Blended Threats: The Oracle Has Spoken!

In this blog, we’ve written a few times about the idea of “Blended Threats,” and some of the ways the critical infrastructure community is proactively leaning forward in planning for them – such as in the healthcare and higher education sectors.

Recently, there have been a few great examples of the types of complex threats and incidents that demonstrate blended threats. Keep in mind the definition of blended threat as you consider some of these recent updates: A Blended Threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

A Blended Threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

David Belson (@dbelson), Senior Director, Internet Research & Analysis at Oracle, posted an article on 06 August that provides a number of great examples of “cyber-physical” incidents.

  • “At approximately 20:00 GMT on July 2, the Internet Intelligence Map Country Statistics view showed a decline in the traceroute completion ratio and DNS query rate for Azerbaijan, related to a widespread blackout. These metrics gradually recovered over the next day. Published reports (ReutersWashington Post) noted that the blackout was due to an explosion at a hydropower station, following an overload of the electrical system due to increased use of air conditioners, driven by a heat wavethat saw temperatures exceed 100° F…
  • “Just a day later, Tropical Storm Maria caused an islandwide power outage in Guam, which disrupted Internet service on the island for several hours. However, Guam Power Authority (GPA) responded quickly once the storm had passed, with the Guam Daily Post noting that the GPA expected ‘to have substantial load for power restoration around 11 am…’

The blackout was due to an explosion at a hydropower station, following an overload of the electrical system due to increased use of air conditioners, driven by a heat wave

  • Venezuela experienced a large power failure that left most of the capital city of Caracas without electricity, which caused a disruption in Internet connectivity as well… both the traceroute and DNS metrics saw minor declines at around 13:00 GMT. Approximately two hours later, a Tweet from the country’s Energy Minister stated that 90% of the service had been restored in Caracas, and a subsequent Tweet several hours later explained that the initial fault in Caracas originated from voltage transformer control cables being cut.
  • A published report indicated that Houthi rebels disrupted Internet service to nearly 80% of Yemen by damaging a fiber optic cablein the port city of Hodeidah. The publication quoted a source from the Public Telecommunication Corporation, who explained ‘The cable that connects the country to the Internet was cut in three places in the districts of Al Kanawes and Al Marawya in Hodeidah as the Houthi militia continues to dig trenches in the area…’

Rebels disrupted Internet service to nearly 80% of Yemen by damaging a fiber optic cable

The complete Oracle post, Last Month In Internet Intelligence: July 2018, includes even more diverse examples of observed global incidents of blended threats.

The satellite communications… are vulnerable to hackers that… could carry out ‘cyber-physical attacks,’ turning satellite antennas into weapons that operate, essentially, like microwave ovens

Coming out of this year’s Black Hat USA conference, Ruben Santamarta (@reversemode) addressed the concerning potential of one type of “cyber-physical” attack. The Guardian summarizes: “The satellite communications that ships, planes and the military use to connect to the internet are vulnerable to hackers that, in the worst-case scenario, could carry out ‘cyber-physical attacks,’ turning satellite antennas into weapons that operate, essentially, like microwave ovens. According to research presented at the Black Hat information security conference in Las Vegas, a number of popular satellite communication systems are vulnerable to the attacks, which could also leak information and hack connected devices. The attacks, which are merely a nuisance for the aviation sector, could pose a safety risk for military and maritime users…”

The above are just some very recent examples of the increasingly interwoven fabric that is our modern society. For security teams, these incidents demonstrate that siloed security – archaic attempts to separate physical and cyber security, emergency management, and business continuity – won’t work in an ever-increasing connected environment. Teams need to understand threats and risks holistically, and then take appropriate preparedness and operational actions to mitigate threats and build resilience.

Understand the Threats. Assess the Risks. Take Action.

 


Maintain security and threat awareness via Gate 15’s free daily paper, the Gate 15 SUN and learn more about Hostile Events Preparedness and our HEPS Program here. Gate 15 provides intelligence and threat information to informroutine situational awareness, preparedness planning, and to penetrate the decision-making cycle to help inform time-sensitive decisions effecting operations, security, and resourcesWe provide clients with routine cyber and physical security products tailored to the individual client’s interests.  Such products include relevant analysis, assessments, and mitigation strategies on a variety of topics. 


“Last Month In Internet Intelligence: July 2018,” Oracle blog, by David Belson (@dbelson), 06 Aug 2018,  https://blogs.oracle.com/internetintelligence/last-month-in-internet-intelligence%3a-july-2018

“Hacked satellite systems could launch microwave-like attacks, expert warns,” The Guardian, by Alex Hern (@alexhern), 09 Aug 2018, https://www.theguardian.com/technology/news-blog/2018/aug/09/satellite-system-hacking-attacks-ships-planes-military