back to article Cyber-terror: How real is the threat? Squirrels are more of a danger

The UK Chancellor George Osborne last week announced that the British government plans to double cybersecurity spending and establish a single National Cyber Centre. Cybersecurity spending will rise to £1.9bn ($2.87bn) at a time of budget cuts to police and other government departments. More details are expected to come in the …

  1. Brian Miller

    It's all about the blinky lights

    If it blinks, then it's important. If it doesn't blink, it isn't important. That's why prevention against rodents gets zero funding, and non-existent cyber threats get lots of funding. Cyber threats mean blinky lights. Squirrels, not so much.

    (When I worked at a giant Redmond company, a squirrel did, in fact, chew its way into a power conduit and take out the power to our building. The power was out for several hours.)

    However, cybersecurity should be targeting data leaching by criminals. What's our success against that? From reading the news, not so much. A lot of the problem is with developers who don't care about security at all. I recently quit a job, where, really, the lead dev scoffed both at testing his software and implementing security. Yes, truly!

    1. Anonymous Coward
      Anonymous Coward

      Re: It's all about the blinky lights

      Squirrels are also really fond of chewing on fibre cables. I've seen more than one outage caused by a squirrel.

      1. Rich 11

        Re: It's all about the blinky lights

        Just last week we had to stuff tubes with wire wool to stop rats from gnawing through any more fibre shielding. That's only a stopgap measure and the exterminator won't be able to kill all of the little fuckers forever, so we'll have to splash out on armoured cabling before long.

        1. Phil O'Sophical Silver badge

          Re: It's all about the blinky lights

          we'll have to splash out on armoured cabling

          Armoured cabling? How very passé. Surely the best solution would be armed guards in the basement to shoot the little buggers when they get in, a new listening post to detect any rodents in the area that might have a taste for PVC, and a major extermination offensive to bomb all rat nests within 20 miles?

          1. Bernard M. Orwell

            Re: It's all about the blinky lights

            How about we create a massive database of all rats, take DNA samples, issue them with RFID cards, put CCTV on every sewer corner and hire an array of analysts to model the mass behaviour of all rats, from cradle to grave?

            Surely that way we'd be able to spot the particular rats that chew on your cables?

            Might cost a few bob, but totally worth it...

            1. Anonymous Coward
              Anonymous Coward

              Re: It's all about the blinky lights

              My money's on poison gas, shooting would require too many skilled marksmen.

              For a primer, check out this wonderful duet performance by the Flight of the Conchords

              https://www.youtube.com/watch?v=2IPAOxrH7Ro

              Although the target wasn't rats or squirrels ....

          2. Ken 16 Silver badge
            Childcatcher

            Education

            No, bombing them won't help anything, a campaign of education is needed to de-radicalise these rats and direct them towards safer outlets for their aggression.

            1. Major N

              Re: Education

              Are these 'safer outlets' 230v?

          3. matrix29bear

            Re: It's all about the blinky lights

            Actually the solution is way easier than armed guards.

            Get some popcorn, toss it on the floor around mice traps. On the mouse trap, glue some hard candy to the trigger pad. The mice eat the popcorn and go straight for the candy.

            Don't want all that mess? There is an even cheaper & simpler solution.

            OATS + Plaster of Paris (or powdered drywall paste or cement powder).

            Take your bag of oats, mix with powder-to-rock at a 50% ratio. Place in an open, dry location.

            Mice eat the oats, gobble up the powder-to-rock dust, their guts turn into concrete, they usually die less then 10 feet from the bait location. Just add more oats and mix when the oats run low. 100% environmentally friendly, inexpensive, reusable, does not poison predator animals.

        2. Dr Dan Holdsworth

          Re: It's all about the blinky lights

          Innovative chemistry is the answer here. All we really need do is add a chemical that tastes absolutely appallingly vile to the cable insulation (and believe it or not, there are chemicals known as stenching agents that are certified to do just this) and together with a distinctive odourant, we have a way of teaching rodents not to chew cables.

          Or more exactly, a way to teach rodents not to chew cables thus protected, thus turning them to our less-innovative competitors' cables...

          1. Steve Davies 3 Silver badge

            Re: It's all about the blinky lights

            Adding such a chemical is only (at best) a stopgap measure.

            Those darn critters have developed resistance to god knows how many different 'rat killer' chemicals.

            They'll soon start trating it as a nice little snack.

          2. Mage Silver badge

            Re: It's all about the blinky lights

            Tabasco. Or related super hot chilli

            Rats, Mice etc can't stand it. Only humans eat it.

            1. Marcus Fil

              Re: It's all about the blinky lights

              Wrong. I used to live in the W Midlands - local mice poo-ed curry pellets; I guess they adapt to what is easily available.

            2. Caustic tWit

              Re: It's all about the blinky lights

              No luck here with the super hot chili - raccoons and red squirrels not discouraged at all. Physical interdiction far more effective, and satisfying.

              edit: I shall try the oats & cement powder .

          3. Anonymous Coward
            Anonymous Coward

            Re: It's all about the blinky lights

            I have a bad feeling about this chew-protected cabling. Nature tends to adopt, and rats particularly quickly. How fast will they evolve into passionate fans of this particular dis-taste?

          4. mstreet

            Inovative Chemistry...

            A similar method could be used against the jihadists...

            Spray all their food sources with a chemically reduced form of bacon. I bet blowing oneself up for the cause, won't seem like such a good idea, when their ticket to the afterlife country club is revoked by their own anti-pig bias.

          5. Anonymous Coward
            Anonymous Coward

            Re: It's all about the blinky lights - Innovative chemistry is the answer here.

            BICC and others have made PTFE insulated cables for ages that deter termites, rodents and cockroaches. I remember ordering them for equipment to go to India and Africa back in the early 1980s.

            One advantage is that if anything does manage to chew through cables and they touch, the resulting heat produces enough fluorine to kill the perpetrator right there and identifies the particular agent responsible.

