Blended Threats Are More Than Cyber-Physical: Natural Hazards Can Disrupt Critical Lifelines

Andy Jabbour, 21 May 2024

“The solar storm that brought the aurora borealis to large parts of the United States this weekend also broke critical GPS and precision farming functionality in tractors and agricultural equipment during a critical point of the planting season… These outages caused many farmers to fully stop their planting operations for the moment. One chain of John Deere dealerships warned farmers that the accuracy of some of the systems used by tractors are ‘extremely compromised,’ and that farmers who planted crops during periods of inaccuracy are going to face problems when they go to harvest… The outages highlight how vulnerable modern tractors are to satellite disruptions, which experts have been warning about for years.”

Jason Koebler, writing in the 404, Solar Storm Knocks Out Farmers’ Tractor GPS Systems During Peak Planting Season, 12 May 2024

We hear a lot about cyber-physical convergence these days. Those reports, warnings and best practices are good and needed, but also incompletely understand the challenge of Blended Threats, something we’ve been warning about for some time. As it’s been a while since we blogged on this, let’s start we restating what Blended Threats are.

A Blended Threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

For additional background, read our January 2018 post, “Blended Threats: Understanding an Evolving Threat Environment.” Blended Threats extend beyond cyber-physical threats, and appreciate that for true resilience, we need understand the all-hazards threat environment, interdependencies, cascading effects, and the potential crossover impacts from any domain into another. Most often, this manifests itself as a cyber threat causing physical disruption. For years, we warned about the theory of this type of threat – impacts of cyberattacks to healthcare and water for example – and now we see this reality play out across critical infrastructure. See a list of some of our previous posts below for more background.

As security leaders, we need to lean into the emerging threats, not just those we ran into last year, or those that we’re experiencing today. That is key for security, but it is also critical for business investments and securing our growth strategies. The pandemic demonstrated how a health threat can have numerous cascading effects on physical and network operations. The disruption reported in the 404 highlights our increasing dependence on operational networks and increasingly, on cislunar, space-based systems.

For vendors, focusing on cyber-physical systems makes sense – that is an immediate challenge and one that can be profitable for those selling security services. But for leaders, we need to think about resilience more holistically. We need to understand our supply chains, we need to understand our critical dependencies, and we need to understand our direct and indirect dependency on space-based assets.

As Jason wrote in the 404, Kevin Kenney, a farmer in Nebraska, told him, “all the tractors are sitting at the ends of the field right now shut down because of the solar storm… No GPS. We’re right in the middle of corn planting. I’ll bet the commodity markets spike Monday.” The article details the nature of the disruption. The takeaway for leaders trying to understand and ensure organizational resilience is that threats – be they purposeful or accidental – will increasingly be blended threats. Seemingly everything – from the watches on our wrists to the devices we endlessly use to the buildings and facilities we work in and visit, across critical infrastructure, and into our communities and homes – is reliant upon network resilience and space-based assets.

Canadian National Railway suspends service on some networks due to wildfires

No internet, no phone: Canada wildfires expose fragility of rural infrastructure

US suffers radio blackouts after being hit by ANOTHER solar storm, NOAA says

Beyond disruptions to networks and systems, blended threats can develop in numerous other ways as well. In today’s environment, one of the threat areas we closely monitor at Gate 15 is information operations, or commonly referred to as mis- dis- and mal-information (MDM) or influence operations. For years, we have seen individuals and groups acting in support of or on behalf of foreign governments use social media and fake news sites to enhance social divisiveness and influence people, groups, and elected officials. Just recently, the team at Sekoia wrote about an ongoing Russian influence operation, Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign, observing “a correlation between the number of articles published per country and events like domestic protests, decisions on Ukraine military aid or Russian sanctions, and national budget voting periods.” In this case, cyber operations are likely contributing to physical events and political decisions. We’ve seen similar efforts to cause divisiveness as Russia-aligned actors use social media and fake news or fringe sites to exacerbate political and cultural issues in the United States and worldwide. From the pandemic response to abortion, on social justice issues and police reform, and many other topics, information operations find points of stress and mass efforts on them to increase division and distrust and to influence public and political opinion. These types of efforts will surely increase in the build-up to the 2024 elections.

Blended Threats aren’t new. They’re also not going away. As leaders, we have a responsibility to try to understand blended threats, how they can directly and indirectly impact our organizations, and take reasonable efforts to reduce risk, minimize the likelihood and impact of disruption and, as we like to preach at Gate 15, protect our people, places, data and dollars.

“This is resilience: Doing the work up front to prepare for a disruption, anticipating that it will in fact happen, and exercising not just for response but with a deliberate focus on continuity and recovery, improving the ability to operate in a degraded state and significantly reducing downtime when an incident occurs.”

CISA Director Jen Easterly in “The Power of Resilience,” 09 Aug 23 (a quote we frequently reference)

To be resilient, leaders need to deliberately plan and prepare with unity of effort across their enterprise, and with an understanding of all-hazards and blended threats. Whether considering the potential direct and supply chain impacts of natural hazards to operations and critical dependencies, or if thinking about information operations and how those may create threats and risks within and directed at our organizations, leaders need to think broadly and think, well, bigly… It isn’t realistic to plan for every potential threat and disruption. It is realistic to identify our greatest risks, the threats that can bring those to fruition, and to take reasonable measures to protect our people, places, data and dollars and to position ourselves to be able to effectively pivot and respond and recover from whatever events and incidents we may encounter.

Understand the Threats.

Assess the Risks.

Take Action.

Understand the threats! Join the GRIP, listen to our podcasts, and stay informed!

Take action! Our team is here to help you build the relationships and capabilities you need and to assist in the development of plans, training, and exercises to support your ability to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risks to your organization in our complex, all-hazards environment.

Get to know Gate 15.

Additional background on Blended Threats: