As we all know, the arrival of the internet has disrupted the old order. Newspapers lost their advertisers and have become shrunken shadows slouching toward extinction. The music business is changed beyond precognition. Taxis and hotels quail before the onslaught of Uber and Airbnb. Mail is now email and war is becoming cyberwar.
All of a sudden we worry not whether the terrorists, malicious children or our geopolitical adversaries will kill us in the streets but whether they will crash all the driverless cars into one another by remote control. Or open the sluices in the dams and inundate us. Or crash the power grid and plunge us into blackness, cause planes to fall from the sky, crash the markets, empty our accounts or detonate the nukes in their silos.
Or will apocalypse be more banal, but no less terrible? An article by Robert McMillan in The Wall Street Journal reminds us that the magic of the internet — all those tweets and snapchats and instagrams, our bookings through Open Table, our online banking — are not the product of an ethereal cloud, but are all undergirded by a vast unseen infrastructure.
These industrial control systems are behind the data centers and server farms that allow the electronic world to operate as if by magic. They are the equivalent of the water and sewer lines, the gas and electric arteries beneath our streets that keep the civilization above ground in business.
That’s fine as long as they re not disrupted, but mess with the nuts and bolts and, as Prospero says, “The cloud-capp’d towers, the gorgeous palaces,/ The solemn temples, the great globe itself,/ …shall dissolve/ And, like this insubstantial pageant faded,/ Leave not a rack behind.” Or as the more prosaic Rick Perry might say, “Oops.”
McMillan warns that “while networked computers are upgraded frequently, the equipment in this underlying layer may be on a refresh schedule measured in decades. They use hoary communications standards that lack basic security features such as password protection.”
In part that’s because these dumb systems that power or cool the smart computer systems in principle have no need to be connected to the web or to the machines they serve. But in practice, they often are, making the entire superstructure vulnerable to malicious hacking down in the basement. A recent study found “20,000 such systems in schools, hospitals, retailers” and so on to be at risk via the internet.
A steel plant in Germany has been damaged by an attack on this soft underbelly. The destruction of Iranian centrifuges resulted from a similar backdoor invasion. McMillan describes a demonstration in which a man with a laptop was easily able to tell a simple cooling fan in a bank of network gear to shut down. If the order hadn’t been quickly rescinded, the gear would have melted down in a matter of minutes.
The man in this instance was the founder of a company aimed at addressing this blatant , yet rudimentary gap in internet security. In his view, “every data center can be broken.” In this case the goal isn’t to steal information by stealth or corrupt data but to fry the machinery where the data lives.
Our adversaries who are toiling without cease to steal industrial and military secrets, to read the mail of the President or the Secretary of Defense are bad enough, but the ability to melt down the infrastructure that controls all our internet communications and commerce is even more alarming, or ought to be.
It is hard to know which cliche or bit of proverbial wisdom best covers the case. Have we built our cyber civilization on quicksand? Or perhaps the great edifice of our cyber-age is like a game of Jenga, and it only takes one block puled from the base to bring the entire tower down.
Or is the want of a a little security at the heating and cooling level the cyber-nail whose want loses the shoe that brings down the horse that delays the message that loses the battle that topples the kingdom?