Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security The Military

A Major Cyber Attack Could Be Just As Deadly As Nuclear Weapons (sciencealert.com) 132

"As someone who studies cybersecurity and information warfare, I'm concerned that a cyberattack with widespread impact, an intrusion in one area that spreads to others or a combination of lots of smaller attacks, could cause significant damage, including mass injury and death rivaling the death toll of a nuclear weapon," warns an assistant Professor of Computer Science, North Dakota State University: Unlike a nuclear weapon, which would vaporize people within 100 feet and kill almost everyone within a half-mile, the death toll from most cyberattacks would be slower. People might die from a lack of food, power or gas for heat or from car crashes resulting from a corrupted traffic light system. This could happen over a wide area, resulting in mass injury and even deaths... The FBI has even warned that hackers are targeting nuclear facilities. A compromised nuclear facility could result in the discharge of radioactive material, chemicals or even possibly a reactor meltdown.

A cyberattack could cause an event similar to the incident in Chernobyl. That explosion, caused by inadvertent error, resulted in 50 deaths and evacuation of 120,000 and has left parts of the region uninhabitable for thousands of years into the future. My concern is not intended to downplay the devastating and immediate effects of a nuclear attack. Rather, it's to point out that some of the international protections against nuclear conflicts don't exist for cyberattacks...

Critical systems, like those at public utilities, transportation companies and firms that use hazardous chemicals, need to be much more secure... But all those systems can't be protected without skilled cybersecurity staffs to handle the work. At present, nearly a quarter of all cybersecurity jobs in the US are vacant, with more positions opening up than there are people to fill them. One recruiter has expressed concern that even some of the jobs that are filled are held by people who aren't qualified to do them. The solution is more training and education, to teach people the skills they need to do cybersecurity work, and to keep existing workers up to date on the latest threats and defense strategies.

This discussion has been archived. No new comments can be posted.

A Major Cyber Attack Could Be Just As Deadly As Nuclear Weapons

Comments Filter:
  • Huh? (Score:5, Funny)

    by tomhath ( 637240 ) on Sunday August 18, 2019 @05:43PM (#59100288)

    Unlike a nuclear weapon, which would vaporize people within 100 feet

    Got news for you prof - people 101 feet away from a nuclear weapon will be vaporized too.

    The whole article is anti-nuke fud. Nothing to see here.

    • Got news for you prof - people 101 feet away from a nuclear weapon will be vaporized too.

      The first nuke was detonated at the Trinity test site on a 100 foot tower.

      Parts of the tower not only were not vaporized, but not even melted.

      Tens of thousands of people died at both Hiroshima and Nagasaki. But plenty of people, even those within a one km radius, survived both the initial blast and the radiation.

      Most people actually overestimate the effectiveness of nuclear weapons.

      • by Livius ( 318358 )

        They've made more powerful weapons since 1945.

        • And people still have exaggerated ideas of their physical effects. Even one megaton bombs mostly don't kill by "vaporizing" , ordinary heat and blast do most the body count and maiming. To get the two billion joules of heat on your body to vaporize person they'd have to be within about 1.2 km of 1 MT bomb. Meanwhile people 8 km away would have 50/50 chance of surviving blast and burns (air burst case for maximum range of killing)

          • by ceoyoyo ( 59147 )

            1.2 km > 100 ft.

            I think. These imperial measurements are tricky.

            • yup, but probably the guy was thinking of man portable fission device in 2 - 5 kt range. practically have to be sitting on the thing with pants pulled down to get "vaporized"

            • Kill radius is proportional to the cube root of the yield.

              So a modern W80 warhead has 8 times the yield of Fatman, but only twice the lethal radius.

              • by ceoyoyo ( 59147 )

                So you're saying that the radius of vapourisation for a small nuke would be in the 500 m range?

                I think 500 m is still greater than 100 feet, no?

        • by AHuxley ( 892839 )
          Smart nations experts can dial up and down the yield of the nuclear weapon.
          Not all will take out the Fulda Gap and the rest of Germany as the default setting...
        • You're responding to ShanghaiBill.

      • plenty of people, even those within a one km radius, survived both the initial blast and the radiation.

        Yeah, well, I think I'll keep my distance.

    • I'll be sure to stand at least 102 feet away then - thanks!

    • Anti-nuke?

      • Why yes. By understating the effects of thermonuclear weapons, and overstating the effects of cybernetic weapons, he is hoping to sell more of his sort of weapon, and thereby deprive impoverished quantum physicists of the chance to make a living in the increasingly competitive munitions industry. What does he have against good, honest Lithium Deuteride?

    • by e3m4n ( 947977 )

      Yep. Chernobyl was a breeder reactor built with a positive reactivity coefficient in its design. Thats a physics term for positive feedback loop. Western designs mandated by the NRC include a negative reactivity coefficient design and being able to be shut down with the most reactive/critical rod stuck at the top. To compare Chernobyl to our reactors and hacking is ridiculous. If they build them like the navy theres nothing to hack. Vaccum tubes and mag amps still exist in a lot of places. Even an EMP would

    • by Zorro ( 15797 )

      "A GBU-43 Massive Ordnance Air Blast (MOAB) bomb is one of the most powerful conventional weapons in existence. The bomb weighs more than 10,000 kilograms and contains 8,164 kilograms of explosive. Its explosion is equivalent to 11 tons of TNT and the blast radius is a mile wide."

      That is 11 Tons not Kilotons. You would still be red mist from the blast effect far beyond 100 feet.

  • by Brett Buck ( 811747 ) on Sunday August 18, 2019 @05:54PM (#59100308)

    Unlike a nuclear weapon, which would vaporize people within 100 feet and kill almost everyone within a half-mile

        I guess it's easier to draw this analogy when you *understate the effects of a nuclear weapon* by around an order of magnitude. The quoted numbers are true only for *tiny* weapons like Hiroshima and Nagasaki, and probably understates the threat, even then. Big boy thermonuclear weapons are at least an order of magnitude more powerful.

          People's fear of things nuclear is generally *grossly overblown*, but the premise here grossly understates what would happen in even a minor exchange between thermonuclear powers.

    • by ceoyoyo ( 59147 )

      Even then, if you dropped a little backpack nuke into a city somewhere and it killed everyone for half a mile around, I think you'd probably find you had some disruption to traffic flow as well. Perhaps even some difficulty at the supermarket.

      • Re: (Score:3, Insightful)

        At this point hard Brexit is more disrupting than either scenario, but people are politely being asked to look the other way

        • "Hard" Brexit or "leaving the EU," as it is otherwise known, is not going to be disruptive at all. And remember, the UK voted for that so it must be delivered. The disruption from ignoring a democratic vote would be much higher!
        • I mean what is the almost total annihilation of life on earth compared to their being some lorry delays at ports and middle class tossers not being able to get their organic quinoa in waitrose any more.

    • I guess it's easier to draw this analogy when you *understate the effects of a nuclear weapon* by around an order of magnitude. The quoted numbers are true only for *tiny* weapons like Hiroshima and Nagasaki, and probably understates the threat, even then. Big boy thermonuclear weapons are at least an order of magnitude more powerful.

      Dead wrong.

      The effects from a modern large nuke have a range more than an order of magnitude farther. The blast itself is three orders of magnitude larger - from kilotons of TNT to megatons.

    • by rtb61 ( 674572 )

      I'll tell you the affect of a nuclear weapon, go outside and see one right in the sky or it's reflection. The sun can, I suppose in Mr Crazy Pants professor view of the world, declare war on our technology and send a major solar flare our way and cripple the digital economy for quite some time. So some numbers should one hit the US now, probably as many as 10 million would die over time, starvation, chaos, crime, looting, lots and lots of murder and it would take at least three months (optimistic, very opti

      • by djinn6 ( 1868030 )

        I don't know why you're comparing the sun with nuclear weapons. They are nothing alike.

        While the sun is 100 times more powerful than a nuclear weapon[1], it's also very very far away. A nuclear weapon going off at the same distance, 1 AU, is about as dangerous as a camera flash. On the other hand, letting the sun get even 1% closer is going to be very bad news.

        The sun also heats up like a compost heap rather than explode like a nuclear weapon. It burns its hydrogen very slowly, which is how it can last for

        • You're missing the point.
          It isn't about thermal energy from the sun, it is measuring what happens when we have a major solar electromagnetic storm.
          The last time we had one was over 100 years ago (lookup the Carrington Event), and we didn't use computers back then.
          If it knocks out all power to the Western Hemisphere, millions will die.
          Even after we rebuild the supersized transformers that take months to build, on the other side of the world that wasn't hit, just restarting the power plants is a major underta

    • by Matheus ( 586080 )

      Ya.. a 4 MTon nuke will completely incinerate everything within a mile. That's a few feet more than 100 ;) (And nowhere near our most powerful nukes just the only data I could find in a quick Google)

      • by Matheus ( 586080 )

        Ooo.. I did find a better one from Tsar Bomba:

        Various articles on the subject state that the blast caused “total destruction” for a radius of 15 miles, with third degree burns suffered if you were 62 miles away.

        That's a lot of 100 feets right thar!

  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Sunday August 18, 2019 @05:54PM (#59100312)
    Comment removed based on user account deletion
  • by joe_frisch ( 1366229 ) on Sunday August 18, 2019 @05:56PM (#59100314)

    I think people worry too much about "critical infrastructure" form cyber attacks, and too little about very large scale damage to non-critical data. People's personal records, financial information for individuals and companies. Mass falsified purchases, private account hacks, mass distribution of credit cards etc. The resulting chaos could be quite serious if it was very widespread. Imagine if the information on every electronic device you normally interact with was destroyed, phones computers and possibly cars bricked. I could imagine triggering a major economic collapse.

    • by Livius ( 318358 )

      If you really want to scare people, forget death tolls and infrastructure failures. Tell them their employer will lose all the electronic records and then their jobs no longer exist, and every other potential employer will be out of business too.

      • Employer? That's not scary.

        Tell them that the DMV will lose their records, and they'll have to get a new license, test and all. And they'll need their title, proof of insurance, proof of residency, etc.

        And tell them that everyone else will be going there to do this as well, so they should be prepared for a very long wait. In the days to weeks range.

        • And no one. Not one agency has backups? Or off site backups? Even the chincy little agencies I've worked at have off site backups in their disaster recovery plans.

      • Comment removed based on user account deletion
    • The damage from a deliberate nation state hacking attack could plausibly cause damage taking years to fix. Not as bad as what the economic collapse from uncontrolled government borrowing will do, but still a huge hit.
      • Not as bad as what the economic collapse from uncontrolled government borrowing will do, but still a huge hit.
        Unless the capability to cause that sort of 'damage' is used in a directed way to cause economic collapse, perhaps on a much larger, deeper scale.
    • What about lack of food, and city water?

      Hell, if it gets nasty, I will hope the govt by then hasn't tried taking away all my guns....will need something to protect myself, family and friends and what supplies we have.

    • >I could imagine triggering a major economic collapse.

      Yes, you could, couldn't you.

  • ... man I wonder who's paying this prof and who's palm's are being greased. Anything you build will have some kind of weakness to attack. One might wonder we spent resources helping people and trying to solve problems rather then invading other countries, exploiting people and resources for a quick profit, maybe people wouldn't feel the urge to attack back but that might require a level of self introspection that's beyond the leadership of our kind.

    Our species is just one giant clusterfuck of stupidity an

  • This has been known since more than 30 years ago.

    Winn Schwartau wrote about what he called an “Electronic Pearl Harbor.” Winn coined the phrase “Electronic Pearl Harbor” while testifying before Congress in 1991. https://winnschwartau.com/books/

    And, ever since, it’s been getting closer and closer to actionable. Now it is. Ugh

    • I mean it's a pretty standard trope of nearly all post-apocalyptic fiction -- once the power goes out for an extended time and there is pressure on food and fresh water supplies, the veneer of civilization proves itself mighty thin.

      There are some places that have faced catastrophic disasters that did not melt down into Mad Max mayhem, but they were largely rural places where the population was highly cohesive to begin with -- no giant rich/poor gaps, nearly monolithic racial and ethnic makeup. And there wa

  • And they both leave a bitter taste in your mouth.
  • While I understand there are real risks to a "cyber attack" on infrastructure (just look at New Orleans after Katrina), I feel like only an American, who has no personal understanding of total devastation of WWII, could make such an inane comparison. Really? Traffic lights?
  • There is no way to a sane person can make this argument.

    A nuclear detonation is more than just the explosion. It is the size and scope, the radiation, and the fallout of what just happened that lasts for years potentially making an area unsafe to inhabit.

    A major Cyber Attack no matter how bad will never compare. Today's Children and their vocabulary sucks... they have no idea what real hardship is but they cry like they are experiencing every hardship known to man and the moment someone stubs their toe it

    • Hey, in a cyber attack their Facebook might go away.

    • A cyber attack that shuts off electricity for 2 weeks across the entire grid of a nation would be far more deadly than a single bomb dropped any single GPS place. Look into the power failure of 1967 in New York. That was 18 hours to get back up and we had to use one small power plant a small dam to get everything started again.

      3-5% of the output of a power plant is required to run it, to get it started. If you don't have that power, you can't get started.

      If you don't think folks can turn off the power
      • And Stuxnet was the first attack, ostensibly performed by the US and Israel, so we don't even have any moral standing to bitch about it when someone does it back to us.

