By Evan Pounder
With barley a moment’s notice, on December 25th, telecommunication, credit card machines, emergency services, and flights in the area surrounding Nashville, Tennessee halted. For two days, AT&T services that many people across the state, including emergency officials, relied on remained disconnected. “At the height of the outage, 46 counties in Tennessee had disruptions in 911 call service centers.” This outage was not the result of a state sponsored cyber-attack, or any type of cyber intrusion for that matter, but rather the consequence of someone driving an RV filled with explosives up against an AT&T central hub and setting off a bomb that would rattle the entire country on Christmas day. Still without a clear motive, this bomber was able to completely unlink the communication system infrastructure in dozens of counties by simply detonating a large explosive on a street that housed a major terminal for a major telecommunications company. No technical expertise, no expert hacking, just destroying the infrastructure that was responsible for countless critical responsibilities. However, as the immediate threat and impacts have been dealt with, and most functionality has been restored, we must now examine the implications that have emerged as a result of this bombing.
The bombing in Nashville, with fortunately only one death – the bomber’s – and several non-life-threatening injuries, has set a dangerous example for threat actors all over the world. These groups have just observed the chaos that this incident has caused, with no definitive evidence that taking down the AT&T communications hub was an objective of the attack. Threat actors have now witnessed a clear path to disrupt vital communication and emergency services, for extended periods of time and over a broad area, by means of a conventional physical attack and without having to break through any network security. It should also be noted that this is not the first instance of communications being disrupted due to the damage of one piece of infrastructure. We have seen time and time again as major weather occurrences can cause similar outages. While Nashville demonstrated a reasonable level of resilience, reestablishing operations within a few days, had this been part of a more elaborate attack, a complex coordinated attack, the disruption of communications could have had far more sinister and impactful results. The Nashville incident demonstrates a real vulnerability in critical infrastructure and technologies across the world and with direct impacts to an effective response.
“A Complex Coordinated Attack (CCA), also known as a Complex Coordinated Terrorist Attack, is a violent assault or series of assaults by one or more individuals or groups using one or more type of weapons with the intent to inflict harm on large numbers of people. While these type of attacks often result from various motives including terrorist ideology, the continued proliferation of CCAs overseas and domestically demonstrates that CCAs remain a concern for the conceivable future.”Department of Homeland Security, Complex Coordinated Attacks Action Guide
As previously stated, the physical bombing could be merely the opening of a more complex attack. A way to inflict a different type, and potentially more significant, longer lasting harm on impacted areas. Threat actors could use the destruction of a communications hub to disable a response from emergency services in a completely different, and seemingly unrelated area – to frustrate a response or to cause confusion and dilute responding resources. Potentially, while emergency services grapple with attempting to come back online, the “real” attack – a more brazen assault – could then begin. Imagine for a second a terrorist attack where a response from law enforcement is significantly delayed because responders don’t even know the attack is happening. Call centers are down, flights are grounded, medical records inaccessible, all because a telecommunications hub, possibly hundreds of miles away, left unguarded, was significantly damaged.
While it may be unrealistic for a variety of reasons to expect every piece of telecommunications equipment or critical infrastructure to be as hardened as a military or nuclear facility, the Nashville attack should offer an opportunity for leaders to assess their and facilities’ readiness, to discuss dependencies, cascading effects, and resilience with key stakeholders, and to consider whether their preparedness and security are at the appropriate level. Fortunately, Nashville was a limited incident, but it offers itself to future attackers as an opportunity for valuable lessons learned. Defenders will hopefully also extract and consider those lessons learned to better secure our critical infrastructure and the American public.
Understand the Threats.
Assess the Risks.
Take action! Our team is here to help you build the relationships and capabilities you need and to assist in the development of plans, training, and exercises to support your ability to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk to your organization in our complex, all-hazards environment.
Evan Pounder is an intern at Gate 15 with a concentration on work with WaterISAC. He is a third year Army ROTC cadet at the University of South Carolina majoring in finance, with minors in French and Military Science.