ICS Cyber War Case Study Part 2

00:00

little man, um was interesting scenario where there was a mysterious communication between a security researcher trying to report exploitable, vulnerable condition to a national level search.

00:17

However, when this researcher did the reporting, it was not done in a secure manner because thesis search involved did not have secure communications. This is very bad because one of the top targets for surveillance happens to be national level Certs, because

00:35

it would give you as a nation state

00:38

or as a criminal gang, great advantage. If you could just collect all the newest and greatest proof of concept exploits of people were sending in.

00:48

Some of these things actually sell for millions.

00:52

Uh, now mixed with that. They were trying to use high anonymity and encryption services. And what I mean by that is we also involved some of the communications involving stolen data from an intelligence agency

01:11

using something called Proton Mail, which is an email encryption service.

01:15

Now, A few years back, there was an organization called the Shadow Brokers who supposedly stole tools very, very advanced tools from the intelligence agency called the National Security Agency, and they had set up a subscription service

01:30

for $20,000 a month. You could have access to all of the greatest and NSA tools,

01:37

so we broke a question to the participants.

01:41

If you knew that your enemy

01:46

was also buy a subscription from the shadow brokers, would you also pay for that subscription?

01:52

And in addition to that, in the scenario, the Dutch government went to hack back against something, got the I P address wrong and ended up hitting a Chinese consulate.

02:06

Otherwise, there's an embassy server which of course created a diplomatic incident.

02:14

Now, on Day two, we had the big exercise which we called dead canary,

02:22

and it involved five different European Union and NATO members being attacked. So the scenario went like this late one evening on July 17th of whatever year National Bank, their infrastructure was taken out, telecom was taken out.

02:39

Eso what happened? Waas for contacting anyone for response.

02:45

It couldn't be done. In addition to that government websites for D Dawson taken down

02:51

early in the morning on the next day, Uh, in the port of Rotterdam, we have storm surges. To keep the port safe, someone was able to get into this particular control network, modify the commands and close suddenly that storm search creating a big wave.

03:08

And what happened was this capsized a boat

03:12

and it ended up killing all the sailors on board. They drowned

03:17

on the same day. There was another country that was attacked in the scenario causing nationwide blackouts sort of similar to the black energy attacks. And also transformers that transmit the electricity were also set on fire.

03:34

Now you can actually do this. There was a project Aurora probably about 15 years ago which showed that

03:40

an attacker could remotely access a generator and by sending commands, actually destroy that generator

03:52

now

03:53

from the mass transit. What we did in the scenario was the attacker got into the signaling system of the public transport system of the London Underground, the very first underground system in the world.

04:05

So they have a lot of legacy stuff, and what they did was during rush hour, they actually made the train smash into each other, causing mass casualties.

04:15

So as we did the scenario, things were getting more and more dangerous. And then later that morning, in the scenario, a national stock exchange like the New York Stock Exchange. But this was in Europe we actually crashed it in. The scenario in that country had to halt all trading

04:34

so that they did not take a huge hit

04:38

for their economics in that country.

04:42

We also did a bit of an exercise twist, and we prepared for the United States not to participate in a devastating cyber warfare attack.

04:50

We also stress that

04:54

in this particular case, three you member states should seriously consider declaring what's called solidarity. Now what we did was we had a letter written which sounded like the US President, which the synopsis is Good Morning America.

05:14

It has come to my attention that five of our you and NATO allies have come under devastating cyber warfare attacks.

05:23

Now, when I was last at the brand new NATO headquarters and Brussels, I told them I warned them that every country needed Teoh put forward 2% of their GDP towards their defense. Now is the time for Europe to stand on its own two feet.

05:43

American blood will not be spelled.

05:46

We have built up our defenses and our digital wall, and anyone who thinks about attacking us will suffer the consequences.

05:56

So one thing to consider is being a NATO member if one is attacked and means all are attacked and we planned for the United States not to declare something called Article five

06:09

and fun fact, the first time that Article five was declared was actually after 9 11

06:16

So dead Canary had a lot of mass casualties, possibly in the tens of thousands, because I can tell you the London Underground it is jam packed during rush are and we also included elements of the Shamoon attack, which was a 2012 attack against Saudi Aramco, Saudi Arabia.

06:35

It also included attacks against the national oil company called Rasgas and Qatar

06:42

now diversionary. What we did was multiple attacks on different countries at around the same time, so it would take a lot longer for responders and for military to come into play.

06:54

Cutting off the telecommunications and several areas also meant that it was very difficult to communicate in those countries For first responders,

07:02

we included elements of extortion and also bringing down the banking system.

07:09

Now, when something major is happening, citizens want to know about it and they will go to government websites. In the scenario, we also took those down. We also affected the stock exchanges and getting into control networks and affecting surge barriers supposed

07:28

which are supposed to protect us from storms

07:30

causing electricity blackouts, which can also cause panic and also collisions on trains.

07:39

Now we learned quite a bit from this exercise. Teams were switched around and different advisers such as myself or assisting those teams, and we wanted Teoh get the different perspectives. By doing that,

07:54

each country will have its own alliances with other countries and their own perspective. So we took that into consideration theme. The decisions that each team made were actually quite varied. Some did nothing, no matter what some one particular group,

08:13

the evening before day to myself, the staff had made a little bet to see if any one of our groups would actually consider the nuclear option.

08:22

And actually, my group considered launching a nuclear weapon in the upper atmosphere of the attacking country that they believe they could attribute the attacks to creating an electromagnetic pulse.