ABSTRACT

Imagine a team of commandos preparing to strike at an unsuspecting nation-state. They carry no obvious weapons. They are not dressed in fatigues. In fact, they wear civilian clothing and occupy a nondescript office building on a suburban street. In the operation about to take place, they will not breach any national borders, at least not in person. They will not infiltrate enemy installations or embassies. Instead they attack by sitting at their desks with a radio transmitter connected to a laptop. The transmitter talks the language of the ‘smart meter’ that the electric company has installed outside their building. The simple computer called a microcontroller in each meter allows it to communicate through a hierarchy of progressively more complex computers to a central control facility of the company that owns the equipment. When the commandos’ laptop engages the meter, it exploits a vulnerability in its modest operating system to implant a block of malicious code. This code subtly alters the behavior of the meter, causing it to broadcast to other meters within range and infect them with the same block of code. The malicious code rapidly spreads from meter to meter across a large geographic region. At the same time, each infected meter passes tainted data to the control node above it, until finally the upward cascade ends with the implantation of a payload on the relatively powerful computers of whatever control center that particular meter reports to. At first nothing happens; the weapon has yet to find its target. But eventually, the implanted code leaps the right number of national borders as the number of infected meters grows exponentially. At some point thereafter, the infection spreads upward to infect the control computers of the targeted company. There, the foreign code surreptitiously opens a communication channel to the commandos, and signals them that it’s open for business. A much larger piece of code is then uploaded through the hijacked computers of some innocent bystanders. This much larger digital weapon sets to work coordinating the final stage of the attack. The corrupted control software incites the targeted company’s control system to direct a surge of power to a carefully selected set of substations, all at precisely the same moment. At each substation, the surge induces the large transformers at the heart of the station to explode in spectacular fashion, leaving the industrial operation serviced by that particular substation without power from the grid. At each point of attack, diesel generators then roar to life so that critical (and dangerous) manufacturing processes can be safely halted until main power is restored. But the control systems of these generators—also equipped with microcontrollers running tiny programs—have already been corrupted by the commandos. Rather than maintaining a steady flow of electricity, each diesel generator wildly oscillates the throttle, and is quickly reduced to a smoking hulk as the combustion engines tear themselves apart. There is no way to control the manufacturing process that is now running amok. At that point, three munitions plants spread across a country that does not believe itself 142to be at war simultaneously and—to anyone but the digital commandos—mysteriously explode, resulting in significant loss of life, matériel, and war-fighting capability.