        3. This post has been deleted by its author

          1. IanDs

            Re: It's all about the blinky lights

            A cat took out our local substation, which is when we learned how long our UPS would keep the servers running (answer: not long enough). Leastways they thought it was a cat, going by the crispy burnt bits left when it got into the 11kV busbars...

          2. Richard Taylor 2

            Re: It's all about the blinky lights

            I solved our rat/mice problem by getting a company cat. We even claimed the VAT back on its food.

            No joke. Two cats are important members of our team in a very small development data centre. Their sister does sterling work in our house. Very popular players. And yes, we also get VAT back on food, vets and claim them as a valid expense. We were pulled up by HMRC on this about 2 years ago (a fractional part of a fractional part of 1% of our turnover - but at least HMRC were reading the returns.......)

            ps - no cute cat icon?

          3. matrix29bear

            Re: It's all about the blinky lights

            Symon: "I solved our rat/mice problem by getting a company cat. We even claimed the VAT back on its food."

            I know a kitty cat that likes to pee sideways on walls to mark territory.

            Kitty cat decides to mark the server rack... BZZZT... just don't whizz, please don't whizz, on the electric fence... BBBBBZZZZZZZTTTTTT... (sounds of cat being electrocuted as the server racks of the company go down)

          4. duncangareth

            Re: It's all about the blinky lights

            In about 1989, a friend of mine worked for a mainframe bureau in the east end of London. He told me the saga of the manager who came up with the solution to their insulation-gnawing short-circuit-causing rat problem: he went out and caught a gnarled scar-riddled old bruiser of an alley cat and let him loose in the elderly basement which housed the 'frame and its miles of ducted copper. Soon all the rats were either dead or in a state of shocked hiding - Old Moggy has slaughtered all of those who couldn't escape in time. Unfortunately, he caused an even greater problem by marking his territory, especially in the wiring ducts; there are few substances more conductive of electricity than cat piss.

        4. breakfast Silver badge

          Re: It's all about the blinky lights

          You can just find teams of adventurers on their tutorial level and send them down to deal with the rats. A simple, classic, solution.

      2. Chris King

        Re: It's all about the blinky lights

        Squirrels also cause havoc in electrical substations - they like to snuggle up to the big warm buzzy thing, but they only get to do that once and usually trip the breakers after getting 25+kV where 25+kV isn't meant to go (i.e. any part of the squirrel).

    2. Mark 85

      Re: It's all about the blinky lights

      However, cybersecurity should be targeting data leaching by criminals. What's our success against that? From reading the news, not so much.

      It's all about feel good and it will get them more budget money by invoking the Daesh after the Paris attack. As the article mentions, these type of attacks could be outsourced.. to the crims. If they actually targeted the crims, we all could breathe easier knowing our bank accounts were safer but there's more press invoking the Daesh and some vague cyber-threat.

      1. Destroy All Monsters Silver badge

        Re: It's all about the blinky lights

        > our bank accounts were safer

        As long as central banks exist, no.

        1. Michael H.F. Wilkinson Silver badge
          Joke

          Re: It's all about the blinky lights

          The machines should also go "PING" from time to time, of coruse

      2. AlbertH

        Re: It's all about the blinky lights

        Actually, it's more about "jobs for the boys" as usual. The usual suspects will be invited to bid for the Billions - anyone with any actual ability or experience will be excluded. It'll just be yet another inordinately expensive Government IT failure and lots of people will line their pockets for doing little or nothing!

    3. g e

      More about creating a 'Cyber defence structure'

      You know, with network taps and fuckloads of buffered data storage with machine AI flagging and xrefing shit for you...

      Coupled with backdoored encryption, natch.

  2. nsld

    Furry buggers

    Like to chew on our phone line, I doubt we will see the same problems with the medievel terror bastards of ISIS/ISIl/DAESH etc.

    1. Dadmin

      Re: Furry buggers

      The people of <insert any middle east country here>stan have to dress up their women in giant tarps so they can avoid being raped constantly. And this is in a wacked-out country which is only church+state. Religion, so full of pride and bullshit all at once.

      Thanks to El Reg for hipping me to the squirrel-threat-actors!

      For the NSA: The squirrels are coming for you. They're coming...

    2. Danny 2

      Re: Furry buggers

      In honour of the Randall Munroe interview here, Squirrelphone.

  3. Chris Miller

    One would hope that control systems for nuclear reactors aren't directly connected to the Internet. Nor our military command and control systems at Northwood. One could be wrong, of course.

    1. Anonymous Coward
      Anonymous Coward

      Yeah, one would hope that the powers that be aren't complete fucking idiots. Alas, that hope is a bit optimistic.

    2. Crazy Operations Guy

      Typically the reactor control systems are either going to be old PDP and System/360 boxes or just tiny purpose-built clusters of transistors and logic chips. Its rare to see a Nuke plant with TCP/IP running, let alone anything even remotely connected to the internet.

      Some plants will have regular desktops scattered about for use by the Reactor Control staff, but those don't do anything all that important and are usually there for recreation and communicating between staff and sometimes between the plant and the utility operators.

      But even if the plants get hacked, the technicians are still there monitoring everything via mechanical gauges and have the ability to switch over to purely manual control.

      1. Anonymous Coward
        Anonymous Coward

        "Typically the reactor control systems are either going to be old PDP and System/360 boxes or just tiny purpose-built clusters of transistors and logic chips."

        Historically correct, but it's not been applicable in recently built setups. Even in the 1990s commercial computer stuff was being proposed for monitoring systems in the UK (*not* for control systems) by outfits like Ferranti (who rather inconveniently went bust during the procurement process for the Magnox refurb).

        Jim Austin (Professor of Computer Science at York) has a private computer collection which includes some original-style systems from a nuclear power station.

        http://www.computermuseum.org.uk/

        In the News:

        "12 June 2010

        The Marcconi Transistorised Automatic Computer (TAC) has arrived. This machine ran from 1966 for 38 years in Wyfla nuclear power station on Anglesey."

