Don’t underestimate the power of cyberattacks
There’s a misconception in some public safety circles that cybersecurity is a concern penned off inside the virtual world that hackers steal credit card data and disrupt websites, but that their attacks can’t affect physical systems. John Halsema says that’s absolutely untrue. Halsema is a former U.S. Navy submarine commander and chief technology officer for the ARES Security Corporation, a firm that provides tools and security consulting to facilities that would be disastrous if breached like nuclear power plants.
The odds are stacked against the good guys, he said it’s a game of asymmetric warfare, in which every dollar spent by terrorists needs thousands in defense to stop it. Coordinated and costly operations like the Stuxnet attack on Iran’s nuclear facility are rare, but it doesn’t take an attack that sophisticated to cause severe damage or panic, Halsema said.
One scenario his company offers is a fictional cyberattack that disables a nuclear facility’s physical security systems. A cyberattack launched in coordination with a physical attack provides a “massive force-multiplier,” Halsema said, but a terrorist doesn’t even need to blow up a reactor to generate a level of political instability that could cause massive disruption to a society.
[As an attacker, I could] paralyze politically and economically, perhaps, without even shutting the power off,” Halsema said. “Because maybe I can get them to shut all the nuclear reactors down. Maybe I can convince them its another Fukushima and theyre going to shut down all the reactors in the United States. And if you did that, weve got a big problem. We cant produce enough power.”
How plausible is a scenario like this? Halsema says no one can be sure.
“The question of success is something I really dont want to go into,” he said. “But the probability of an attack is very, very high.
Continue providing updates through the event
There’s a phenomenon in emergency response in which there’s an initial surge of information, and then it stops almost all at once as channels become overloaded and people get to work. David Barnes, director of emergency management for Oklahoma County, says it’s critical that emergency managers make the most of their data sources and continue providing updates after the initial surge.
With all the new technologies providing various data streams today, Barnes said, managing the level of communication is a balancing act.
“At the outset, it’s going to go two ways,” said Barnes, whose agency covers Oklahoma City and the surrounding area. “You’re either not going to have enough information to make good clear decisions, or you’re going to be overwhelmed with a ton of information that forces you to sort through that information and actually determine what’s accurate.”
Having an abundance of information is a boon, Barnes said, and it’s important to continue using it through an event’s response.
As a former assistant fire chief, Barnes helped with coordination and response following the 1995 Oklahoma City bombing. A big lesson from that event, he said, was that “anything can happen anywhere.”
“I’m a really big proponent of awareness and to be adequately aware of any potential threat,” Barnes said. “Particularly with severe weather, it’s critical you have multiple sources of information. If you rely on just one and something occurs to it and the validity is compromised, you’ve got yourself in a serious situation. Technology definitely helps us improve that by giving us multiple resources for gathering that information.”
Public safety technology is made to be broken
Pete Gomez, Miamis Assistant Fire Chief, has more than 30 years of experience in public safety across multiple departments, but his evaluation process of public safety technology has remained the same test it until it breaks, then test it again.
Thats kind of what we do, Gomez said. Can we break it? I want to show somebody that it doesnt work, then have them fix it for me thats how we get these things to where they need to be. We do that will all kinds of things, like our self-contained breathing apparatus or our bunker gear.
A large portion of the tech Gomez and his team rely on now is network-connected, he said, causing equal headaches and successes in the field and even further examination into the durability of promising new technology.
When we deploy, were very dependent on IT connectivity, he said. A big component of ours is communication no matter where we go, where weve been and what weve done, communication at some point always fails us. Whether its long-term or short-term, we always have some kind of hiccup with communications, which I view as an IT component.
Gomez had the opportunity to put this strategy to the test earlier this year, he said, when he and his colleagues were invited to the states Emergency Operations Center in Tallahassee to explore the states newest situational awareness technology.
They brought public safety officials from across the state up there and said, Hey lets put this thing through its test, through its paces, find out its weaknesses and everything, Gomez said.
That style of testing breaking, repairing and breaking again and repairing again is standard for public safety officials, Gomez said.
A lot of times, you have to be very careful, Gomez said, because a lot of these technology companies will offer you the world. The tech person thats introducing it to you can slide through the systems when you go to use it, in reality, [the technology] is not as friendly.