Our Analog Future: Experts Call for Preserving Copper, Pneumatic Systems as Hedge for Cyber Risk

In-brief: The U.S. should invest in equipment and talent to preserve legacy, analog infrastructure such as copper wire telecommunications networks and pneumatic pumps as a hedge against massively disruptive cyber attacks and other interruptions, two researchers with The MITRE Corporation argue in a recent opinion piece. 

The United States should invest resources in preserving aging, analog infrastructure including telecommunications networks that use copper wire and pneumatic pumps used to pump water as a hedge against the growing threat of global disruption resulting from a cyber attack on critical infrastructure, two researchers at MITRE argue.


LEARN TO SECURE THE INDUSTRIAL INTERNET OF THINGS 

Trusted Computing Group has how-to and demos with Microsoft, GE, Infineon, OnBoard Security, Wibu-Systems at IoT Solutions World Congress. Get your free expo pass code 111B9B47 or discount conference pass code 526E24AF


The researchers, Emily Frye and Quentin Hodgson with The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack. That includes so-called “lifelines” – essential functions like water, electricity, communications, transportation and emergency services.  That marks a critical departure from the past when such systems were isolated from the Internet and other general purpose networks.

“Each lifeline rides on, and is threaded together by, digital systems. And humans have yet to design a digital system that cannot be compromised,” they write.

With such civilization-sustaining functions now susceptible to attack, the onus is on society to maintain a means of operating them that does not rely on digital controls, Fry and Hodgson write. In many cases, that means preserving an older generation of analog infrastructure and management systems that could be manually operated.

In the case of communications, for instance, what is required is the preservation of a base core of copper-enabled connectivity, and the perpetuation of skills and equipment parts to make analog telephones work. Today, we see a move to decommission the copper-wire infrastructure. From a pure business standpoint, decommissioning copper is the right thing to do; but from a public-safety and homeland security perspective, we should reconsider. Decommissioning copper increases homeland security risk, because failover planning calls simply for relying on another server, router, or data center that is also subject to compromise.

Similarly, water infrastructure was operated using pneumatic pumps that were controlled  directly, not remotely via SCADA or industrial control system (ICS) software. Such systems should be maintained in the event that a cyber attack or another disruption (think: solar storm) disrupts digital communication networks.

[Related coverage on The Security Ledger: “Is analogue the answer for cyber terrorism?”]

The challenge isn’t just maintaining legacy hardware. Expertise is needed to operate older, manual systems like pneumatic pumps. “The people with deep knowledge of those systems are retiring, soon to be retired, or have already died,” the authors note.

However, the Federal Government could invest modestly in preserving their knowledge and expertise by training younger workers.

There is already evidence that the U.S. military is thinking about how to continue operating in the absence of digital technology upon which almost all facets of our society and economy have come to depend. For example,  DARPA, the Department of Defense’s Advanced Research Projects Agency, in 2015 launched the LADS – Leveraging the Analog Domain for Security – Program, directing $36 million into developing “enhanced cyber defense through analysis of involuntary analog emissions,” including things like “electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations.” The goal, according to a DARPA document describing the program (PDF), is to “develop new cybersecurity capabilities by exploring the intersection of the analog and digital domains” and to extend monitoring to a category of devices that are often unprotected. These are what DARPA refers to as EMSDs – or “embedded and mission-specific devices.”

Also, in 2016, the U.S. Navy resumed teaching cadets the art of celestial navigation using sextants, fearing a loss of GPS navigation.

The authors note that the United States also has experience of prioritizing the preservation of these valuable skills in other areas, such as the Navy’s ship-building program or nuclear propulsion. “If we had let “market forces” completely have their way, we could very well have lost the ability to produce the ships we need or maintain our Navy’s nuclear propulsion programs,” they write.

New among the lifeline services” Global Positioning System (GPS), which is used for a dizzying array of modern services, from navigating city streets to directing missiles to their target. The authors say that GPS could be replaced with technologies like enhanced long-range navigation (e-LORAN), which can provide similar capabilities especially in maritime environments. But that technology, also, is being phased out, the authors note.

Also on the “to-do” list: back up for electricity generation and power distribution, as well as emergency communications for first responders.

Digital access to emergency response and other systems is of increasing concern. In April, unidentified hackers set off all 156 of the City of Dallas’s civilian defense sirens, disrupting sleep for hundreds of thousands of residents. The sirens were activated more than a dozen times, according to a report by the Dallas Morning News.  The stunt, which is believed to have been carried out using RF (radio frequency) replay attacks resulted in a flood of calls to 911 by confused residents and, according to published reports, was the product of a radio-frequency based attack on the sirens, triggering the devices using tones.

Check out the full article here: Backward is Forward: Analog Failover | The MITRE Corporation

Security Ledger wants to hear your thoughts! Leave a reply.