        1. IanDs

          A Russian guy I met in Israel told me he'd seen a nuclear reactor in the USSR controlled by a pneumatic computer, with all the gate functions realised by compressed air. Filled a room, noisy as hell, got round reliability problems using redundancy and majority voting to the point where a faulty module could be found and replaced while it was running the program without interruption.

          Why bother? You don't get anything more rad-hard than something with no electronics in it at all...

          1. Martin Budden Silver badge
            Thumb Up

            A Russian guy I met in Israel told me he'd seen a nuclear reactor in the USSR controlled by a pneumatic computer

            A computer you can literally patch with duct tape - I love it!

        2. Crazy Operations Guy

          "Historically correct, but it's not been applicable in recently built setups"

          My experience with such systems is US-based plants, so anything deployed is going to be from the TMI / Chernobyl days and would have those old systems. Of course there are much more modern plants around (In the US, they would have had to have been built and complete between the time that Americans forgot about TMI but before Fuck-up-shima was mismanaged into slag.

    3. P. Lee

      Well if unplugging them can save billions

      Just unplug them.

    4. SGJ

      Cyber Security at Civil Nuclear Facilities Understanding the Risks

      A recent report from Chatham House is an interesting but scary read.

      https://www.chathamhouse.org/sites/files/chathamhouse/field/field_document/20151005CyberSecurityNuclearBaylonBruntLivingstone.pdf

      Findings, based on research which included interviews with industry practitioners, include the following gems:

      "... nuclear plants may lack preparedness for a large-scale cyber security emergency, particularly if one were to occur outside normal working hours."

      "A large-scale cyber security emergency occurring at night could be particularly dangerous."

      "Often, nuclear facilities will have undocumented connections to the internet (i.e. connections of which the plant managers or owner-operators are unaware); these too can provide potential pathways through which malware can infect a nuclear facility."

      "... network diagrams of nuclear facilities that map out existing connections are frequently incorrect; there are often a number of additional connections that have not been documented."

    5. Anonymous Coward
      Anonymous Coward

      What a Cock-Up

      All of London's road Tunnel control systems are completely open to the 'net. You want to cause chaos? Close the tunnels for a few minutes at peak times. It takes the whole day to recover and the economic effects will be far worse than could be achieved with any bomb.

      The management of TfL have been warned about it, but they don't understand the risks - "if it's IP it must be good"..............

  4. Doctor Syntax Silver badge

    Judging by the reports of SCADA kit being exposed to the net skiddies would be as much of a threat as anything.

    1. Chris King

      SCADA kit with an unpatched, default OS install that was never intended to connect to a network. I saw this happening with VAXes over 20 years ago, and as good as VMS was back then, it still had occasional nasties in the TCP/IP stack - UCX, Multinet, TCPWare, it didn't matter.

  5. Palpy

    Cyber attacks are demonstrated.

    Because Stuxnet.

    I agree that Daesh / ISIL doesn't have the skill set to play at the level. And they won't get there -- their focus is sensational bloodletting, not cutting power to Liverpool.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cyber attacks are demonstrated.

      Cutting power to Liverpool would lead to sensational blood letting - especially if there is a league game that day.

      1. Nigel 11

        Re: Cyber attacks are demonstrated.

        So are suicide squirrel attacks.

        One of them managed to trigger a cascade failure that took out most of the USA east coast power grid for several hours.

        If a squirrel can manage that, just imagine what a platoon of suitably indoctrinated IS recruits might accomplish by immolating themselves on our power lines.

        1. Chris King

          Re: Cyber attacks are demonstrated.

          "If a squirrel can manage that, just imagine what a platoon of suitably indoctrinated IS recruits might accomplish by immolating themselves on our power lines"

          Would chewing through power cables allow then to achieve martyrdom though ? I'm now imagining a bunch of loons in Tufty costumes climbing substation fences...

      2. LucreLout
        Pint

        Re: Cyber attacks are demonstrated.

        Cutting power to Liverpool would lead to sensational blood letting - especially if there is a league game that day.

        Tinned beer and battery radios to the rescue. Liverpool has disaster recovery in place!

    2. Anonymous Coward
      Anonymous Coward

      Re: Spider attacks are demonstrated.

      I prefer the substitution of "spider" for "cyber" in any and all documents,

      it immediately allows you to judge rationally just how made-up is the document

      after all, especially in the autumn, many homes suffer spider-attacks, leading to an increasing need for spider-defences and improved spider-security; but I haven't yet met any spider-jihadis even after living in batshit mad Saudi Arabia for several years

      1. Danny 2

        Re: Spider attacks are demonstrated.

        "I prefer the substitution of "spider" for "cyber" in any and all documents"

        My council IT dept. was called out for months when the security system in the server room tripped. It turned out to be a beetle (not a Beatle) making it's home in the warm sensor.

  6. Pompous Git Silver badge

    Making sense...

    PJ O'Rourke once wrote words to the effect that the USA has an uncanny knack of identifying its enemies and then invading the country next door. For our politicians to do anything other than what they do would be to risk making sense.

  7. Mage Silver badge

    Forget Cyber terrorists

    The West more likely to shoot own feet off by outsourcing IT that should be core part of business. e.g. RBS?

    Or paying Google / Amazon / MS etc to host stuff instead of co-lo servers in different datacentres owned by different companies.

    We are doomed not by terrorists (clue in name) but by our own stupidity,

    1. tom dial Silver badge

      Re: Forget Cyber terrorists

      "We are doomed not by terrorists (clue in name) but by our own stupidity,"

      Or possibly cupidity or, more likely, the latter, augmented mightily by the former.

      1. The Travelling Dangleberries

        Re: Forget Cyber terrorists

        Take a leaf out of the CIAs handbook. You need a cat, a piece of string, a rag soaked in a mix of volatile and less volatile hydrocarbons, a match and a tinder dry forest.

        Tie the rag to the cats tail with a piece of string, set light to the rag with the match and watch that cat run through that tinder dry forest.

        A few cat arsonists running around on a dry summers day in say California would cause the local firefighters to empty the local water reservoirs a lot more quickly than any potential cyber attack on the dam sluice gates.