  • Jobs are vacant when it isn't a priority of the companies to define the requirements correctly and pay enough. It's that simple. If you want to fix the terrible security problems, force the companies to fix them via regulations with teeth. Problem solved. This reminds me of the "problem" that no US citizens are willing to work agricultural jobs. That's a lie. The fact is that the conditions and pay are purposely set such that they don't attract US employees.
    • If only Mexicans can (will) work in the American agricultureal sector, then those jobs have already been exported to Mexico. Only America is still paying for the social costs/healthcare/police etc of those jobs. If a job isn't worth paying a living wage then let the third world have it.
      • It isn't about who the workers are, it is about which community they live in and where they spend their pay.

        Poor people spend most of their money to survive, that money goes back to the local economy.

        If you want to make sure even more of the money stays here, just make it easier for relatives of the workers to move here so they don't have to send money "home."

  • by iggymanz ( 596061 ) on Sunday August 18, 2019 @07:01PM (#59100430)

    Most US reactors have controls that are unhackable via internet, what with them being 1970s electronics. Even so, take over the control room physically and the worst one could do is go outside of operating parameters and trip the reactor offline. power company shareholders who will be terrorized...well pissed off anyway.
    More boring than the Hollywood movies you've seen, sorry.

    And traffic lights? Like imagining making all lights green at intersection? Nope, sorry, not interlocked that way. Could cycle them quickly and out of sync with nearby lights making traffic jams until cops directed traffic or they are put into flashing red mode.

    A cyber attack on infrastructure creates annoyances and inconvenience, that's all.

    • "A cyber attack on infrastructure creates annoyances and inconvenience, that's all."

      A cyber attack of any type only creates annoyances and inconvenience provided that one has done their Risk Assessment and Mitigation correctly. And if one did not do their RA and Mitigations correctly, then one deserves whatever befalls them (which hopefully includes at least being put permanently out of business, if not death or imprisonment).

      Nothing to see here. The poster of the original story is obviously a terrorist s

      • Have you worked _anywhere_ in the last 25 years that have done, and put in place, a thorough risk assessment? Especially against power plant and water supply disasters? What percentage of business, including utilities, do this well? It's very difficult. It's very expensive. And there are often exceptions made for utility.

        • Have you worked _anywhere_ in the last 25 years that have done, and put in place, a thorough risk assessment? Especially against power plant and water supply disasters?

          I have. The conclusion to things like "all power in the region is out for days/weeks" or "no running water for days/weeks" has been "We're fucked. Even if we had backup power and water, there is no way we can shelter our employees here, so they're either going to move away until the crisis is over, or die."

          • by geekoid ( 135745 )

            power/water gone fro week isn't really a realistic scenario.
            And yes, if it is more then a couple of days you should be walking out of the disaster area.

            • power/water gone fro week isn't really a realistic scenario.

              The people of Puerto Rico would like to talk to you.

  • So basically all this amounts to is taking every disaster that has happened, or has been imagined, in the past 50 years and prefixing it with the words "a cyber attack could cause .... "
    • Y2K cyber edition.

      • by geekoid ( 135745 )

        Y2K was a really bad issue they we spent billions to solve in a short time.

        Then people just go on like it was never a rely issue instead of realizing it was fixed.

        • "If we don't fix it, planes are going to fall out of the sky!"

          A guy I knew from the local BBS filled his bathtub with water, and stocked up on instant noodles.

  • "A Major Cyber Attack Could Be Just As Deadly As Nuclear Weapons"

    Ummm, no.

  • He conveniently leaves out the part about nuclear fallout and radiation that lingers for thousands of years.

    • because it doesn't happen.

      Air bursts, the way weapons would be used to kill and maim in the largest possible area, don't even make local fallout.

      Ground burst make plenty of fallout, but the two main isotopes of concern are I-131, which goes away in months, and SR-90 with half life of 29 years would take a while to get to safe levels, something like 150 to 200 years.

      • > Air bursts, the way weapons would be used to kill and maim in the largest possible area, don't even make local fallout.

        I must say, nonsense. Air bursts are used to _minimize_ fallout, but they still have some. And it can settle years later, much removed from the original attack, due local wind and weather. And there is certainly some local fallout because some of the debris settles locally, just less than one might expect.

  • by superdave80 ( 1226592 ) on Sunday August 18, 2019 @08:26PM (#59100590)

    People might die from a lack of food, power or gas for heat or from car crashes resulting from a corrupted traffic light system.

