grid, such as SCADA systems,” he says.
SCADA (Supervisory Control And
Data Acquisition) industrial control
systems govern major functions in everything from factories to refineries to
power generation stations. Someone
who wanted to take down the Internet
could infiltrate and destroy these systems, wreaking havoc on the machinery that keeps power plants running
and leaving their service areas without
power and Internet.
Obviously, a power grid disruption
causes huge problems beyond taking
down the Internet. A generator or alternate power source can bring homes
and businesses back online after some
initial turmoil in the event of a grid failure. The downtime is costly, to be sure,
but in a complete disruption of the Internet, for example, stock market activity would largely cease, online banking,
commerce, and transactions would
grind to a halt, and work at most modern businesses would be impossible.
On a wider scale, targeting facilities that service key Internet infrastructure could destroy huge swaths
of the Net. “We have to consider the
underlying tubes and fiber, the key
network exchange hubs and datacenters hosting Internet content,”
says Thomas Savundra, cofounder
of ultra-secure cloud storage service
Sync. A disruption to the power supplied to any of these facilities could
knock out a key piece of the machine
that keeps the Internet running.
believes the attacks required expertise,
as the perpetrator(s) broke into underground bunkers that housed those cables. This was the eleventh attack within 12 months in this particular case;
a similar attack took place in Arizona
early last year.
In each case, an attack on fiber optic cables caused local Internet disruptions. Consider what might happen
if the cables tampered with served a
That has happened several times
over the last decade to the fiber optic
cables under the Mediterranean Sea,
when cables delivering Internet service to entire Middle Eastern and Asian
countries have been the victim of a variety of attacks. Some are known to have
been accidental, such as when a ship’s
anchor cuts through submarine cables;
others, however, are potentially criminal. All have worldwide implications.
One such attack in 2008 stopped Internet service in Egypt, Pakistan, Kuwait,
and India—four countries together
inhabited by nearly 1. 5 billion people
or one-fifth of our planet’s population,
according to a report from Wired.
Destroying undersea infrastructure
may require a specific set of skills, but
it does not require an army. One of the
cable-cutting incidents in the Mediterranean was the work of just three men.
The relative ease with which malicious
parties can disrupt Internet service on
a global scale does not end there. While
undersea cables are marginally thicker
and sturdier than their landborne
counterparts, they still are shockingly
easy to access.
Andrew Blum, author of Tubes: A
Journey to the Center of the Internet,
told Wired, “Other than obscurity and
a few feet of sand, [the cables] are just
there. The staff at a cable landing sta-
tion might patrol the path to the beach
landing once or twice a day, but oth-
erwise I’ve never heard of or seen any
Attacks on enough poorly defended
cables at the same time could bring the
Internet crashing to its knees.
When the Lights Go Down in the City
Another area malicious parties could
attack to undermine the Internet is
the electrical grid, says Kamkar. “This
could happen by attacking the industrial systems that control the electrical
In a complete
disruption of the
would cease, online
grind to a halt,
and work at most
would be impossible.
Disruption is not limited to instances in which a facility’s power source
fails; its machinery is also a target.
In 2010, the world was introduced
to Stuxnet, a computer virus sometimes called the first digital weapon.
It is believed the worm was created by
U.S. and Israeli intelligence services,
because it targeted Iranian centrifuges used to enrich uranium. Stuxnet
burrowed its way into the centrifuges
after unwittingly being introduced to
the machinery via a corrupted USB
drive. Once present, Stuxnet damaged
the centrifuges from the inside. The
highly guarded centrifuges were air-gapped (physically isolated) from the
Internet, which is why the virus had to
be introduced via USB. That may be a
“More likely in the future it would be
an attack that happens online, as more
industrial systems are further connected to the Internet,” says Kamkar.
According to a report by the World
Economic Forum, the number of
Internet-enabled sensors in use increased more than five times between
2012 and 2014—from 4. 2 billion
shipped to 23. 6 billion. That is not
just for smart homes and snazzy gadgets; governments and huge corporations are bringing key infrastructure
and plants online, too. Stuxnet attacked machinery’s actuators, which
are under threat in any factory where
the machinery is directly connected
to the Internet. As offline machines
are augmented with online sensors,
those sensors may enable damage indirectly when viruses cause problems
with them (such as replacing real
data with fake data).
That means a future saboteur
would not need to be physically present to do serious damage; he or she
or they could introduce a Stuxnet-like worm into one or more facilities
using the machinery’s connection
to the Internet, while working from
anywhere in the world. This next
generation of cyber-terrorist could
even shut down parts of the Internet
by attacking the power sources of key
While the Internet of Things might
deliver untold economic and productivity benefits, companies and governments need to prevent such attacks before they occur by bringing industrial