It is unconscionable that someone designing a critical piece of security infrastructure would design the system in such a way that it does not fail safe” — Jamie Zawinski.
Our infrastructure systems are being assaulted daily by various manmade and natural threats. These critical yet fragile systems we rely upon each and every day, without even realizing their importance until the grid goes down, are, for a lack of better words: under attack. It’s no longer a question of when one of these systems will fail in your area, but it has become a question of how long once it fails and how many other systems will be impacted. With each new dramatic failing, we are only learning how delicate and intricately laced these systems are.
In this blog, we will take a quick look at what our infrastructure systems truly are, assess some of the weak points, highlight a few of the high-profile attacks that have been in the headlines, and, more importantly, answer the question: what you can do today to keep yourself and your family from being a victim and how to survive if the grid goes down for a prolonged period of time. We used that word “survive” intentionally as most don’t realize that if the grid were to go down for an extensive amount of time in your region, the results would be catastrophic for many. If you read any blog this year through to the end, we hope it is this one as there’s a lot we’ll try to cover quickly.
WHAT IS INFRASTRUCTURE?
We banter about the word infrastructure quite a bit, but many need to realize the full extent and meaning of the phrase. It’s a very general phrase applied to a vast range of structures and services. The exact definition is the “basic physical and organizational structures and facilities (e.g., buildings, roads, power supplies) needed for the operation of a society or enterprise.” It seems simple, but let’s take a deeper look at it for a moment.
When Russia-linked cyber-criminal ransomware attackers locked down the Colonial Pipeline for four days in May of 2021, they squeezed off the vital flow of fuel, which resulted in runs on gas to the point that filling stations ran dry. It led to a shutdown of nearly half of the gasoline and jet fuel supply delivered to the East Coast. Planes were grounded. Deliveries were stopped. Some manufacturers even had to temporarily slow production to keep products from overfilling their warehouses. This was an infrastructure attack.
Also, in 2021, a hacker breached a water treatment plant computer in Oldsmar, Florida, and boosted the level of sodium hydroxide in the water supply to 100 times higher than average. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners. In this case, an operator at the plant witnessed the remote hacking and fixed the problem. Also, alarms testing for that specific chemical irregularity would have been tripped at some point if they weren’t hacked as well. But what if other sensors were hacked and spoofed, and no operator was at their terminal physically monitoring this?
What of the hundreds of thousands of chemicals that water treatment plants don’t routinely check for? There are PPCPs, pharmaceutical and personal care products that range from carcinogenic chemo drugs to fentanyl to Prozac to polonium-210. There are simply too many chemicals to test for, and most water treatment plants solely focus on ammonia, Ph, fluoride, chlorine, bacterial levels, and a few others. As one cybersecurity professional said, “If you could imagine a community center run by two old guys who are plumbers, that’s your average water plant.” Many of the 50,000-plus drinking water facilities in the United States, particularly rural locations, are nonprofit entities with barely any staff, especially not much of a cybersecurity IT department. Water is an infrastructure system, and it’s as vulnerable as the rest, from chemical contamination to busted pipelines or pumping stations.
Roads, bridges, tunnels, airports, subways, and all public transportation are part of our infrastructure. Communication and computer networks are too. These are all types of infrastructure, from cell phones to human resources online pay systems. Banking and financial systems are infrastructures. Our food production chains are a form of infrastructure, as well. Even recreational facilities are considered infrastructure. It’s a wide range of tightly woven systems we rely upon every day, and we seldom realize how dependent we are upon them until the roads are impassable, the light switch or tap doesn’t work, our paychecks don’t hit our bank account on payday, or we can’t find eggs in the store anymore.
The most recent headline-grabbing incident of an infrastructure attack was the Moore County, North Carolina substation attack on December 3rd, 2022. The Moore power substation was severely damaged by gunfire at around 7 PM. Shell casings were recovered at the scene. A second substation in West End was damaged by gunfire just a little later. Thousands were left without power in winter weather. Authorities enacted an immediate curfew, and all citizens were required to be in their homes by the curfew between 9 PM and 5 AM.
We realize many things from this attack. First is obvious our critical infrastructure systems are poorly hardened off from those that would seek to do damage to them. Second, we collectively realized this attack wasn’t the first of its kind. According to one report, there were over 100 physical and cyber attacks on electric utility equipment just in the first half of last year. Just the month before, power companies in Oregon and Washington reported “physical attacks on substations, using hand tools, arson, firearms and metal chains possibly in response to an online call for attacks on critical infrastructure. In recent attacks, criminal actors bypassed security by cutting the fence links, lighting nearby fires, shooting equipment from a distance, or throwing objects over the fence and onto equipment.” Make no mistake about it. Our infrastructure is under attack every moment of every day, but who is responsible? Are these well-trained elite saboteurs who have infiltrated from other countries? Are they domestic terrorists? Are they amateurs out for a good time? Are they neo-Nazis, accelerationists, anarchists, or socialists? The answer is yes, no, or maybe, depending upon which specific incident you are referring to.
This willful desire “for the drastic intensification of capitalist growth, technological change, and other social processes in order to destabilize existing systems and create radical social transformation, otherwise known as ‘acceleration'”. The philosophy calls for any hacking or infrastructure attacks that would reap chaos and sow a lack of faith in our systems, confusion, and violence. As I said earlier, who is responsible depends on the specific case because there are quite a few domestic actors to which we could ascribe blame, and only a select few have ever been caught or prosecuted.
In May of last year, vandals who thought they were being funny, shot a water tower. The resulting leak streamed roughly 180,000 gallons of water onto the GENERAC generator and ground below. Just that one bullet cost the tiny town of Kingsland, Arkansas, almost $10,000 in repairs and lost resources. That may seem small, but it’s a substantial chunk of change for a town with a population of only 344. While this wasn’t a huge event, it underscores how vulnerable these systems really are. Any flat land with a town on it probably also has a water tower to provide pressure and keep the water flowing to homes. Most of those are susceptible to being brought offline with a single bullet.
There’s a foreign threat, as well. This usually comes in the form of state-sponsored cyber attacks where ransomware locks out control of systems until a multi-million dollar price is extorted. Even then, there are no guarantees. However, it is just as easy for foreign entities to take advantage of the civil divisions and physically attack our infrastructure, knowing that Americans will continue to turn on each other to point the finger of blame. Some foreign governments and terrorist organizations may have already adapted this strategy, knowing that while we shout out accusations of culpability, any criminal or counter-espionage investigations won’t be effective, and they will remain undetected.
It’s also known that media coverage of these events sparks copycat occurrences, so we may see an increase in them this year. We rarely see the number of suicides in the United States unless it is a notable celebrity because attention to it provides some with the idea, and reporting suicides statistically increases them. How many people saw what happened in North Carolina and wondered if they could do the same in their county? Not all of your neighbors harbor good intentions. Just as we are evaluating how vulnerable these systems really are so we can individually harden ourselves off from them, someone is probably watching this and wondering how they might attack these systems. Is there an agent of the Federal Security Service of the Russian Federation watching the US news and formulating a covert operation right now? We just don’t know because the list of potential and actual actors is too great.
If that wasn’t enough of a threat, we also realize how old and outdated many of our infrastructure systems are because of extreme weather events and other natural disasters. The failure to insulate equipment in Texas led to almost the entire state being without power in 2021. High winds in California frequently result in live wires sparking deadly wildfires that have wiped out whole communities in mere minutes. Rodents chewing on wires in an electric box in Waterton Canyon, Colorado sparked a wildfire that was, fortunately, contained. In Boulder, Colorado, sparks from a powerline were the cause of a massive wildfire that destroyed nearly 1,100 homes in mere minutes and left many citizens running for their lives. You may have also heard of the pump system failing in Jackson, Mississippi, forcing a boil order that lasted for weeks. That type of municipal water problem instigated by excessive rains and flood water overwhelming antiquated and poorly maintained systems or flourishing bacterial blooms is more common than anyone wants to believe. Boil orders across the country have exponentially increased year after year.
WHAT CAN YOU DO?
As individuals, we have two choices. We can spend all our time assigning blame though we may lack all the actual facts and details, or we can accept that these systems WILL fail and chart a personal course that will allow us to navigate a future where these systems may be down for days, weeks, months, or forever.
As a prepper, the first step is to assess your power needs. We did a blog over a year ago where we tried to explain this as practically as possible. There are several options on the market for backup power ranging from several hundred dollars such as a standard gas or propane generator up to whole home solar and battery backup systems and we’ve covered them all on the channel before.
The second step is to secure your food and water requirements for each person and pet in your household for no less than two weeks and preferably 3-months. Most in this community aim for 1 year of backup food. While that may seem daunting, it’s far easier than you might think. FEMA recommends an absolute minimum of 3 days’ supply, but we think that is not nearly enough in an age of polycrisis and new compounding catastrophes. 3-days is just a bare minimum, but most people don’t even have that in their pantries, cupboards, and refrigerators. Most people will be desperate for food by the time dinner time arrives after any disaster. Grocery stores, at best, only have a few days’ food supplies for the communities they serve and will be completely depleted of food within the first few hours. We have all seen empty store shelves and buying limits on everything from meat to toilet paper to baby formula to eggs just in the last few years. It’s time to wake up and understand how vulnerable this infrastructure of food chain systems is.
Additionally, you need to have the means to purify, filter, and treat water to make it drinkable. If you anticipate water systems failing for any period longer than a few weeks, you should also know how to collect, harvest, and treat water from the wild. Many seasoned preppers still don’t prep water supplies, which is a huge oversight. You may be able to hobble along without power for a while. You may be able to suffer through hunger pains or forage enough food sustenance to survive the aftermath of a disaster, but without clean drinking water, you will be dead in about three days. Please give that the seriousness in your prepping that it deserves.
America is under constant attack. Our infrastructure systems are being assaulted daily by various manmade and natural threats. It’s no longer a question of when one of these systems will fail in your area, but it has become a question of how long once it fails and how many other systems will be impacted. With each new dramatic failing, we are only learning how delicate and intricately laced these systems are. You can either be a victim of the failing–a statistic–or you can take steps today to evaluate your level of dependency and secure resources and means to ensure the three core preps of energy, food, and water. This doesn’t have to be a fear-crippling situation for you, and we’re not here to stoke the doom and gloom so apparent to us all.
Instead, we are providing you with honest, well-thought-out solutions in the form of multiple blogs. Please take charge of your future today by reading those blogs and implementing some prepping practices you will find there. If you have already been prepping for a while, read these blogs with a keen eye on any vulnerabilities in your current preps. Do you have enough food, water, and energy? If you have a story where you faced an infrastructure disaster and made it through because of your preps, consider sending your story to firstname.lastname@example.org, and we may change your name and edit it to share with our community what you learned and what you did to survive.
As always, stay safe out there.