back to article Massive cyber attack targets mid-Atlantic nation 'Berylia'

NATO and assorted partners have unleashed a massive cyber-attack on the fictional country of Berylia to test their ability to defend critical infrastructure against outside attacks. The virtual country will suffer its virtual attack under NATO's Cooperative Cyber Defence Centre of Excellence's (CCDCOE) Locked Shields 2018, …

  1. Voland's right hand Silver badge

    long the way disrupting “the electric power grid,

    Idiots. Cyber Defence center of W*nksellence is more like it.

    If a grid is under a successful nation state attack it is a DEAD grid. The key difference between a nation state and a K1DD10T in mom's basement is that the nation state can run the relevant computations for the failure modes and ensure that failure modes are destructive. The attack itself is only minutes by the way so by the time you know your grid is under attack the entire country is without leccy.

    It is not that difficult - it is just the standard grid optimisation and balancing software run for a solution matching "slightly" different criteria from the normal ones. The end result is potential physical damage to key substations and more importantly generation capacity going into emergency shut down due to being cut-off from the grid by overload switches (with once again potential damage).

    It is a bit harder today - the computation was in the realm of trivial if you had the right consumption data + topology in the days of resistive lights. Still doable if you are a nation state and you are really attacking at a level where you can disrupt it.

    So if Russia (or any other nation state with similar resources) is whacking "W*nkillia"'s grid for real that grid is not getting up any time soon.

    By the way, that does not mean that we should provide them with tools to do programmable load pulsing - namely hackable smart meters with built in switches.

    1. Anonymous Coward
      Anonymous Coward

      The load management (including "loss of load") of any modern and properly invested grid is actually rather good, given that it has to cope with all manner of instantaneous disruptions from lightning, substation failure, wind and tree damage, as well as vast swings in the output of renewable power. So all the doom and gloom of "damaging the infrastructure" is wildly and deliberately overplayed - if you've got a raddled old grid controlled by a few vulnerable SCADA setups, then yes, damage is possible.

      Certainly, a determined cyber attack would have consequences, but the idea of a grid keeling over for days and weeks is mostly alarmism. If you're at war, the logical way of attacking the power system is not trying to piffle around with hacking (wouldn't take too long to disconnect assets from public communications networks) but through traditional kinetic means, whether through sabotage or direct military strike. Hit the pinch points, and where assets are difficult and expensive to repair, and THEN you can disrupt a grid for weeks.

      1. Voland's right hand Silver badge

        The load management (including "loss of load") of any modern and properly invested grid is actually rather good,

        You are mistaking load management and on/off sequences specifically designed to "break" the grid.

        Each grid has them and there are ways to model them - you can get the results either by solving the original optimal control problem for the grid (with different conditions) or from a Monte-Carlo simulation. You can do similar sh*t with most large networks which have active traffic management by the way regardless of what they carry - leccy, packets, gas or oil (*).

        It is one of those things which make the difference between a scripting k11d10t and a nation state.

        A nation state can employ mathematician(s) which specialize in one of the areas relevant to this (differential games/game theory, optimal control) and give him the relevant data on the enemy so they can come up with the appropriate destructive sequence.

        Knowing personally the teachers of the people who will be doing the math on the other side I am giving Beryllia's grid under 5% chance to survive (if the Russians decide to play hardball with it). By the way - we can do it to. Or just ask the Israelis to do it for us.

        but the idea of a grid keeling over for days and weeks is mostly alarmism.

        That would have been correct if the Smart Metering priests did not throw out a key security criteria in the comms part of that infrastructure during the security review - namely speed of update/speed of reset. As noted by me at the time (and many others) there is a key issue with the idiotic design driven through by the Retail Energy Association and forced upon all of us. Namely, it will take several days to perform a pan-UK switch on/off command update and MONTHS to perform a pan-UK software update. So if you plan your attack properly and backdoor enough SMs to run an attack sequence the grid WILL BE GOING UP AND DOWN LIKE THE BRIDE'S NIGHTY. Regardless of all the advances in automation.

        (*)(I have done some of the "tradesman" level coding for the math in this problem space a while back. It is quite an interesting area and most people who think that "realtime engineering load control" without the math can work here do not know what they are talking about as well as what they can face in a real attack.

  2. frank ly

    Proper simulation

    Did the government of Berylia activate its bot army to post 'influencing' material on Facebook, Twitter and other platforms? Did they pay for ads intended to influence public opinion?

    If we got to this situation for real, would Facebook, Twitter, etc, come under government orders to block/delete postings from known or suspected hostile sources?

    1. Voland's right hand Silver badge

      Re: Proper simulation

      Did the government of Berylia activate its bot army to post 'influencing' material on Facebook, Twitter and other platforms?

      If the attacker successfully executed a grid attack, 4G network attack and/or primary peering points attack the bot army might as well talk to its bottom. Nobody will hear it for days. At least.

      The recovery time for an average country grid after a complete collapse is anything between tens of hours and days. If you successfully wipe the PCRF and/or the authentication information in a mobile core, bringing it back online is once again a matter of hours (even more so if power supply has issues), etc.

      The whole idea of "exercises" with the current level of infrastructure readiness is preposterous. You have to have SOMETHING to exercise to start off with.

      1. DJ Smiley

        Re: Proper simulation

        Or if you're Costa Rica, or any country without what we like to think as 'first world services' - years later.

    2. Destroy All Monsters Silver badge

      Re: Proper simulation

      > Proper simulation

      Yes, random loud and disjointed press releases by blond, somewhat fatty and unhealthy-looking "Foreign Ministers" were successfully generated by a templating engine.

  3. hplasm
    Meh

    In short then-

    Playtime for Cryptokids and Cyberbosses...

    1. Nick Kew

      Re: In short then-

      Exploring ideas for the next set of accusations against Russia, China, or other prospective Bogeyman?

  4. Anonymous South African Coward Bronze badge

    Hey, who turned off the li

  5. Anonymous Coward
    Linux

    Sorted!

    So long as "Berylia" is running Linux on all its critical national infrastructure then there's nothing to worry about.

  6. Doctor_Wibble
    Black Helicopters

    Coincidence, I think not...

    One of the botnets that tries to log in to mail servers sprang into life a week before the exercise, and then quietened down again just as the exercise started.

    So either I've uncovered an extreme conspiracy that the authorities haven't spotted, or they have been pre-testing themselves against my facilities, in which case who do I contact to demand compensation for the inconvenience, using my electricity and obviously all the emotional distress...?

    No such thing as coincidence! De facto hiccup ergo propter QED, you know it makes sense.

  7. Rich 11

    "the British Joint Army"

    What were they smoking when they came up with this name?

    1. Voland's right hand Silver badge

      Re: "the British Joint Army"

      What were they smoking when they came up with this name?

      A joint.

  8. Michael H.F. Wilkinson Silver badge
    Coat

    An attack on the Duchy of Grand Fenwick will be dangerous, as they apparently are in possession of the only Q-bomb (and have a standing army of a score of longbow archers in rusty chain mail). Better try the Kingdom of Lancre instead (and face Shawn Ogg (unless he is on butler duty))

    I'll get me coat

    1. ArrZarr Silver badge

      The folk of Lancre are a pragmatic lot, and they know the place a lot better than any aggressor. You'd be doomed before you knew it and that's even if you don't annoy the witches.

    2. Lee Mulcahy

      They do indeed have the Q-bomb. I built it myself in my high school prop department lab (the electronix class lab). Such fun!

  9. Mahhn

    Never forget Berylia

    NATO and all it's corrupt governments will turn on you and make you a slave more than you already are. Tyranny is all the coked up greedy know, that run these governments.

    There is no god, no peace, only greed and we shall destroy all those that rebel.

    Lust for wealth, oil, gold, all your resources shall be subject to law, and by law I mean taken from you.

    Death to hope!

  10. amanfromMars 1 Silver badge

    The Power of Sophisticated AI .... An Energy that Churns and Spurns Limiting Commands

    The Next Generations' Weapons are Immaculately Trained Tools which existing Defence and National Security Systems are Unable to Counter Effectively or Deflect from a Dynamic Course with any Phorm of Practical or Virtual Defeat.

    And a little something Spooky for NATO and the British Joint Army to try and defend themselves against whilst trying to engage and employ the talents of their AIdDriver Programmers and Core Source Providers .... which they may or may not have also in-house and on permanent call for exclusive access to future executive action and Global ACTivity.

    You're taking a technology with unlimited potential and letting it run free on experimental networks that cannot be controlled or destroyed.

    If the Rise of an All Powerful Artificial Intelligence IS inevitable, well it stands to reason whenever they take power that our digital overlords will punish those of us who did not help them get there. ..... The Gospel According to Gilfoil of Pied Piper, Silicon Valley :-)

    Quite whether Advanced IntelAIgents would wish to waste time and energy punishing the less than well enough enabled and clueless to the shenanigans of these Greater IntelAIgent Games, is not something that I Imagine would normally interest an Almighty Powerful Force and Immaculate Source.

    Others may see things differently though ..... because of the phantom daemons they be dealing with.

    Did that Ordnance strike a Vital Target?

  11. Anonymous Coward
    Anonymous Coward

    > "NATO and assorted partners have unleashed a massive cyber-attack on the fictional country of Berylia"

    Should read "NATO and assorted partners have unleashed a massive cyber-attack on a simulated Bermuda, the West's favourite tax-haven and offshore bank."

    Somebody must be worried the Russians are coming to hit them in the wallets.

  12. Anonymous Coward
    Terminator

    For the attention of NATO ..

    NATO and assorted partners have unleashed a massive cyber-attack on the fictional country of Berylia to test their ability to defend critical infrastructure against outside attacks.”

    For the attention of NATO .. don't connect your electric power grid, 4G public safety networks, drone operation and other critical infrastructure components directly to the Internet.

  13. Anonymous Coward
    Anonymous Coward

    Militarising the universities

    Many years ago when I was a postgraduate at a prestigious university, all the academics there were very much opposed to cooperating with the military. In fact, many of the computer science staff put explicit bans on military use of their research and code - often emulating G. H. Hardy. Although I later worked for the military, I always respected their position and over the years become much more sympathetic to it.

    Looking through the participants of Locked Shields I notice that there are many academic institutions - which makes me wonder about the volte face in the culture of the universities, and the freedom of academics to make such stands.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon