Home / Technology / Thinking Tech
Follow this blog:
RSS

Estimate: two years and $100 million to “Internet Armageddon”

By | August 2, 2010, 8:26 PM PDT

Charlie Miller, a five-year veteran of the National Security Agency’s computer espionage department, was tasked with finding the cost and time it would take to bring down America’s cyber infrastructure.

That cyber infrastructure isn’t well-defined, but it would certainly include vital elements like the smart grid, the banking system, and communications–a vague attack, but one that would essentially cripple the entire country’s networked presence.

Asked by the wordy Cooperative Cyber Defence Centre of Excellence in, of all places, Estonia, Miller went at the problem as if he were a small rogue nation. In his words, as told to the AFP:

“I pretended North Korea asked me to scope out the job of orchestrating a cyber attack on the United States. I lay it out as I would do it realistically. I already knew it was easy, but now I know in detail how easy it would be. We are certainly very vulnerable.”

Miller estimated the cost at $100 million, using about a thousand “cyber-soldiers” (hackers, really, ranging from government-trained operatives to geeky hobbyists) and requiring about two years of work. All of those numbers are alarmingly small, especially the budget.

The plan would actually use the two years as a secret lead-up to the final attack: the hackers would quietly infiltrate hundreds or thousands of different systems and networks, but not attacking. Those hackers would simply leave the key turned, as it were, so on the big day, the defenses would already be down. The attack would be incredibly broad and sudden, not giving security forces enough time to plug each hole individually.

That’s all pretty worrisome, but Miller’s scenario is unlikely for a few reasons. First, many of the world’s greatest hackers are either from the States or from friendly nations, neither of whom stand to much benefit from destroying the entire cyber infrastructure. There aren’t many rogue nations with the motivation to do such a thing, and possibly none with both the motivation and ability.

Also, the plan’s greatest strength, its slow-and-steady nature, is also a weakness. If any of the hacks are discovered, security would rise exponentially, and those tactics would become useless, aware to cybersecurity agents. So you can breathe easy–at least, easy-ish.

Start your week smarter with our weekly e-mail newsletter. It's your cheat sheet for good ideas. Get it.

Dan Nosowitz

About Dan Nosowitz

Dan Nosowtiz was a contributing editor for SmartPlanet in 2010.

Dan Nosowitz

Dan Nosowitz

Contributing Editor, Technology

Dan Nosowitz has written for Popular Science, Fast Company and Gizmodo. He holds a degree from McGill University in Canada. He is based in New York.

Follow him on Twitter.

Dan Nosowitz

Dan Nosowitz

Dan Nosowitz does not hold any investments in the technology companies he covers.

He writes for SmartPlanet and is not an employee of CBS.

People who read this also liked...
26
Comments
Add Your Opinion

Join the conversation!

Follow via:
RSS
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
The issue doesn't seem to be taking down the entire infrastructure but instead is crippling our ability to know what is going on and to repsond. That is what cyber-espionage is for and the Chinese as well as the Russians have been extrememly good at hacking into our systems. Probing here, probing there...they are looking for our weaknesses (and strengths) for later usage against us. And that scenario is very likely indeed.

