The outages faced by Delta, United and other airlines show what cyber-warfare might look like. A lack of a cyber-strategy could have dire consequences for physical infrastructure depending on the severity of the threat.
Suppose you are about to board a flight for the holiday trip you've been planning all year. Suddenly, the line stops moving and people are piling up behind you. Queues stretch as far as the eye can see. Airline employees move frantically and nobody knows what the problem is, but one thing is certain: you aren't going anywhere. This was recently the reality for Delta Airlines passengers.
On January 30, Delta's computer systems crashed due to a power outage, resulting in hundreds of flights grounded domestically and thousands of passengers stranded in airports.
But outage problems that inconvenience passengers are not unique to Delta Airlines. A "technical glitch" in July at Southwestern forced the airline to ground all of its 2,300 flights. In September, British Airways had a similar problem with their check-in system, effecting its global flights. Delta experienced a massive outage in August, causing a global shutdown of its operations. And in January, United Airlines issued a ground halt due to a problem with their systems, cancelling 200 flights.
Delta's recent outage was caused by a malfunction in the power control module, according to the company, however, situations like these give us a sneak peek at what a successful cyber-attack on critical infrastructures would look like. In addition to major inconveniences, a sophisticated and coordinated cyber-attack could cause significant physical damage, according to technology experts interviewed by the Pew Internet and American Life Project.
Mark Nall, a program manager for NASA, told Pew what form the physical damage might take. "Current threats include economic transactions, power grid, and air traffic control. This will expand to include others such as self-driving cars, unmanned aerial vehicles, and building infrastructure."
Although to many people cyber-warfare seems like a fantasy term from a sci-fi novel, it's a very real possibility. A successful attack would have dire consequences. Imagine a scenario where a country's critical systems are hit by a coordinated cyber attack.
In addition to commercial flights, consider the aftermath of an attack on the stock market, the healthcare industry or other sectors. A joint report by Lloyd's and the University of Cambridge's Centre for Risk Studies estimates the damage due to a cyber attack crippling logistics and supply chain management to be around $1 trillion.
Long story short, we would find ourselves in a chaotic situation.
Presently, most cyber-attacks are conducted to steal corporate data. Obama went to China last year to discuss Chinese cyber-attacks on US businesses. The DNC and Ashley Madison leaks are also some of those attacks taken place in the last few years. But future cyber-warfare threats are real.
If history is any guide, cyber-attacks in Ukraine and Germany reveal the extent of the threat.
In Ukraine, not only was the power cut, but the workers' electricity was turned off to prevent them from restoring service. The attackers also overwrote the firmware. Experts say the damage could have been considerably worse – this was just intimidation. A German steel mill had it much worse. Attackers gained access through employees' computers. The attackers were very skilled and knew not only about social engineering, but also about the systems the steel mill used.
It's hard to forget the Fukushima nuclear disaster of March 2011. Its impact is still felt in the region. Though the Fukushima Daiichi Nuclear Power Plant was hit by a tsunami, a cyber-attack could do the same damage. The threat is taken seriously by the Nuclear Energy Institute, which recently released policy briefs for nuclear power plants. One of the main suggestions is air-locking critical safety and security systems. This would block any intruders who want access to the power plant.
Artificial intelligence (AI) has been making headlines – and some major decision-makers are warning of the risk of rogue AI. We could discuss the existential risk a fully developed AI poses, but given that AI research is far from developing a super-intelligence that might potentially destroy the world in the coming decades, it is a fruitless discussion to have for now.
The US Department of Defense has a cyber-strategy for the scenarios described above and is putting an emphasis on this issue. Although the government is aware of the threat, there is still a lot to be done.