    The linked to study about 'traffic deaths from corrupted traffic light systems' was actually not about deaths due to corrupted traffic light systems. It was only about theoretical ways you could trick next gen traffic lights into staying on green too long to cause traffic jams. There is no mention in the article about deaths or crashes of any kind.

    This guy either didn't bother to read his own link about traffic lights or is just hoping no one else will. Either way, I wouldn't trust anything else he has to say on this subject.

    • I remember one of the practical labs in my intro to circuit design class was to design and build a simple interlock system for a theoretical two-traffic light system that would not allow both lights to be green at one time. This was admittedly a strictly academic exercise with little real-world application, but I have a feeling that actual electronic engineers are more than capable of building out a system where the hardware makes it impossible to set all lights to green at the same time, no matter what co
      • Yeah, when I read about 'hacks' to traffic lights to cause 'crashes and deaths', my BS detector went off. Any competent traffic signal will be hardwired to NEVER allow opposing lights to be green at the same time, regardless of what external programming is applied to the system.
        • by geekoid ( 135745 )

          And yet, they aren't.

          Maybe learn how those systems work,, and why they work that way before stating an opinion?

  • Anyone silly to believe the story should feel ashamed. It's low quality b8.

  • With Bruce Willis, Die Hard XVII or something like that. Cyberterrorist, takes down the electrical grid, traffic lights, all sorts of stuff. But it was only a movie.
  • by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Sunday August 18, 2019 @11:31PM (#59100942)

    Dropping 50 nukes of 10 000 times Hiroshima each is about as bad as Facebook going offline for 2 weeks.

    WTF??!?

    • by eepok ( 545733 )

      Facebook, huh? Throw in Twitter, Instagram, and make it 3 months and we can talk.

  • Well, in that case, as a country, these United States MUST allocate additional funding for cyber security research! Starting with you, Dr. Straub...

  • If Elon Musk has his way and we all give up driving across the developed world, we will have networked self-driving cars taking us everywhere.

    When everything is working, it will be safer than driving manually. But, when it doesn't and the system gets hacked or glitches, it will be much worse than a 20-car pileup with deaths.

    I personally do not buy the "extreme unlikelihood" Musk and Co. continue to sell with Level 5 fully autonomous driving being "hacked". The most I'll accept is autonomous driving on a hig

    • by geekoid ( 135745 )

      All of them have overrides and safety systems installed.

      "there's too many variables that a set of cameras, a lidar, and a neural network can predict."
      they can predict an order of magnitude more variables then the human brain.

  • All the signs I see in news stories I've read going back for years points to the idea that the capability to completey fuck every vital system on the planet already exists but doing that is a doomsday device, something you can do once, and in the meantime there's much more money to be made by using the capabilities to compromise basically any system anywhere at any time, but on a much smaller, more selective scale. I think it's just a matter of time before the wrong people get control of those capabilities
    • by geekoid ( 135745 )

      It's nice you let fear mongering headline determine you opinions.

      • It's nice you stick your head in the sand and ignore everything going on around and/or just assume that everything is 'fake news' because it doesn't fit your worldview, or whatever your rationale is. Also thanks so much for assuming I'm some knee-jerking low IQ dummy.
  • Normally this sort of comment would mean someone is fishing for cheaper labour, via foreign workers. Given the subject though I sincerely hope that isn't the case!
  • not so concerned about a cyber attack causing much mayhem as long as it stays within that one system.
    the issue is that systems are being attacked to gain control over other parts, mostly outside of the server.
    like the tfa mentions; utilities, turn off all power for a week.
    it's just one more attack tool in the arsenal they already have available, in addition to direct, physical attacks (blow up the main powerline is just as effective).

    • by geekoid ( 135745 )

      I worked with SCADA systems. Worse case some shut sit all down. Which would be an issue for the two hours it would take to bypass all the automated system and manually turn it back on.

      I'm not really that worried.

  • Comment removed based on user account deletion
  • by geekoid ( 135745 )

    " mass injury and death rivaling the death toll of a nuclear weapon,"

    No.

  • I remember recoding for the Y2K issue. We had to answer audits.
    One of the questions was how fast we could recover if the electricity was off for one day , 3 days and a week.
    Our data at the time was penciled in on SAT-type bubble sheets we ran thru scanners. We could process a week's worth of backed up data in 2 hours so we were set.

    Then we got another question that provoked severe backlash from me. What if the electricity was off for 6 weeks?
    Answer: we wouldn't give a shit about our job if the electri
  • You must loooove the combo of careful, leaving no trace of responsibility, use of vague "could be" and dramatically exaggerated "as deadly as nuclear weapons".

news: gotcha

Working...