Jim
Posted by JimRicker
3rd Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
While 'many' hackers may reside in the U.S. or 'friendly' nations, for every 1 hacker here, there are at least 100 maybe 1000 in China who are willing/forced to work at their governments bidding. I would not underestimate the ability or desire for the Chinese to accomplish such a thing.
Posted by jstephen@...
3rd Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
I'm thinking "many of the world's greatest hackers" could, and very likely are, in places like China, North Korea, and even Russia, honing their skills while staying under the radar. I think it's more than likely that those nations (and others that don't like us) are training people for just this event and that your last two paragraphs are signal examples of "head-in-the-sand" thinking at least and irresponsible in the extreme.
Posted by cb77305
3rd Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
A lot of speculation here. Isn't the back end of banking done on a different network? It would be very inconvienant to lose the Internet, but the nation would survive. . .as it did before personal use of the Internet began.
Posted by jimmeq
3rd Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
How foolish to think America has the greatest minds. We have foolishly given the world technology for free, bring business into those countries to cut American wages to nothing and cripple need for American jobs. I suggest you read Revelation chapter 21, God's judgment on Babylon, the *****. Both historic and prophetic in nature, God brings everything down to basics in one hour. America without turning back to God is doomed because it is God, Himself that has come against us because of our sin. We have let Satan's philosophy of get anything I can, however I can with no hedges of wisdom or integrity to do what is merely right. Abortions, pornography, adultery, murder, lying, fornication, and every sin known to man has polluted the minds of even the church with so called entertainment. Whatever judgment God makes is justified , holy and true. Will revival sweep through America and bring back it's roots, Judea- Christian beliefs before it's too late. As for myself, I'm doing a thorough housecleaning, destroying any and every DVD, VHS tape, any illegal download, or anything that would be against God's law. My body and house as the temple of God will be spotless of filth of any kind, any philosophy that does not mirror God's philosophy of love. I am, in fear and trembling, moving toward God's holiness with repentance for letting evil seducing spirits let me be drawn away from my Creator, Lord, Savior, Provider and Protector. What I am doing now is necessary by all "God's people who are called by His name" if America will survive." Repentance and correction of direction through Jesus Christ is the world's only hope, not any man who deceives and claims to be the world's Savior. There has been one and only one Savior, Jesus Christ and no man can in any way help you. He is God, Alpha and Omega, and there is and will never be any other like Him. He is, " Almighty God, King of all Kings, Lord and ruler of the Universe." Don't believe the lies of demons and men. He is the only way, the only truth, and the only pathway to salvation and God. Everything else is counterfeit. It might look real but believe me, it's counterfeit. May God have mercy on us all!
Posted by sawman357
3rd Aug 2010
0 Votes
+ -
Spotless of Filth
You have the right to remain silent. You also have the right to encriminate yourself and your illegal downloads. ROFL all those downloads are there and with the right program even after restore, write over's, format's your still stuck with sin. For ALL men have fallen short of the glory of god. Did you read that part or skip to the end?
Posted by 1turbofreak
10th May
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
Luckily for us, if we hire the 'ex-NSA' guy and his new sparkling startup to fix the issue for us with our tax dollars, it will only cost $100 billion a year for fifteen years.
Posted by bretlowery
3rd Aug 2010
0 Votes
+ -
Look For Russia and Ukraine
jstephen@.. China is NOT the enemy hard as you want to pretend it is.

Rather look at Russia and Ukraine. Russia IS our enemy. China has not invaded any country since way before the USA was even formed. That can not be said for Russia.

And as far as workers being "forced" to work at their governments bidding, think again. That is a false statement. Go investigate and see. China is more Capitalist that the USA is at this point.

That is why they are now the second largest economy in the world.
Posted by Albee_Freeoneday
3rd Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
@ sawman357:

(g)od's VCR is still flashing midnight. That's right: VCR. No DVD player. No DVR. And definitely no computer.

And Judea perished before Haysoos made the scene. Or did you mean 'Judeo-Christian'?

All silly superstition aside: Get back on your meds and get thee to a shrink post-haste. Judging from your disjointed rant, you are probably too far gone to get it but you have gone completely off the rails.
Posted by cdmsr
4th Aug 2010
0 Votes
+ -
Five Year "Veteran"?
You can't make sergeant in the Air Force in five years. You'd be lucky to make journeyman status in a professional trade in five years. Or are you using veteran to mean 'former employee?'

And does this scenario envision all of the cyberwarriors in the US -- public and private -- just hanging at Starbucks for two years?

But congrats to Charlie. Sounds like a fun way to get a nice check.
Posted by cdmsr
4th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
I think a healthy response would be to encourage & reward diversity in computing in the US. Put money into training computer engineers, programmers, communications engineers. Encourage diversity in computing. Instead of trying to dumb down Linux, train more people into how to use, implement & develop in it. Do the same in Windows and in Mac/Apple products. Put time & money into creating/recreating the redundancy of the Internet. Put additional money and time into training cyber-defenders & defenses. Enable critical systems to work merged or disconnected and teach people how to hook up redundancies in the event of a cyber crisis. We still have a lot of intelligence and innovation in the free world, no matter where the attacks seem to be coming from, China, Russia, Middle East, Ukraine. Start teaching people how to apply the tools & systems we have. spend $400 mil over the next couple to $500 million over the next four years and we will go places.
Posted by binarypc
4th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
? Why the hell would any nation try to undermine US economy? I
think a terrorist organisation might want it but the real world carefully
looks at the US economy performance every day being dependent on
it. Use your heads Americans, there are no real enemies anymore,
stop the paranoia. The world is connected and neither China or
Russia would benefit from any US economical struggles. If US
internet infrustructure would be compromised, it is a severe trouble
for all economically healthy nations. The G8 would bankrupt.
I doubt North Korea or Iran would gather the resources (esp. human)
to do anything like this. I do not know about any other real enemy the
US might have today.
Ukraine? Common:) Anything those people want is to do business
with the US. Not to destroy it.

Wake up, it isn't 1984.
Posted by Ondrax
4th Aug 2010
0 Votes
+ -
Rubbish, it'll be a hack, bubblegum, a paperclip and a smartphone.
The whole Byzantine apparatus designed to prevent it
will do the rest as it eats itself, tail first.
Posted by Clockwork Computer
4th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
In 1979 I lead a group of cyber (term not used in 1979) to determine the vunerabilities of Strategic Air Command (SAC) Command & Control systems. My team and I used all the tools in existance at that time - there were many.

Not only did we learn what we needed to fix SAC systems but we learned about our banking, air traffic control, power grid and much more. Nothing was done about the civilian systems so I am not suprised at anything all these "experts" say. It is much worse than anything they say.
Posted by pacomj60@...
4th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
It does not really take NATIONS that do not like us, only PEOPLE that do not like us.

If you do not think that one could find 1000 ******** hackers in the world willing, and private financing to get it done, you are dangerously naive!

The real question is: is it already in progress? If so, how close are they?
Posted by wpeckham@...
4th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
Two years to bring down the country. Phooey. The banks could do that over night.
Posted by Giley
9th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
Take down the thing that was designed to withstand a nuclear weapons attack during the Cold War? I suspect a v2 Internet would emerge quickly. Consumer and commercial services would be disrupted for a (relatively) short time, but as with Y2K, this reads as much ado about (almost) nothing as it relates to broad infrastructure.

Nevertheless, China's alleged attacks on Google's private infrastructure would, if true, demonstrate that there are nations where (some of) those in authority wish to inflict harm on commercial interests that are perceived to conflict with national interests. China certainly has more than $100-million at its disposal. Targeted, private attacks seem much more plausible than broad attacks on infrastructure.
Posted by dofzin
9th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
Behind closed doors, the investment banks say "been there, done that!"

And they're still doing it by repackaging short sales to "third party" companies which are linked to their own board members.

Al Qaeda and Ali Baba could take lessons from these forty thieves.
Posted by mwagrp
10th Aug 2010
0 Votes
+ -
jon
The US SCADA systems (the systems that control the US electrical infrastructure) have already been hacked. There are logic bombs all over the place in there. In fact, it's fairly well-known that the Chinese did the hacking. We've found a bunch, but the paranoid (count me one of 'em) believe we've only found the ones they want us to find. As for China not being an enemy, that's just naive. China has serious aspirations in their neck of the woods; their complaints forced our recent N Korea exercises to the other side of the peninsula to avoid "their" sea. Some people suspect the Russians have their own penetrations but have just hidden them better. And N Korea is in great shape for a cyber war - they have no vulnerability and a small but very highly trained cadre of hackers.

@ondrax: it's the threat of an infrastructure meltdown more than the actual execution that hackers want. Imagine we're in a skirmish with Russia because it's turned off the gas to our NATO allies. We launch a few small attacks on their military IT infrastructure and they retaliate by taking out an electrical plant server a few thousand Wyoming residents, with clear implications that they can hit New York just as easily. Who do you think will blink?

@dofzin: Don't kid yourself about Internet2. That's not the concern. The real issue is that if someone takes over the electrical infrastructure they can literally destroy generators at hundreds of plants and keep entire regions in the dark for months.
Posted by scripter
10th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
Now I know what Conficker is going to be used for. First detected in November 2008, still not shutdown. November 2010 = Two Years.
Posted by 2_4GHz
10th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
I always find movies on how terrorists take over electrical grids and other vital facilities by hacking into them and until our hero or heroine kills the bad guys we are helplessly cringing in a corner of our rooms. Until some four year old kid walks over and pulls out the internet cable!!!
Posted by russ@...
10th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
Yes, another example how to foul people to make them pay you.
Just like bretlowery said: 'it will only cost $100 billion a year for
fifteen years.'
If you are an ex-NSA guy (Scary, isn't it? - these people know
something...), you probably know, how to destroy the whole world.
- Do you really think so?
If you know, how these things work, you possibly think, it's just
loads of bollocks.
This is not an american movie - to hack a system is not about
hitting a few keys. It's not that easy. In most cases, the weakness
of the system is the people that work with it. Ex. a clever manager
with a weak password, or a disappointed employee with a keen to
take revenge on the company.

For $100 million you can buy a few employee - not necessarily in
lowest positions - yes, that's true. Yes, there's a chance to buy
the right people, you need. But in this case, you don't need the
'country of hackers'.

Oh, yes, poor USA, there's always somebody hidden in the dark,
watching them for one simple reason: destroy them - it's just
bollocks.

I know, there are many brains out there. What I'm saying is think
about it - don't believe in everything these people say.

Thank you
Posted by tlleech
11th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
This is simply a wild guess, pulled from thin air by someone. He
can't prove it would take 100 million or even work. Take it from me,
a fellow comp. sci. researcher: nobody in the world ouside the NSA
knows this (if they even do). Its all smoke and mirrors guesswork
from a well-paid snake oil salesman who doesn't know.
Posted by jim15936
11th Aug 2010
0 Votes
+ -
Where are you Hollywood when we need you !
well that a great scenario for a movie now some body from Hollywood come and turn it on . need some block buster actors and FOX and we get a great Movie , it will be awesome
Posted by zak94ma
11th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
why exactly does a expert find that it takes 2 yrs and $100mil.
remember the KISS principle? one really smart cunning terrorist type with a really good source of info could probably do it in 6 months, $1 mil and all the beer/drugs/sex he could get with it. some of our most messy attacks were done by teenagers with those geek skills the rest of us have no clue about. THINK
Posted by vger_z
11th Aug 2010
0 Votes
+ -
RE: Estimate: two years and $100 million to 'Internet Armageddon'
Quote:
First, many of the world?s greatest hackers are either from the States or from friendly nations,.
Unquote
Many of the Worlds great hackers, unfortunately aren't confined to 'friendly Nations' and if that is really the currrent view in the US it is potentially a dangerous one..

Quote:
There aren?t many rogue nations with the motivation to do such a thing, and possibly none with both the motivation and ability.
Unquote
Agree that in the main the moviation is not there, but ability would only require recruitment and a possibly an extra year, or two.. Fortunately without the movitation, it is a mute point.
Posted by Douglas Holland
12th Aug 2010
Join the conversation
Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

Join the SmartPlanet Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion.

Join Login

Keep Up with SmartPlanet

SmartPlanet Weekly Newsletter
SmartPlanet Weekly Newsletter

Facebook Activity

View Results

Quick Poll

How is your organization connecting and engaging to become social?

View Results

Blog Archive