A Cyber-Attack on an American City
Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported.
That attack demonstrated a severe fault in American infrastructure: its centralization. The city of Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals, and monitoring of critical utilities. In addition, resources that should not have failed, like the local hospital's internal computer network, proved to be dependent on external resources, leaving the hospital with a "paper system" for the day.
Commerce was disrupted in a 100-mile swath around the community, from San Jose to Gilroy and Monterey. Cash was king for the day as ATMs and credit card systems were down, and many found they didn't have sufficient cash on hand. Services employees dependent on communication were sent home. The many businesses providing just-in-time operations to agriculture could not communicate.
In technical terms, the area was partitioned from the surrounding internet. What was the attackers goal? Nothing has been revealed. Robbery? With wires cut, silent alarms were useless. Manipulation of the stock market? Companies, brokerages, and investors in the very wealthy community were cut off. Mayhem, murder, terrorism? But nothing like that seems to have happened. Some theorize unhappy communications workers, given the apparent knowledge of the community's infrastructure necessary for this attack. Or did the attackers simply want to teach us a lesson?
Although they are silent on the topic, I hope those responsible for emergency services, be they in business or government, are learning the lessons of Morgan Hill. The first lesson is what stayed up: stand-alone radio systems and not much else.
[...]
Realizing that they'd need more two-way radio, authorities dispatched police to wake up the emergency coordinator of the regional ham radio club, and escort him to the community hospital with his equipment. Area hams dispatched ambulances and doctors, arranged for essential supplies, and relayed emergency communications out of the area to those with working telephones. [...]
The article goes on about the weaknesses that were exploited, and how the city coped. I learned about this from one of the Ham Radio forums I read.
There was an article about it in the San Jose Mercury News:
San Jose police: Sabotage caused phone outage in Santa Clara, Santa Cruz counties
The title is a bit misleading; it was much more than just phone service affected.
It seems that there is an ongoing union negotiation with AT&T that could have played a part in this, although it's not clear what the union would have to gain by it, and they deny any involvement. They say the negotiation is routine, and that they have a good relationship with AT&T.
Here is more about how Ham radio operators played a big roll in providing emergency communications:
When Vandals Strike Infrastructure, Hams Provide Communications Support
It's surprising how easy it was for this sabotage to occur. The investigation is on-going.
No comments:
Post a Comment