a military statue. The incident was so damaging, it led to a decision to place the North Atlantic Treaty Organization's Cyber Security organization in Tallinn, the country's capital.

In 2015, Ukraine's power grid had massive outages after a cyberattack — which some officials have attributed to Russia — two days before Christmas, during a cold snap. Around a quarter-million residents were left without power, but the outages only lasted a few hours before government agencies were able to restore service.

Major cyberattacks aimed at taking down official services don't need to be strictly nation-state sponsored or terrorist-backed. They can be strictly criminal in nature, or come from a malevolent backer under the guise of a criminal attack.

The NotPetya cyberattacks of June 2017, known by the name of the criminal ransomware-inspired computer virus behind it, were notorious for the real-world harm they caused to companies. In Germany, consumer goods-maker Reckitt Benckiser halted shipments of numerous products. Ships belonging to logistics giant Maersk were at a standstill, and the company later said it took a $300 million hit from the attack. In the U.S., a facility owned by Merck that makes the HPV vaccine Gardasil was shut down to such a big extent, the company had to borrow hundreds of millions of dollars worth of back-up vaccines stockpiled by the Center for Disease Control.

Power outages or water supply corruption are the most worrisome to Peter Beshar, general counsel for risk management firm Marsh & McLennan. Loss of electricity, he said, is just one piece of the greater risk for physical security stemming from a cyberattack.

"Utilities are one vital resource. But it's not just power, water is another type of utility. If all of a sudden, the quality of drinking water is called into question, and then manufacturers who rely on using untainted water for making drugs or food is called into question. That is a potential crisis," he said.

A financial-sector attack that triggers a run

Financial regulators often talk about the risk of "contagion" as a result of an attack on banks or institutions like the New York Stock Exchange. The fear is that a cyberattack could send customers rushing to banks in a panic to pull out funds.

"When you have significant impact to financial systems and people can't get to their money, they can cause just as much duress to the system as a major network outage," said Jacqui McNamara, head of cyber security services at Australia's largest telecom, Telstra, at an Oct. 23 cybersecurity conference in Australia.

These scenarios are both possible and alarming enough that companies and private-sector organizations have spun up some huge projects to protect against them.

"Imagine a cross-cutting attack that just ripples through the financial sector," said Beshar. "If consumers couldn't get cash out of ATM machines, if credit cards weren't functioning, that would be very problematic."

One of those initiatives, Sheltered Harbor, is a not-for-profit subsidiary of the Financial Services Information Sharing and Analysis Center. It's got about 70 participants, including big names like Citi, Morgan Stanley and Goldman Sachs.

The purpose is to ensure banks can pull up the right information about customer accounts and still reconcile transactions in the face of a catastrophic cyberattack. The initiative is especially focused on an event that significantly destroys data, or takes critical systems out of service for an extended period of time.

For banks that are a part of Sheltered Harbor, the organization provides standards designed to back up the financial data they generate each day. This would give banks a way to restore data that's lost in any attack.

Changing data so it's wrong

Criminals or nation-states could also change data, like financial information on balance sheets or commands going into an industrial machine, instead of merely stealing it or deleting it.

That's a big concern for Dmitry Samartsev, CEO of BI.ZONE, a Russian cybersecurity coordination organization for the country's banks.

"The worst case scenario is when [cybercriminals] are making several attacks at one time," he said at the Oct. 23 conference.

For instance, an attacker might launch a simple denial-of-service assault on a corporation, shutting down its web site other services, then combine that with a slew of fake news on social media meant to imply major institutions are going to be out of service. The result could be panic.

There's some precedent here, too. In 2015, BNY Mellon had a technical glitch that mispriced some securities. That jammed up the algorithms that are used for executing automated trades, and the result was a swift 1,000-point drop in the Dow.

A hacker took over the Twitter account of the Associated Press in 2013, tweeting "Breaking: Two Explosions in the White House and Barack Obama is injured." The stock market instantly fell 143 points.

Tom Kellermann, a former top cybersecurity officer for the World Bank and chief cybersecurity officer of security firm Carbon Black, agreed that he's most afraid of data being altered, instead of stolen or lost.

"Integrity of data is key. If you lose your ability to trust the information that is coming out of the financial sector, that is when things can turn dark and very quickly," he said.


https://www.cnbc.com/2018/11/18/cyber-911-scenarios-power-outages-b...

Views: 628

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

cheeki kea favorited Doc Vega's blog post The Many Keys to Deadly Secrecy in our Government
4 hours ago
cheeki kea commented on cheeki kea's photo
5 hours ago
cheeki kea posted a photo
6 hours ago
cheeki kea replied to cheeki kea's discussion Tartaria
"Greetings to you John, You're right and it didn't take long for those manuals to totally…"
6 hours ago
Doc Vega posted a blog post

The Many Keys to Deadly Secrecy in our Government

We now know thanks to the legislation of FOIA access to federal documents and evidence and the…See More
10 hours ago
Less Prone favorited tjdavis's photo
yesterday
Less Prone favorited rlionhearted_3's photo
yesterday
John Miller commented on rlionhearted_3's photo
Thumbnail

Another incredibly Stupid!! What, no mirrors?

"Brutal post... not sure it’s helping anyone though."
yesterday
John Miller replied to cheeki kea's discussion Tartaria
"Tartaria: the empire that built half the world's cathedrals, then vanished because someone…"
yesterday
Burbia commented on rlionhearted_3's photo
Thumbnail

Another incredibly Stupid!! What, no mirrors?

"This movie portrayed plastic surgery as absurd. I guess the numbers in the real world are growing."
Tuesday
Burbia commented on tjdavis's photo
Thumbnail

Redux

"Ah yes, General Jussitri Smolletkov. Good tongzhi. Good tongzhi."
Tuesday
Doc Vega posted a blog post

Unusual Discoveries and Headlines

Archaeologists have discovered an ancient tool dated to be 6,000 years old, but even more…See More
Monday
tjdavis posted a video

Inside Texas HOMELESS HELL – Even Cops Don't Dare Step In! - Documentary

In this powerful documentary, we explore the escalating Texas homeless crisis 2025, where cities and rural areas alike are witnessing a disturbing rise in th...
Monday
tjdavis posted a photo
Monday
John Miller replied to MAC's discussion BREAKING! UFO whistleblowers drop BOMBSHELL on D.C. | Redacted with Natali and Clayton Morris
"Crazy how these whistleblower stories are finally making it into bigger conversations. Makes you…"
Sunday
Burbia favorited tjdavis's blog post The Dems Love Their Demons
Sunday
John Miller commented on tjdavis's photo
Thumbnail

Comprehensive Coverage

"That car needs an exorcism, not an oil change."
Saturday
John Miller commented on tjdavis's blog post The Dems Love Their Demons
"If the Dems are dating demons, then that AI romance shoot was basically engagement photos."
Saturday
John Miller replied to cheeki kea's discussion Would-Be Trump Assassin Ryan Routh Gave Many Interviews with Mainstream Media
"Wouldn't be surprised if there's a whole lot more buried under the surface here."
Saturday
Less Prone favorited rlionhearted_3's photo
Saturday

© 2025   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted