Friday, December 09, 2016

Lights Out in Cyber Attack

Professor Roger Bradbury, from then ANU National Security College, has portrayed the "South Australian power shutdown ‘just a taste of cyberattack'" (ANU Reporter, 2016). He speculates that Australia's electrical, telecommunications, water, sewerage, transport and financial services infrastructure already has been compromised by China, in preparation for a "surgical cyberattack" in a future dispute over the South China Sea. The effects of a possible cyber attack are not exaggerated, but perhaps Professor Bradbury should not have singled out China.

It is likely that all nations are now preparing for cyber-attacks, as a routine adjunct to conventional military operations. This year I ran ANU computing students through a "Cyberwar: Hypothetical for Teaching ICT Ethics". This was based on a possible conflict over the South China Sea. However, I was careful not to identify who might be attacking who. 
Professor Bradbury suggests that our systems can be made less vulnerable by not having them top-down or hierarchical. He suggests "We need 21st-century networks that have no centre: no main power station, no main water dam, no main interconnector, no main transport hub or central train station...". In this he is perhaps suggesting a system like the Internet, which consists of a collection of interconnected networks (literally an Inter-Net). However, even a system with no hierarchy is vulnerable to attack if it uses the same computer control software for all iots nodes and those nodes are all connected to the Internet.
One way to build resilience is to rely on gravity, as is done with much of the water supply. Water is pumped to reservoirs and then flows by gravity. Similarly, sewage systems have overflow valves, which open to allow sewage to flow into waterways (bad for the environment, but better for human health than sewage backing up into people's homes).

The electrical grid can be similarly protected by having generators independently working to maintain the system, rather than acting via central control. Local home solar panels could have a role in this, by boosting the grid when required. However, these systems need to be protected from hacking, or they could be used to attack the grid.

No comments: