AMERICA’S CYBERVULNERABILITIES

On the afternoon of Dec. 23, 2015, Ukrainian engineers from a Prykarpattya Oblenergo power station stared at a computer screen while the cursor progressed on its own across the monitor. The mouse on the table had not moved. But the cursor hovered over the station’s breakers, each one controlling power to thousands of Ukrainian citizens. Then, with one mouse click at a time, the hackers now in control of the power station began shutting off power to hundreds of thousands of Ukrainians.

At the same time, Kyivoblenergo employees watched as dozens of substations shut down, one by one. In their case, there was no phantom mouse. A computer on their network that they could not locate was being used by someone to shut down the power—and there was nothing they could do.

That night, in the Ivano-Frankivs’k region of Ukraine, the temperature outside dropped to freezing. For the six hours that power was disrupted, thousands of homes dropped in temperature, and the water in outside pipes threatened to freeze.

Engineers rushed to return the power stations to manual control and bring back power to their citizens. Within hours, cybersecurity experts across Ukraine and the United States were alerted to the first successful cyberattack on a power grid in human history. Hackers, whom the Ukrainian government claims were backed by Russia, finally proved what was only before chronicled in fiction novels—a nation and its power stations could be brought down at will.

A year later, the hackers struck again. Attacking a single and more powerful Kiev transmission station, they managed to shut off more total power than the dozens of distribution stations that were shut off in 2015. Marina Krotofil, an industrial control systems security researcher who analyzed the attack, told Wired the methods were “far more efficient” the second time around. “In 2015, they were like a group of brutal street fighters,” Krotofil said. “In 2016, they were ninjas.”

Even scarier is what the hackers could have done. As Wired, which reported extensively on the attacks, wrote: “[T]he hackers could have done much more damage than they did do if only they had decided to physically destroy substation equipment as well, making it much harder to restore power after the blackout.”

In 1992, analyst Joe de Courcy warned against relying heavily on computer networks, calling them “the Western world’s Achilles’ heel.”

“Most of us have heard of the story of Achilles, the warrior who was only vulnerable in his heel,” wrote Trumpet editor in chief Gerald Flurry in 1999, quoting de Courcy. “America is the greatest superpower this world has ever known. But we have a very vulnerable point in our military—our own Achilles’ heel. It is so dangerous that I am amazed it hasn’t received more publicity.”

The Achilles’ heel he was referring to is the United States’ cyberattack vulnerabilities. As policeman of the world, the U.S. has been surrounded by an illusion of invincibility. That idea is no longer reasonable to entertain. Cyberattacks put every nation in the world in jeopardy. This article will show you why the Trumpet watches America’s cybervulnerabilities.

_____

Why Isn’t This Front-page News?

On September 6, American software company Symantec reported the hacking group known as “Dragonfly” had gained unprecedented access to electrical facilities across Europe and North America. Symantec said Dragonfly had “the ability to sabotage or gain control of these systems should it decide to do so.” A number of news outlets picked up the story, but overall coverage was limited. If you’re not avidly interested in cybersecurity, chances are this is the first you’ve heard of it.

And that’s true of the numerous other attacks which happen every month. WannaCry, the ransom software that infiltrated devices, stole files, and demanded payments of $300 to $600 for their return, made international news. But it’s unlikely the public remembers about the recent cyberinfiltration of nuclear facilities or the attacks on Irish power grids. In the coming months, there will no doubt be further reports of infiltration. But until something devastating occurs, the public won’t be alerted.

And that’s the point. By its nature, a good hacking operation wants to slip in, gain further information, and slip out, all without detection. The most successful job is when it’s not possible to report on it.

_____

Cyber’s Potential

It has long been wishful thinking to believe cyberattacks are limited to the realm of the Internet: e.g. bank scams, data theft, or system shutdowns. In 2007, a team at Idaho National Lab demonstrated the physical ramifications of a digital hack by sending a mere 21 lines of code that permanently destroyed a 2.25 megawatt diesel generator. Puffing and smoking, the machine was wrecked by an input that would be unnoticeable by plant officials.

https://www.youtube.com/watch?v=fJyWngDco3g

“Such a generator is not all that different from the equipment that sends hundreds of megawatts to U.S. consumers,” wrote Wired in another of its in-depth investigations. “[W]ith the right exploit, it’s possible that someone could permanently disable power-generation equipment or the massive, difficult-to-replace transformers that serve as the backbone of our transmission system.” Cyberexpert Robert Lee assisted in investigations of the 2015 Ukraine attack. “Washington, DC?” he told Wired. “A nation-state could take it out for two months without much issue.”

Three years later, in 2010, the computer worm now known as Stuxnet blew up hundreds of Iranian centrifuges—the devices used to enrich uranium for nuclear weapons. It was an attack that would have provoked war if it were done in person. Stuxnet was new; the cyber equivalent of the Chinese first developing gunpowder, the British building the first tank, or the U.S. creating the first atomic bomb. “This has the whiff of August 1945,” said Michael Hayden, former director of the National Security Agency and the Central Intelligence Agency. “Somebody just used a new weapon, and this new weapon will not be put back in the box.”

Antiaircraft guns surround the Natanz nuclear facility that Stuxnet targeted. If a nation tried to bomb the Natanz facility, it would have to find a way around these and the multiple protective concrete walls. With a computer worm, the nations backing the Stuxnet worm (most now point to the U.S. and Israel) skipped these outside defenses and snooped around inside. Stuxnet was a project years in the making. Programmed completely in advance, with no need for a human to send it directions, it searched out its target. On the specified day, it destroyed the centrifuges. The Iranian engineers could physically hear the machines misbehaving. They would check their screens to find the centrifuges behaving normally—but they weren’t. The Stuxnet worm was programmed to interfere and display fake data.

That’s scary technology. What’s even scarier is that that technology is now more than a decade old. All one can do is imagine.

_____

America’s Vulnerability

Let’s return to the Ukrainian power grid attack. What saved the engineers during the attacks was their ability to return to manual control. In the 2016 attack, the virus would not allow engineers to re-close the breakers. Each time the engineers did, the virus would open them again. Eventually, the virus deleted crucial files the operating machines needed, crashing them and preventing them from rebooting. The engineers needed to switch to manual control at one of the substations.

Here’s where America is so vulnerable. Fewer power stations in America have the ability to return to manual control. And fewer engineers even know how to operate the manual controls. America uses similar designs for its power grids, and the virus used in Ukraine—called BlackEnergy—has already been planted in American infrastructure once before. “The people who understand the U.S. power grid know that it can happen here,” Lee told Wired.

A Council on Foreign Relations report “A Cyberattack on the U.S. Power Grid” described it this way: “Most experts believe that the current complexity of grid operations in the United States would make a switch to manual operations difficult; newer systems might not allow for the use of manual controls at all.”

In an interview with Scientific American, Lee was asked about how concerned Americans should be about the security of their power grid. In “reasonable scenarios,” Lee said power outages would be limited to approximately one week. But he went on to describe two of the more scary aspects:

One, our adversaries are getting much more aggressive. They’re learning a lot about our industrial systems, not just from a computer technology standpoint but from an industrial engineering standpoint, thinking about how to disrupt or maybe even destroy equipment. That’s where you start reaching some particularly alarming scenarios.

The second thing is, a lot of that ability to return to manual operation, the rugged nature of our infrastructure—a lot of that’s changing. Because of business reasons, because of lack of people to man the jobs, we’re starting to see more and more computer-based systems. We’re starting to see more common operating platforms. And this facilitates a scale for adversaries that they couldn’t previously get.

Even before the Ukraine attacks, the Lloyd’s of London insurance company was worried about the potential effects of a cyberattack on the U.S. power grid. Working with the University of Cambridge Center for Risk Studies, they put together a plausible scenario based on “several historical and publicly-known real-world examples.”

In the scenario, with a success rate of merely 10 percent, the hackers are able to destroy 50 power generators across the country—as Idaho National Lab proved is possible in 2007. Other generators are shut down while engineers try to determine what is happening. “The attack triggers a widespread blackout plunging 15 states and Washington, D.C., into darkness and leaving 93 million people without power,” it described.

The economic cost? Lloyd’s estimates it at $243 billion. Workplaces are empty and the stores are being looted. Rioters fill the streets while hospital patients die as backup generators fail. “Water supplies are impacted during the blackout due to the loss of power to pumps. Supplies of potable water become limited across the affected area,” the report continued. Leakages, both from chemical plants and sewage plants, affect millions of people across the country. Chaos.

The skeptics call these scenarios fearmongering to their own peril. Man always uses the weapons he creates. John Hultquist is the head of FireEye, a group that first identified the hackers (called “Sandworm”) who attacked the Ukraine power plants. A month after Ukraine’s 2016 attacks, Hultquist wrote a tweet and pinned it to his profile: “I swear, when Sandworm Team finally nails Western critical infrastructure, and folks react like this was a huge surprise, I’m gonna lose it.”

https://twitter.com/JohnHultquist/status/818846928775553025

_____

It’s Not Possible

Most people believe the worst-case scenario is impossible until it happens. Even the experts don’t escape this thinking. Robert Lee tells Americans not to “freak out.” “Our adversaries are at the starting point of their journey to cause significant disruption to our power grid, not the finish line,” he wrote in Fortune.

This is dangerous thinking. In times of crisis, the leaps of technology boggle the mind.

Recall the world wars. A decade before World War i, the Wright brothers controlled the first heavier-than-air plane for 12 seconds. At the beginning of the war, one British general said “the airplane is useless for the purposes of war.” By the end of the war, long-range bombers flew the skies. In World War ii, the Germans believed their “Enigma code” used to encrypt messages was uncrackable. There were roughly 15 billion-billion possible combinations the Germans could have been using each day. Two years into the war, the British at Bletchley Park practically invented the computer in order to crack the code. Need we even quote the supreme speed at which nuclear physics came together to build the atom bomb?

There is no doubt, in the event of war, it will be revealed that cyberattacks are inconceivably more advanced than the experts expected.

And America, even with its highly advanced cybersecurity programs, has no monopoly on the technology. Ukraine blames Russia for its attacks. “We generally enjoy a significant military advantage,” General Dempsey, former chairman of the U.S. Joint Chiefs of Staff, said in an interview. “But we have peer competitors in cyber. … It’s a level playing field. And that makes this chairman very uncomfortable.”

A Department of Defense report released in February summed up the state of affairs: “The unfortunate reality is that, for at least the coming five to 10 years, the offensive cybercapabilities of our most capable potential adversaries are likely to far exceed the United States’ ability to defend and adequately strengthen the resilience of its critical infrastructures.”

_____

‘They Have Blown the Trumpet … But None Goeth to the Battle’

In his 1999 personal that quoted Joe de Courcy, Mr. Flurry warned of the future capabilities of “computer crime, computer terrorism, and computer warfare.”

Here we come to the origin of the above-mentioned Achilles’ analogy. As legend would have it, vulnerable in only his heel, the great warrior Achilles was slain by Paris, who managed to slip an arrow into Achilles’ tendon. As modern warfare goes, cyberwarfare may be America’s Achilles’ heel.

Why the most powerful nation in human history will fall is an entirely different topic, but it is connected to this Achilles’ heel. Late educator and theologian Herbert W. Armstrong pointed to God’s warnings to the nations of Israel in Leviticus 26 and Deuteronomy 28. “But if you will not hearken unto me,” He warned, the material blessings—economic and military dominance—once bestowed on them would be taken away. Strength would be spent in vain and other militaries would overtake them. All of this, including the history of America’s and Britain’s rise and their imminent fall, is covered in Mr. Armstrong’s free book The United States and Britain in Prophecy.

Mr. Flurry pointed to de Courcy’s analysis of Germany’s cybernetworks: “One growing concern to Western security authorities is the expanding, semi-underground, network of young computer hackers in Germany. It is thought that some at least of these highly skilled computer wizards are ideologically motivated—or could become so. With their expertise, a terrorist organization could achieve a far greater impact on everyday life than has ever been achieved by conventional terrorism.”

The consequences of cyberwarfare, even in the 1990s, didn’t escape de Courcy: “As to the implications for defense, the Gulf War showed what a critical role technology now plays in warfare. But the course of a battle would be very different if effective technology-sabotaging measures could be instituted against the superior force ….”

Later, in 2005, Mr. Flurry combined this analysis with what the Bible describes about the future of America and Britain:

I believe one key end-time Bible prophecy could well be fulfilled through the kind of cyberterrorism Mr. de Courcy described: “They have blown the trumpet, even to make all ready; but none goeth to the battle: for my wrath is upon all the multitude thereof” (Ezekiel 7:14). The trumpet of war is to be blown in Israel—mainly America and Britain. (If you would like more information, request our free booklet on Ezekiel. All of our literature is free.) It seems everybody is expecting our people to go into battle, but the greatest tragedy imaginable occurs! Nobody goes to battle—even though the trumpet is blown! Will it be because of computer terrorism? …

That the computer hackers are from Germany should be worrisome—especially if you understand history and Bible prophecy.

Winston Churchill said Germany had a history of surprise attacks against enemies and nations who thought they were friends with Germany.

Since then, the Trumpet has tracked the numerous advances in cybertechnology and cyberwarfare—especially in Germany. After hundreds of thousands of cyberattacks on its computers, the Bundeswehr decided to create a cyberarmy that could retaliate. When the team of 13,500 computer specialists began work on April 5, German Minister of Defense Ursula von der Leyen called it “more than a milestone” for the Bundeswehr. “This puts us in the top field internationally,” she said.

“If the German military’s networks are attacked, then we can defend ourselves,” von der Leyen said at the dedication. “As soon as an attack endangers the functional and operational readiness of combat forces, we can respond with offensive measures.”

In every aspect of modern life, the unimaginable has become commonplace. The computing power needed to send a rocket to the moon sits in people’s pockets each day. In war, we’ve see the same advances. How hard, then, is it to imagine the previously unimaginable for America and Britain? The bombs are falling, but the jets aren’t scrambling. “They have blown the trumpet, even to make all ready; but none goeth to the battle.”