        It is just another attempt (probably a successful one at that) to enslave us with more draconian cyber laws that will remove that last vestiges of privacy from our lives.

        1. tiggity Silver badge

          Re: Forget Cyber terrorists

          You would be better with a rag dangling drone or some other device that could be human steered.

          Behaviour of a cat with something fiery attached to it is likely to be a tad unpredicatble (typo intentional), though a high probability it will go exactly where you do not want it to go.

          1. The Travelling Dangleberries

            Re: Forget Cyber terrorists

            @tiggity

            "You would be better with a rag dangling drone or some other device that could be human steered."

            I don't think so. The cat runs as fast as it can away from the fire. A cat will cover a considerable distance before it either tires or the rag burns out. A cat cannot be hacked into nor disabled in the same way a drone can. A cat can run through a forest much faster than anyone can fly a drone through a forest. You would be unlikely to be able to trace the person who set fire to the cat in the same way you could gather data on the person controlling the drone. A cat runs on the ground thereby maximising the contact between rag and the ground. Finally, a cat is much cheaper than a drone and can be acquired without leaving a trail of evidence (financial transactions etc).

            1. Ken 16 Silver badge
              WTF?

              Re: Forget Cyber terrorists

              You have spent a lot of time thinking about this obviously.

            2. phil 27
              Thumb Up

              Re: Forget Cyber terrorists

              Use a drone, this is the interwebs, we like cats remember.

            3. Anonymous Coward
              Anonymous Coward

              Re: Forget Cyber terrorists

              Unless, of course, the cat decides to climb a tree. Cats are notorious for that. Plus they can be led astray by the presence of other animals (unlike a pre-programmed drone which can't be hacked because there are no ingress points).

  8. Shady

    Contractors

    Ah, so this is why the Chancellor wants to skim £400 million / year from contractors? To fight ISIS on Twtter? F. F. S.

    1. Anonymous Coward
      Anonymous Coward

      Re: Contractors

      I'd like to know exactly what the government plans to spend this money on. It isn't like they manage the power networks is it? Are they planning to give it to the companies involved in critical services?

      I have ears on the ground and whilst there are plans afoot to improve security in certain areas, the amount the penny-pinching is beyond belief, and the amounts in question are the tiniest drop in the ocean compared to the figures the gov. is bandying about.

      So where is the money actually going to go?

      1. Anonymous Coward
        Anonymous Coward

        Re: Contractors

        I can only conclude from my own personal experience that any budget is going on a new CYBER division staffed by CYBER SPECIALISTS who have proven ability in CYBER turning on a windows machine and doing CYBER things with it, and for added CYBER effect we're not even talking wearing giant penis costumes in second life.

        People are prepared to do almost anything to get into the CYBER teams because they think it's some kind of magic bullet against the beancounters axe, when in fact its completely the opposite inside the department concerned, the cost cutting is shocking.

        Meanwhile some 12 year old will be p0wning their network because he knows more about sqli than was glossed over in some crappy powerpoint training course that all the poor cannon fodder who were cheapest to recruit got so they could be declared "trained". And stiff emails might have to be written. Oh the horrors of it!

    2. Anonymous Coward
      Anonymous Coward

      Budgets

      Just think of how many stray cats could be rounded up for 400 million a year. And we'd all feel safer.

  9. Anonymous Coward
    Gimp

    I think that squirrel image needs an offensive "thumbs up, black flag!" icon.

    Meanwhile, ISIS-kinda-sorta-supporter Turkey engages NATO because Russia is blowing up Turkmen in Syria on behalf of Assad. It's getting fucked-upper.

    Oh, I forgot:

    None of these attacked industrial control systems. The only example of a software nasty deliberately wrecking equipment that we all know about is the infamous Stuxnet worm

    You forgot about: Hackers pop German steel mill, wreck furnace, an attack with clear intent - and success.

    1. The Travelling Dangleberries

      Re: I think that squirrel image needs an offensive "thumbs up, black flag!" icon.

      Although if you read the article the attack was as a result of a successful phishing attempt not a brute force attack on the company's firewall. That the company had not air-gapped the network controlling production machines is an example of bad practice which made the situation worse.

    2. Vic

      Re: I think that squirrel image needs an offensive "thumbs up, black flag!" icon.

      Turkey engages NATO

      I don't think they did...

      Vic.

  10. Anonymous Coward
    Anonymous Coward

    The government's total cyber spending will be more than £3.2 billion...

    Anyone know how to climb aboard this loony gravy train?

    1. Anonymous Coward
      Devil

      Re: The government's total cyber spending will be more than £3.2 billion...

      Start by getting a CISP certification. See if you can get interviewed by a TV station "man in the street" camera, and say "I think our leaders are misunderstood and are really just trying to protect us from pedophiles and terrorists." Visibly have a copy of the Daily Mail tucked under your arm during the interview. Once your soul is effectively sold, then send your resume in to the GCHQ.

    2. FlamingDeath Silver badge

      Re: The government's total cyber spending will be more than £3.2 billion...

      Yeah, create a company that does unscrupulous Astroturfing, no questions asked

  11. Rafael 1

    Why? Inquiring minds want to know

    Why www.cybersquirrel1.com when www.cybersquirrel.com is available (at least for the next 45 minutes)?

  12. JustWondering
    Meh

    No Kidding!

    Just like Die Hard 4.0? Sounds legit.

    1. Steven Raith

      Re: No Kidding!

      I came to say exactly the same thing; Die Hard 4 isn't even a good example of a functional story/movie, never mind research on OpSec.

      BitDefender, consider yourself removed from any future consideration of any security software, period. If you can't even keep a leash on your PR people from ridiculing yourself, I dread to think how you keep on top of the herd of cats that would be your dev/research teams.

      And instead of spunking billions on 'cyber security' (for fucks sake, cyber-anything sounds like a joke - try using your grown up words, ministers) how about instead just making outrageous security snafus like Superfish and eDell criminal offences backed up with nine-figure fines per month the devices are on sale. After all, it's not like Dell have huge contracts in the civil service and military where having your secure connections utterly pwned might be considered problematic or owt, you know.

      That way you can *make* billions when the ODM/OEMs fuck their security up so badly that it enables that kind of attack, which is where the problem really lies.

      Steven R

    2. DropBear
      Trollface

      Re: No Kidding!

      "...like Die Hard 4.0"

      Worse, much worse - the Vogons could show up any moment (let me see you prove it couldn't happen) and we're completely unprotected! Quick, let's spend a few more billions building some Arks!

      1. Richard Taylor 2

        Re: No Kidding!

        Bloody right - but with a 'C' ark designed for politicians and senior civil (or not) servants

  13. harmjschoonhoven
    Facepalm

    Re: Humanity has clocked up just one.

    This must have been the 2014 Darwin Award Nominee:

    (19 May 2014, Arizona) The mummified remains of a man discovered in a Tucson manhole tell their own poignant story. In May the manhole was opened to investigate a fluctuation in electrical power. According to records kept by Tucson Electric Power the manhole had not been opened in the past five years, so the team that entered the underground high-voltage vault was quite surprised to find the dessicated remains of a man slumped near cut copper wires. In his shriveled hand was -- can you guess? -- a bolt cutter. An autopsy confirmed the obvious conclusion that electrocution was the likely cause of death. The date of death was set at somewhere between one and two years previous to the discovery.

    1. Destroy All Monsters Silver badge

      Re: Humanity has clocked up just one.

      The Miskatonic Manhole!

    2. Sieberana

      Re: Humanity has clocked up just one.

      Cable theft is a huge problem in South Africa. Thieves steal any and all copper wiring and piping they can lay hands on, which costs the economy billions, disrupts business and communications, and also leaves us with some delightful internet images of careless thieves (usually unidentifiable).

  14. Allan George Dyer
    Paris Hilton

    "Neither Russian nor China (the UK’s most capable cyber-espionage adversaries) " - So the USA isn't an adversary, or isn't capable? The fact that GCHQ gives the USA sensitive intelligence doesn't make them any less likely to act against UK interests.

    1. amanfromMars 1 Silver badge

      If you can think it, it is quite possible and therefore most probable and not at all unlikely

      "Neither Russian nor China (the UK’s most capable cyber-espionage adversaries) " - So the USA isn't an adversary, or isn't capable? The fact that GCHQ gives the USA sensitive intelligence doesn't make them any less likely to act against UK interests. .... Allan George Dyer

      If GCHQ feeds them the right smarter sort of sensitive intelligence, does the USA and any puppet executive administration acting as if a nation, becomes the UK's bitch, or really just GCHQ's. Is that a sensitive Gareth Williams North Face holdall type secret uncovered and discovered made readily available in the wild to any Tom, Dick or Harry, friendly renegade and independently minded rogue?

      Such a lesson and fact is surely not entirely unknown to more than just wannabe super efficient boffin types batting and battling for an Almighty Masters and Blighty, but whether they be top tier premier league Great Game players or not, is invariably to be highly classified [Cosmic Top Secret Secure Compartmented Information] and that which rates and defines their success in the virtual terrain team field managing failures seeded to earthed systems with SCADA command and control levers. ‽

      IT's a Mad, Mad, Mad, Mad World but not at all Crazy with AI in Leading Crafts and Virgin Flight Vessels.

  15. a_yank_lurker

    Cyber Warfare vs things that go boom

    The real vulnerability over here is not taking some SCADA but there are many transmission lines and substations out in the boonies. If there is any security beyond a fence (mostly to keep finger gepokers out) it would be a camera feeding back to a control station may be an hour or so away. Take a few these out and watch the chaos. Some dynamite or C4 would do the job quite well.

    1. tom dial Silver badge

      Re: Cyber Warfare vs things that go boom

      This was an NCIS episode plot a few years ago, so it's all planned out for Daesh, including some of the things to avoid.

      I can't say I fully believe the premise that taking out a few towers could wreak enough damage to bring the US to its knees, though. The last one I experienced was the Northeast US (and Canada) blackout of 14-15 August, 2003, apparently triggered by dodgy control software and sloppy tree pruning near Cleveland at a time of high demand. In Cleveland the lights went out about 1610, I shut down the whimpering servers, and caught a bus to my son's apartment (he had a gas stove). We watched the stars that night, and our power came back on about Noon the following day. That evening I went back and started the computers so the customer department could work their scheduled Saturday O/T. We had an extra paid day off that year, but no obvious long term damage.

      Terrorists might be able to do worse, but I doubt it would not be recoverable in a week or so.

      1. JeffUK

        Re: Cyber Warfare vs things that go boom

        Someone in the local area took out a major transmission mask with a badly (well?) aimed firework a few years ago... (Google 'Morborne transmitter'))

      2. a_yank_lurker

        Re: Cyber Warfare vs things that go boom

        It really depends on how many sites are taken out and how easy they are to repair as to how long a blackout would last. From what I hear, replacing a SCADA system might be easier and faster than some of the transformers in some substations. I see people quote a lead time of about 18 - 24 months for transformer delivery - I do not know if the sources knew what they were talking about.

    2. Stoneshop
      Mushroom

      Re: Cyber Warfare vs things that go boom

      Take a few these out and watch the chaos.

      As demonstrated on the Crimea peninsula quite recently.

  16. Medixstiff

    If they are so worried about power stations etc. being hacked, why the hell aren't they enforcing a 6 monthly or yearly audit on them?

    On top of that, make it law that CEO's and other upper managers are heavily fined if an incident does occur. Hit the people in the hip pocket that deserve it, not the poor sods that keep getting their budget's cut or told security isn't important.

    If they arc up about it not being fair, a few well placed stories in the tabloids about fat cats risking the security of the nations power grid should sort them out quick smart.

    1. Anonymous Coward
      Anonymous Coward

      Trouble is, the people up top with all the money can use their money to bribe anyone that would be involved in the case, including the checkers and the checker-checkers, ad nauseum.

  17. Voland's right hand Silver badge

    Stretch - not sure.

    That third-party hackers might help them in accomplishing their goals is also a stretch.

    If the estimates from the US special forces raid which terminated their head of oil production and pinched all of his hard drives last year are correct, they have more than enough money to purchase the best attack kit money can buy from Russia, Ukraine or somewhere else in the ex-CIS.

    What is more worrying is that they will continue having the money. Turkey put into a dispute state (which means that deliveries will stop) their Gasprom agreement last month (long before the shoot-down incident). That is 25% of their energy production. What people do not realize is that they are a major manufacturing site today. They build everything from Bosh (and under license) chainsaws to Transit vans and Renault Clios. The energy for that has to come from somewhere and the money they pay for the oil burned to attain it will be more than enough for the recipient to purchase an attack kit.

  18. Voland's right hand Silver badge

    undermined the Daesh-involvement hypothesis and fingered Russians as the likely culprit.

    The evidence was Russian language used in the binaries.

    If we consider for the moment the amount of foreigners which the Turks have assisted in supplying to Daesh, Al Nusra other groups which all differ only in the shade of black they use for their flags, that starts to look extremely circumstantial and flimsy. With 16K+ foreigners being allowed to move freely up to last year into Syria the attackers could have used any language. French (with or without Belgian accent), Dutch, English - you name it. If they had previous cyber-criminal history, that language most likely would have been Russian.

    Similarly, with all oil sold by the same groups back through Turkey on the world market they have more than enough money to buy a kit off the dark net. That generally comes with a choice of Russian or Russian for the code origin. English is only the "Export Documentation".

    In any case, the threat of cyber-terror is very real, but still remote. It will stop being remote after smart meters are deployed. I love the smell of grid failsafes kicking in early in the morning. All you need to do is to program the meters to flip the switch on-off at the same time in a sufficiently big areas and you get a lovely Boom.

  19. John Smith 19 Gold badge
    Unhappy

    Bottom line. GCHQ *must* have more money.

    Right.

    Except the most effective "cyber attack" seems to have been a joint US/Israeli attack on a nation they neither (AFAIK) is officially at war with.

    As for this "Worst case" AKA Die Hard 4.0 scenario BS.

    That would take a large group of simultaneously cretinous managers to f**k up their backup plans, probably with physical visits.

    <profanity filter off>

    This is BULLSHIT

    </profanity filter off>

    BTW The cute Red squirrel in the picture is an endangered species in the UK.

    It's being out bred by the fatter, hornier North American Grey squirrel, which carries but is also immune to "Squirrel pox" which has been killing the Red.

    So if you want to defend your infrastructure against a real threat.

    Trap the Greys.

    1. leon clarke

      Re: Bottom line. GCHQ *must* have more money.

      Regarding Red vs Grey squirrels. I, too, am assuming that all these attacks are the fault of dastardly foreign grey squirrels. True, patriotic, red squirrels would never undermine our national infrastructure.

      1. Mayhem

        Re: Bottom line. GCHQ *must* have more money.

        Damned Grey Aliens coming here and probing our fine native squirrels.

  20. Blofeld's Cat
    Facepalm

    Nuts ...

    Ah so that's why one customer keeps asking me if his website is protected against "squirrel injection attacks".

  21. Solly
    Joke

    1 in 5 Squirrels

    etc

    1. Tim Jenkins

      Re: 1 in 5 Squirrels

      is gay?

  22. AndrueC Silver badge
    Happy

    the rodents have being responsible for 505 such operations. Birds have reached 141, and raccoons 31

    My budgie damaged two buttons on my original Harmony One remote ('ingress of bodily excretions') and pulled a key off my laptop keyboard ('sheer bloody mindedness').

    I was able to replace the key but sadly it proved impossible to clean the Harmony One. The cheeky little chappy has been dead for over two years now but has left me having to put up with a late generation Harmony One which is not as good as the original version. So that's one more count of long-lasting damage to IT infrastructure.

    I do still miss the little sod though :)

    1. Richard Taylor 2

      You were lucky. You have to see how much damage two pissed off parrots can do to infrastructure (electrical, computer and doors) to realise your budgie was just starting off. My nearest and dearest assure me that they didn't like their new grub....

  23. Anonymous Coward
    Anonymous Coward

    How have we ended up in the position where we pay politicians getting on for 3 times the national average wage (74k vs 26.5k) and we still have idiots at the wheel that can't see past the blinken lights? Fortunately the only people stupider (and with less imagination) than the politicians are the terrorists and so by a luck we manage to stay half a step ahead most of the time. FSM help us if a terrorist with half a brain ever gets into a leadership position.

    If you were Timmy Terrorist you wouldn't go for a cyber attack because it's just not scary. Yes it would be very inconvenient if the power went off for a few days but I'm hardly going to be quaking in my boots because my ice cream melted!

    Having said all that all this money might pay for my next job so in the interests of self interest, keep up the good work George.

    1. Anonymous Coward
      Anonymous Coward

      If the power went off to the whole country overnight, you would wake up to a police state and a shoot-to-kill order for looters.

      This country would tear itself apart. I wouldn't be worried about my ice-cream either - the freezer should stay fairly cold for a day or two if you don't keep opening the door.

    2. Anonymous Coward
      Anonymous Coward

      "Yes it would be very inconvenient if the power went off for a few days but I'm hardly going to be quaking in my boots because my ice cream melted!"

      Your ice cream melting is not as inconvenient as the water pumping system shutting down, food shops closing when tills and refrigeration stop working, financial and delivery systems halting, or the panic caused by lack of phone or internet communication. To paraphrase the popular saying, society is only three meals away from chaos.

      1. Richard Taylor 2
        Trollface

        I hope that critical national infrastructure is a little harder than that which would allow an internet based attack to cause major disruption. However, kill supply chains (to let's just say the five major supermarkets) and within a few days there would be trouble. And they well may be more vulnerable - after all security is just a cost is it not?

  24. LucreLout
    Paris Hilton

    Arf Arf Arf

    Anti-malware firm BitDefender last week implausibly warned that an “IS cyber-attack on the UK could cripple all forms of communication and infrastructure.”

    Well, yes it could. Just as I could go home from work early and find my wife in bed with Nicole Kidman. Or BitCoin could have been originated by one of The Orange County Is Essex cast. Or we could have a minister in charge of technology that actually understands technology. It's not looking likely though, is it?

    Paris, because she could be the next President of those United States.

    1. Richard Taylor 2

      Re: Arf Arf Arf

      Paris, because she could be the next President of those United States.

      There could be worse. Based on the current runners, GOP and Dems that is.

  25. James Pickett

    "The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary."

    H. L. Mencken

  26. Androgynous Cupboard Silver badge

    Not just stuxnet

    Don't forget this one. Quite an expensive error.

    But otherwise, spot on. The latest knee-jerk Tory fuck-knuckle to confuse hollywood internet with real life once again demonstrates that it's better to keep your mouth shut and be thought a fool, etc. It's up there with the old "paedophiles are using an area of the internet the size of Wales" line from Brass Eye. They never learn.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not just stuxnet

      There's been at least one other cyberattack which has caused physical damage. Back in the 1980s, it was. The CIA managed to arrange for the USSR to steal some booby-trapped control software which blew up a gas pipeline.

      http://www.telegraph.co.uk/news/worldnews/northamerica/usa/1455559/CIA-plot-led-to-huge-blast-in-Siberian-gas-pipeline.html

      One might suspect that nation state cyberattackers have got a bit more devious in the decades since. Maybe - just maybe - there's a lot of covert cyber-nasty stuff already deployed and ready to be unleashed if the bosses decide.

      Me? I'm more worried about definite rather than hypothetical risks to our electrical and electronic infrastructure, like a really powerful solar storm hitting planet Earth:

      https://en.wikipedia.org/wiki/Solar_storm_of_1859

  27. ChunkyMonkey
    Joke

    Oh my God. We are all Doomed!!!

    What happens if they start to radicalise the squirrels? I see only darkness.....

  28. Anonymous Coward
    Anonymous Coward

    Squirrel more dangerous than a cyber-terrorist?

    I bet he drinks Carling Black Label.

  29. allthecoolshortnamesweretaken

    Personally, I think that George Osborne is far more dangerous than squirrels.

    1. amanfromMars 1 Silver badge

      Puppets are more dangerous than squirrels? That is risible.

      Personally, I think that George Osborne is far more dangerous than squirrels. ... allthecoolnamesweretaken

      George does as he is told, not as he wishes, allthecoolshortnamesweretaken.

  30. tnaser

    People, let's lighten up on our poor misunderstood polititions. Where else could someone this clueless about ANYTHING get a good paying job?

    I know that I personally would never have hired one, as I needed people who could walk and chew gum at the same time.

    BTW, the gray squirrels are employed by the CIA to undermine the will of the British people.

  31. noj

    There is an old, I think Chinese, cliche: "A good sword is a terrible thing. It begs to be used."

    The US has so much military, political, economic, and technological power. These powers beg to be used.

    But because the US population isn't entirely stupid, something is needed to justify creating and maintaining that power. So the weapon doesn't just beg to be used, it HAS to be used.

    Look at the "war" on drugs, "war" on communism, "war" on terrorism, and now a "war" in cyberspace. How better to justify all that power than to find something, real or imagined, to use it on? And how better to continue justifying having that power using it than to pick an "enemy" that is so nebulous and difficult to define that the "war" never ends?

    1. Anonymous Coward
      Anonymous Coward

      "But because the US population isn't entirely stupid"

      What's your evidence of that?

      1. FlamingDeath Silver badge

        ""But because the US population isn't entirely stupid"

        What's your evidence of that?"

        Can bigotry and xenophobia be attributed to stupidity?

  32. Anonymous Coward
    Anonymous Coward

    You'd have to be

    ...in serious denial to not understand the problems we face from cyber crims and terrorists.

    This is the digital age and those countries who fail to update their laws and judicial systems will suffer badly. At the moment the UK is a hot haven for digital crims but that is about to (finally) change. No place in the world should be exempt from international law and the application of local laws when a cybercrime is committed. Terrorists are far smarter than the average sod and as such people die from terrorists attacks as we've witness again in recent weeks. These events and others could be prevented or mitigated in many instances by proper use of intelligence. Being politically correct now days can get you killed and it may. Denial isn't going to protect anyone from terrorism or cybercrime so people had better wake up now because it's only going to get worse. The crims have the upper hand and they will continue to attack the world - because they can.

    1. MonkeyCee

      Re: You'd have to be

      Utter bollocks AC.

      Either criminals or terrorists ARE such a massive threat, and the current moves are the right thing and all is good. Or it's a complete over-reaction to a foreseeable problem.

      I'm not sure how the UK is a haven for cyber-criminals over and above other ones. More details please, laws that protect them? That the UK is a hotbed of international tax evasion and money laundering, protected by laws from an empire that no longer exists (non-doms, the outer and inner tax islands) but I didn't think it was any more "cyber" in it's crime than most equivalent western european nations. Estonia, Russia, China, the Czech Republic all spring to mind as more obvious cyber crime locales where the money from ID theft, invoice fraud and CC scams end up.

      I agree cybercrime is bad. I've had UK family members who got hit by support scams who didn't get their money back (debit card) and dutch family members who've been falsely billed who got most back (taken direct from bank account, bank refunded as soon as fraud complaint was lodged) and the police really couldn't give a shit. IMHO it was to avoid having a crime that almost certainly wouldn't get solved on the books. The banks cover it, because the convenience outweighs the costs. The criminals know this, have studied the systems in place, and so can pick on a weak, rich target with little personal risk, little chance of being investigated, and it's a corporate rather than personal crime, so Jo Public never feels robbed, just some paperwork or a phonecall.

      No place should be free from international law, or from the international law of the USA? Pretty much everything emotive used to demand more laws to defend us is already illegal. The police can and should prevent people from setting off bombs, be it for political, personal or profit motive. We have the laws, we just need to enforce them.

      Now onto terrorists. Golly. You know they don't spring fully formed after you sow some dragons teeth right? Like pirates, they only happen because other things are really really shitty. But they do have a nasty habit of once formed, sticking around, changing their "business model" as such. So bombing and invading countries might just happen to result in more, rather than less terrorists. But causing terrorists doesn't matter when spreading democracy and hydrocarbon love. Only when we need more laws, more governmental powers, more taxes, bit less freedom, but for safety! And the flag! And children!

      Unless I live in a country that's an active war zone (Iraq, Syria, Afghanistan) I'm more likely to be killed by a bee than a terrorist. In Syria, where Daesh is fielding a land army, I'm seven times more likely to killed by forces loyal to Assad than to Daesh. So even in their own territory, they are not the biggest threat to life. Halfway across the world, they are not an actual real threat. More than zero, for sure, but that's life for you.

      But as a species, we can be really shit at assessing risk, and can have a strong personal worldview that will bend observations into reinforcing that over and above reality. So we worry more about things that sound scary, and do happen (but rarely) like shooting sprees* by terrorists and shark attacks, and demand that we pay some more taxes so the government can solve it for us, but we don't worry about the things that do kill us (heart attacks, cars) because we would prefer to keep the rewards and accept the risk of lifestyle choices and faster cars. So politicians play to the popular vote (Daesh is scary!) and not realism (but Putin is scarier! And the Chinks keep nicking all our shit!) to justify what they want/need/instructed.

      TL&DR Bees are more deadly than terrorists. Assad is more deadly than Daesh. Humans are dumb in clever ways to suit themselves.

      *YMMV depending upon locale

  33. Kernel

    What's the money to be spent on?

    "I'd like to know exactly what the government plans to spend this money on."

    It should be obvious what the money is to be spent on - they have to buy a whole stack of those extra wide keyboards that two people can frantically bash away on at once in order to crack the $evil_person's password - and those keyboards don't come cheap!

    You obviously haven't been watching your quota of CSI or NCIS episodes and are therefor a dangerously independent thinker with little knowledge of how to investigate a computing problem - you are hereby sentenced to watch every episode of CSI Cyber - repeatedly - until such time as you know how 'real' cyber-sleuthing is done.

  34. ByeLaw101

    Oh no...

    I only read the headline "Cyber-terror: How real is the threat? Squirrels are more of a danger"

    ...we have squirrels at the bottom of my garden... I'm too scared to leave the house!

    Thanks a lot guys!!

  35. teebie

    "cyber-jihadists"

    Would you fuck off with this bullshit, George.

  36. Amorous Cowherder
    Facepalm

    Cyber....bollocks!

    We need more money. How can we secure it? Oh yes, put the prefix "cyber-" and instantly it becomes all techno and important.

    A right load of cyber-wank!

  37. anonymous boring coward Silver badge

    One positive note: none of the mentally I'll aholes that currently fancy a bit of suicide/murder are capable of any advanced cyber attacking.

  38. FlamingDeath Silver badge

    "The UK Chancellor George Osborne last week announced that the British government plans to double cybersecurity spending and establish a single National Cyber Centre."

    When I read that it says "double cybersecurity spending"

    What it reads back in my head is, "double PSYOPS spending"

    Pro-tip: Some words I am playing close attention to in these strange times, and I suggest you do too:

    Hegelian Dialectic

    Machiavellianism

    Footnote:

    Terrorism, it's like the gift that keeps on giving...

    War is peace

    Freedom is slavery

    Ignorance is strength

  39. Dodgy Geezer Silver badge

    ....So, in summary, hackers have never been credited with taking down a power grid...

    Why should they worry, when the UK Department of Energy (now driven by climate change activists) is pretty close to taking down the UK power Grid all by itself...?

    1. Anonymous Coward
      Anonymous Coward

      Re: taking down the UK power Grid

      "the UK Department of Energy (now driven by climate change activists) is pretty close to taking down the UK power Grid all by itself...?"

      Strange that. Lots of people had concluded that half-witted regulatory tactics combined with an overarching "leave it to the markets, the markets know best" approach to security of energy supply are what will put out the lights (and most other grid-dependent electric things) in the UK in the next couple of years.

      We came close to lights out at the start of November 2015 when the UK was becalmed for a couple of days, leaving the UK's wind input at around 0GW of the installed 10GWish of grid-connected wind, but somehow Gridco managed to blame the panic on an "unplanned" loss of maybe 400MW output at coal-fired Ferrybridge (which is now in full blown "don't spend any money on maintenance" mode because it's closing in 2016). Various other older fossil stations were also offline, according to some sources, and when the wind didn't blow there nearly wasn't enough electricity.

      http://www.telegraph.co.uk/finance/newsbysector/energy/11975069/Power-plant-breakdowns-force-National-Grid-to-issue-alert.html (4 Nov 2015)

      Heaven help us if we have another Sizewell/Longannet outage like the one in May 2008

      http://news.bbc.co.uk/1/hi/england/7423169.stm

      It likely won't involve Longannet though, as Longannet will also be closing in 2016.

      LED torches and Camping Gaz stoves, plus warm clothing. You know it makes sense. Well, more sense than current energy policy.

  40. Eugene Crosser

    A little more than a month passed, and ...

    --Cyber Attacks Allegedly Targeted Power Stations in Ukraine

    (January 1 & 4, 2016)

    A cyber attack last month in Ukraine caused a significant portion of the

    country's power grid to go offline. The SANS Industrial Control System

    (ICS) team has obtained a sample of the malware allegedly used in the

    attack.

    http://motherboard.vice.com/read/malware-found-inside-downed-ukrainian-power-plant-points-to-cyberattack

    -- SANS NewsBites Vol. 18 Num. 001

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon