Phosphates add heavy metals such as cadmium to soils

Larsen, A., et al. March 1, 2001. Re-engineering the toilet for sustainable wastewater management. Environmental Science and Technology Vol 35(9):192-197 

http://www.internal.eawag.ch/~maurer/abstracts/09larsen.html

Current fertilizer production and use consume limited resources and harm the environment. At current extraction rates, reserves of phosphate rock that are economically recoverable with today’s technology will last less than 100 years. (http://minerals.usgs.gov/minerals/pubs/commodity).

In addition to resource limits, phosphate rock has a high heavy metal content, giving rise to hazardous wastes when processed. The cadmium content of phosphate rock, for example, ranges from 0.1 to 850 mg cadmium per kilogram phosphorus. Because these impurities are not entirely removed from the final product, phosphate fertilizer application introduces heavy metals, such as cadmium, which is very toxic, into the soil. This problem will worsen if rock of lesser quality is used in the future as the resource is expended.

There are also impacts associated with hauling raw materials long distances to where they are needed, as well as after their consumption, when nutrients are discharged into lakes, rivers, and oceans, where they cause pollution and are largely unavailable for use in agriculture.

Posted in Hazardous Waste | Comments Off on Phosphates add heavy metals such as cadmium to soils

Peak element and mineral production

Minerals_years_left

Click to enlarge

 

Posted in Mining, Peak Critical Elements, Peak Platinum Group Elements, Peak Precious Elements, Peak Rare Earth Elements | Tagged , , | Comments Off on Peak element and mineral production

Jeremy Faludi: Your Stuff: If It Isn’t Grown, It Must Be Mined

Below is an excerpt from Jeremy Faludi’s “Your Stuff: If It Isn’t Grown, It Must Be Mined” (25 Dec 2007).

Where does your stuff come from? Before the store, before the factory, where did it really begin? If it isn’t made of wood, cloth, or other living matter, it was dug out of the ground.

Ultimately, one day our industrial economy will be made up entirely of recycled and biologically grown material.  How rapidly are we depleting the minerals we have, and how do we get to sustainable mining?

Current Usage

How much mining is needed to support your life today?

Note that the numbers in the link above do not include tailings, and the ratio of tailings to ore can be huge. The concept of the “ecological rucksack” measures how many kilos of material must be mined (or grown) to produce one kilo of end-product. According to a report by NOAH, the Danish Friends of the Earth, every 1 kg of gold in your hand carries an invisible history of 540,000 kg of material in its ecological rucksack. A few other notable metals in the report: copper 356 kg/kg, stainless steel  23 kg/kg, and virgin aluminum’s is 66 kg/kg, while recycled aluminum is just 1.2 kg/kg. Good ecological rucksack calculations like those in NOAH’s report also include water and air, comprising a somewhat comprehensive measurement of ecological footprint. In addition to the ecological rucksack, there is sometimes a social cost as well.

The Mineral Information Institute even has some cute and informative (if dated) posters on mineral use in daily life.

The USGS has an excellent report, Materials in the Economy—Material Flows, Scarcity, and the Environment, with legions of data.  Much of the non-renewable material we use is invisible to us: “Crushed stone and construction sand and gravel make up as much as three quarters (by weight) of new resources used annually.” You probably don’t go out and buy gravel yourself; it is mostly used to build and repair the roads you drive on.
Peak Minerals

How much mining can the Earth sustain?  Mineral compounds can return to the Earth’s crust on their own, slowly. Steel can rust away in a few decades, and aluminum takes between 200 and 500 years to degrade. (Estimates vary widely, but a page by the state of Nevada has a nice and well-illustrated list of how quickly various materials degrade. Compare Aluminum’s degradation rate to styrofoam’s.) But minerals are clearly a non-renewable resource on the time scale of our lives.

Some researchers have begun to argue that just as we are hitting peak oil, we will soon be hitting peaks for other minerals, and have already passed peaks for some. Italian chemist Ugo Bardi published a research paper on The Oil Drum: Europe in October, whose abstract follows:

We examined the world production of 57 minerals reported in the database of the United States Geological Survey (USGS). Of these, we found 11 cases where production has clearly peaked and is now declining. Several more may be peaking or be close to peaking. Fitting the production curve with a logistic function we see that, in most cases, the ultimate amount extrapolated from the fitting corresponds well to the amount obtained summing the cumulative production so far and the reserves estimated by the USGS. These results are a clear indication that the Hubbert model is valid for the worldwide production of minerals and not just for regional cases. It strongly supports the concept that “Peak oil” is just one of several cases of worldwide peaking and decline of a depletable resource. Many more mineral resources may peak worldwide and start their decline in the near future.

The minerals Bardi and co-author Marco Pagani found to be peaking were Mercury, Tellurium, Lead, Cadmium, Potash, Phosphate rock, Thallium Selenium, Zirconium, Rhenium, and Gallium. Note that most of these are key components in computers and other electronics.

How serious is “peak minerals”? In May, NewScientist released a report with excellent charts plotting expected years to depletion for twenty of the most-used minerals, as well as the percent recycled, the amount an average US consumer will use in their life, and a map of the world showing where the various metals are mined.

According to the report, copper has between 38 and 61 years left before depletion, indium (used in LCD monitors) has between 4 and 13 years, silver (used in catalytic converters and jewelry) has between 9 and 29 years, and antimony (used in flame retardants and some drugs) has between 13 and 30 years. It appears that the market already knows this in a dim way: copper prices have tripled in the past decade, and as the report points out, indium is even worse: “in January 2003 the metal sold for around $60 per kilogram; by August 2006 the price had shot up to over $1000 per kilogram.”

As with peak oil, the economics of this situation both help and hurt. They hurt because higher ore prices make it more economically viable to do larger-scale mining at lower rates of return, causing more destruction per unit of product.

Most mining is currently a toxic catastrophe…in 2000, the US EPA’s Toxics Release Inventory listed metal mining as being responsible for a whopping 47% of all toxic waste released by industry in the country (but less in 2005 because mines have been “offshored” to poorer countries, as well as some better practices).

 

Posted in ! PEAK EVERYTHING | Comments Off on Jeremy Faludi: Your Stuff: If It Isn’t Grown, It Must Be Mined

Pandemics

As declining energy leads to lower farm yields, malnutrition and starvation will make people far more vulnerable to diseases.  A lack of anti-biotics, and little transportation to get to medical facilities at some point down the oil depletion curve is an especially deadly combination.  But even if energy were plentiful and cheap, we’d be in trouble, as Laurie Garrett explains in her book “Betrayal of Trust: The Collapse of Global Public Health”.

Ill prepared for a pandemic. 6 march 2014. Klaus Stohr. Nature. Vol 507, p 820.

Over the last 500 years, there have been, on average, 3 severe influenza pandemics in each century. The most recent pandemic was declared in 2009. Yet despite much investment in public health and many improvements in vaccine production techniques and know-how, the availability of influenza vaccines during this event was far from adequate: 6 months into the pandemic, 534 million doses were available, and after 1 year that number had risen to 1.3 billion — enough for only 8% and 25%, respectively, of the world population. We were lucky that the pandemic declared in 2009 turned out later to be mild and that just 1 hsoutof vaccine was sufficient to protect most peope. This is not usually the case during a severe influenza pandemic.

Here is wikipedia’s definition of pandemic:  an epidemic of infectious disease that has spread through human populations across a large region or even worldwide. Throughout history there have been a number of pandemics, such as smallpox and tuberculosis. More recent pandemics include the HIV pandemic and the H1N1 pandemics of 1918 and 2009.

The list of pandemics and death tolls in history are in wiki’s List of Pandemics.  Here are the ones where over a million people died:

  •   5,000,000     Roman Empire     165–180     Antonine Plague     smallpox
  •  25,000,000     Eastern Roman (Byzantine) Empire     541–542     Plague of Justinian     bubonic plague
  • 100,000,000     Europe, Asia     1338–1351     Black Death     bubonic plague
  •    1,000,000     Russia     1852–1860     third cholera pandemic     cholera
  •    1,000,000     worldwide     1889–1890     1889–1890 flu pandemic     influenza
  •  75,000,000     worldwide     1918–1920     1918 flu pandemic     influenza
  •    2,000,000     worldwide     1957–1958     Asian flu     influenza
  •    1,000,000     worldwide     1968–1969     Hong Kong flu     influenza

Notable pandemics and epidemics

  • HIV and AIDS
  • Cholera
  • Influenza
  • Typhus
  • Smallpox
  • Measles
  • Tuberculosis
  • Leprosy
  • Malaria
  • Yellow fever

Possible future pandemics:

The world health organization also lists these:

  • Hendra virus infection
  • Leptospirosis
  • Meningitis
  • Nipah virus infection
  • Rift Valey fever
  • tularaemia
  • Viral hepatitis

This is the History Channel’s depiction of the SHingTF during a global pandemic. It makes you think about our future should be loose 2/3’s of the worlds population while watching a family survive wave after wave of attacks by thieves and destitute marauders.

Posted in Disease, Pandemics | Comments Off on Pandemics

Cascading failure + Liebig’s Law + Supply Chain Breakdown = Collapse of civilization

Declining supplies of high-quality, easy-to-get fossil fuels with no alternatives ready to replace themever — is the #1 issue.

As long as we have oil, all problems can be solved, unless oil lasts long enough to deplete every other resource.  Meanwhile it’s a fountain of life, a pill that cures all diseases, allowing the destruction of the most remote rainforests, depletion of all schools of fish, the mining of topsoil over 40% of earth’s surface to farm, ranch, build roads, towns & cities, pull up water hundreds of feet deep for irrigation,  and allows for very long global supply chains to the point where almost no nation can supply its citizens using only locally produced food and goods.

The #2 issue is that all of our infrastructure was built when energy was extremely cheap and plentiful, when oil had an Energy Returned on Energy Invested (EROEI) of 100:1.  Charles Hall believes we need at least a 13 or 14:1 EROI to maintain civilization at the current level.

Now we’re down to as around 10:1 oil EROEI in the USA, and at best 30:1 in the Middle East.  The last oil in the Arctic, even if it can be gotten at with current technology, is probably less than 10:1 and likely to bring on financial collapse.  At worst, there’s a good chance of a world war as nations fight over the last large oil deposits remaining.

We don’t have enough fossil fuels left to replace, let alone maintain our infrastructure:

Concrete. Roads, bridges, buildings, airports, and anything else made of cement is not going to last — a century from now concrete will be nothing but rubble.

Oil & Natural Gas pipelines. The 2.6 million miles of oil and natural gas pipelines are rusting apart. According to the PHMSA, “Pipelines deliver trillions of cubic feet of natural gas and hundreds of billions of tons of liquid petroleum products every year. They are essential: the volumes of energy products they move are well beyond the capacity of other forms of transportation. It would take a constant line of tanker trucks, about 750 per day, loading up and moving out every two minutes, 24 hours a day, seven days a week, to move the volume of even a modest pipeline. The railroad-equivalent of this single pipeline would be a train of 75 2,000-barrel tank rail cars everyday.” (U.S. Dept of transportation pipeline & Hazardous materials Safety Admin).

Coal. Just like oil, coal has peaked, and the easiest to get at and highest energy coal has already been mined.  We’re probably past the “peak energy” of coal, and the dregs are low quality or too remote to mine.  How are you going to transport this remaining coal if the roads and bridges have crumbled?  Even if there were still viable oil or gas pipelines left that happened to be near a coal mine, you’d use up most of the energy in the coal to liquefy it and move it by pipeline.  The clock is ticking on coal mining.

Electric grid: It’s rusting and unprotected from cyberattacks.  In addition, due to deregulation, it’s falling apart and not being taken maintained properly — it used to be triple-plated (a failure in one part still left two other intact components for electricity to flow through and buffer the grid from failure), now it’s barely single-plated. See my Electric Grid Overview for details.

The #3 issue is that supply chain failure from financial collapse, wars, climate change, and social unrest will make maintenance of the existing complex system impossible in some places, and since the world is so inter-dependent, and there are single points of (supply-chain) failure, that will affect even stable, peaceful nations.  Key and essential products absolutely essential to operating today’s complex society will stop being made — forever — because microchips and other specialized tools and vehicles will require fossil fuel energy, materials, infrastructure, and knowledge that won’t be available when the world emerges from the first collapse.

Supply Chain Failure. Read David Korowicz’s “Trade-Off. Financial System Supply-Chain Cross-Contagion: a study in global systemic collapse”.

Climate change caused supply chain failure: Excerpts from Make Supply chains climate-smart. Society’s infrastructure is hit hard by extreme weather. Networks of trade, transport and production need to adapt globally says Anders Levermann. 6 Feb 2014. Nature Vol 506.

Extreme weather — including massive storms such as Typhoon Haiyan and Hurricane Sandy, and severe floods and droughts–is likely to become more frequent and intense as global warming accelerates.  Links in global economic chains and world markets mean that extreme weather in one place can have repercussions elsewhere, such as:

  • High rainfall and Cyclone Yasi in 2010-11 paralyzed the world’s 4th largest region of coal exploration in Queensland, Australia. Coking coal prices rose 25%.
  • Droughts and floods in Russia, Pakistan, and Australia in 2011 caused global food prices to clime, contributing to the escalation of civil unrest in Egypt, Syria, and Saudi Arabia.
  • The devastating flood in Thailand in 2011: The local impact was calamitous. Its effect on hard-disk production made it also a global event causing a worldwide shortage for months afterwards.
  • As protests in Brazil, Turkey, and Greece in recent years have show, societies do not have to be brought to the verge of starvation to descend into turmoil.
  • Disruption to pharmaceutical supply networks is already having deadly consequences. The increasingly complex supply chains for drugs are highly susceptible to blockages, causing shortages of medicines.
  • Pakistan is still suffering from monsoon-induced floods in 2010 and 2011.
  • If hurricanes Sandy & Katrina had hit the US seaboard in the same season as last year’s drought, even the United States might have struggled to cope.
  • The cessation of exports from the Philippines from fisheries and agriculture would affect 6% of US production directly, and secondarily could affect 21% of US Production

Social unrest.  If there is world war III, global financial collapse, or major disruption that takes the world decades to recover from, when stability returns, it will be impossible to return to mining coal, tar sands, and oil and gas extraction.  We’ve left only the remote and difficult energy resources for a future society with mainly wood to use as fuel and not much tech-savvy left. Oil refineries cost tens of billions to build, we only have 30 refineries in the USA all built before the 1980s, by the time the USA recovers from the first collapse/depression, they will have either rusted or been targets of war or terrorism.  There will be very few engineers with experience left to rebuild the complex society we have now.  The infrastructure will be rubble, but this time both the energy and physical resources to rebuild with will not be available.

Microchips. The ability to make microchips will be gone for good, and the kind of machinery you need to get at the remaining coal, oil, and natural gas requires exquisite levels of nanotechnology level computerization and microchips — so no more fracking, mining, not even toasters…   https://energyskeptic.com/2012/we-wont-even-be-able-to-build-toasters/

The #4 problem is that our civilization is a House of Cards — it requires so many material resources, so much energy, and so many kinds of technical knowledge — that any missing pieces and the house can’t be rebuilt. Whatever poorer quality replication (simpler microchips, gravel roads) is attempted in the future won’t ascend nearly as high and will be more prone to collapsing again.  Liebig’s Law ensures that the next societies will never be able to reach the level of civilization we have now.

Liebig’s Law. A shortage of anything means little if anything can be rebuilt, or rebuilt extensively.  After the first collapse, all of the infrastructure will need replacing. To go back to trying to get the remaining remote oil, coal, and natural gas for the energy to do this requires too many components to list.  You’d need to rebuild roads, bridges, mining equipment.  A shortage of anything — knowledge, technology, steel, cement, iron, tools, microchips, container ships, trucks, food, water, plastics would prevent going back to the technology enabled by fossil fuels.

Cascading Failures

Gail Tverberg, at ourfineworld.com gives an example of a cascading failure as what might happen as a result of “oil depletion in Egypt, Syria, and Yemen. All of these countries were at one point oil exporters. They each now have substantial financial problems because of the loss of oil exports. The population of each of these countries has now grown, so there are now many more mouths to feed. Unfortunately, without oil exports, the financial situation is such that it is not possible to provide the level of food subsidies and other benefits that an oil exporter can provide. The result seems to be serious civil disorder that threatens to spread beyond the these countries own borders. See my post Oil and Gas Limits Underlie Syria’s Conflict.”

These factors work synergistically, and any one factor can create cascading failures in all the others.

No wonder world leaders deny peak oil.  Stability would vanish in an instant and bring on a permanent crash much sooner if world leaders acknowledged the energy crisis and lack of alternatives to replace fossil fuels.  On the other hand, the lack of critical thinking skills in America is extensive in America it might not matter.  Look at how many believe in endless growth forever (Capitalism), astrology, angels, deny climate change, and so on.  Scientific literacy is so low, and the pressure to always be positive and techno-optimistic so high, that telling the truth to enable people to properly prepare for the future might not make any difference, people believe what they want to believe.

Alice Friedemann

Posted in 3) Fast Crash, Alternative Energy, Cascading Failure, Electricity Infrastructure, Infrastructure & Collapse, Oil & Gas, Predictions, Supply Chains | 2 Comments

Emergency drill: Cyberattack on electric grid

Preface.  Although I am mainly concerned about peak oil, we’ve become so incredibly dependent on the electric grid, including electricity to pump oil at gas stations, that if the grid came down from an EMP or cyberattack, millions of people could die.

Alice Friedemann  www.energyskeptic.com  Author of Life After Fossil Fuels: A Reality Check on Alternative Energy; When Trucks Stop Running: Energy and the Future of Transportation”, Barriers to Making Algal Biofuels, & “Crunch! Whole Grain Artisan Chips and Crackers”.  Women in ecology  Podcasts: WGBH, Jore, Planet: Critical, Crazy Town, Collapse Chronicles, Derrick Jensen, Practical Prepping, Kunstler 253 &278, Peak Prosperity,  Index of best energyskeptic posts

***

Wald, Matthew L.   August 16, 2013.   As Worries Over the Power Grid Rise, a Drill Will Simulate a Knockout Blow. New York Times.

The electric grid is the glass jaw of American industry. If an adversary lands a knockout blow, it could black out vast areas of the continent for weeks; interrupt supplies of water, gasoline, diesel fuel and fresh food; shut down communications; and create disruptions of a scale that was only hinted at by Hurricane Sandy and the attacks of Sept. 11.

This is why thousands of utility workers, business executives, National Guard officers, F.B.I. anti-terrorism experts and officials from government agencies in the United States, Canada and Mexico are preparing for an emergency drill in November that will simulate physical attacks and cyber attacks that could take down large sections of the power grid.

One goal of the drill, called GridEx II, is to explore how governments would react as the loss of the grid crippled the supply chain for everyday necessities. One example is a substation break-in that officials initially think is an attempt to steal copper. But instead, the intruder uses a USB drive to upload a virus into a computer network.

The drill is part of a give-and-take in the past few years between the government and utilities that has exposed the difficulties of securing the electric system.

The grid is essential for almost everything, but it is mostly controlled by investor-owned companies or municipal or regional agencies. Ninety-nine percent of military facilities rely on commercial power, according to the White House.

There are 5,800 major power plants and 450,000 miles of high-voltage transmission lines, monitored and controlled by a staggering mix of devices installed over decades.  Many rely on Windows-based control systems that …may be vulnerable to software — known as malware — that can disable the systems or destroy their ability to communicate, leaving their human operators blind about the positions of switches, the flows of current and other critical parameters. Experts say a sophisticated hacker could also damage hard-to-replace equipment.

Preparation for the November drill comes as Congress is debating laws that could impose new standards to protect the grid from cyberattacks, but many in the industry, some of whom would like such rules, doubt that they can pass.

The drill is also being planned as conferences, studies and even works of fiction are raising near-apocalyptic visions of catastrophes involving the grid.

A National Academy of Sciences report last year said that terrorists could cause broad hardship for months with physical attacks on hard-to-replace components. An emerging effort led in part by R. James Woolsey, a former director of the Central Intelligence Agency, is gearing up to pressure state legislatures to force utilities to protect equipment against an electromagnetic pulse, which could come from solar activity or be caused by small nuclear weapons exploded at low altitude, frying crucial components.

An attack using an electromagnetic pulse is laid out in extensive detail in the novel “One Second After,” published in 2009 and endorsed by Newt Gingrich. In another novel, “Gridlock,” published this summer and co-written by Byron L. Dorgan, the former senator from North Dakota, a rogue Russian agent working for Venezuela and Iran helps hackers threaten the grid. In the preface, Mr. Dorgan says such an attack could cause 10,000 times as much devastation as the terrorists’ strikes on Sept. 11, 2001.

Despite the growing anxiety, the government and the private sector have had trouble coordinating their grid protection efforts.

Another problem is that the electric system is so tightly integrated that a collapse in one spot, whether by error or intent, can set off a cascade, as happened in August 2003, when a power failure took a few moments to spread from Detroit to New York.

Related articles (some of these links may be broken as I republish which changes the url)

Electric Grid

Posted in Cyber, CyberAttacks | Tagged | Comments Off on Emergency drill: Cyberattack on electric grid

Alfred McCoy in Salon Magazine on How America will collapse (by 2025)

How America will collapse by 2025. Four scenarios that could spell the end of the United States as we know it — in the very near future.

Alfred McCoy. December 6, 2010. Salon.com

Here are a few extracts from this excellent article:

The demise of the United States as the global superpower could come far more quickly than anyone imagines. When things start to go truly bad, empires regularly unravel with unholy speed:

  • 1 year for Portugal
  • 2 years for the Soviet Union
  • 8 years for France
  • 11 years for the Ottomans
  • 17 years for Great Britain

and, in all likelihood, 22 years for the United States, counting from the crucial year 2003.

Collapse could come relatively quietly through the invisible tendrils of economic collapse or cyberwarfare.

But have no doubt: when Washington’s global dominion finally ends, there will be painful daily reminders of what such a loss of power means for Americans in every walk of life. As a half-dozen European nations have discovered, imperial decline tends to have a remarkably demoralizing impact on a society, regularly bringing at least a generation of economic privation. As the economy cools, political temperatures rise, often sparking serious domestic unrest.

Available economic, educational, and military data indicate that, when it comes to U.S. global power, negative trends will aggregate rapidly by 2020 and are likely to reach a critical mass no later than 2030. The American Century, proclaimed so triumphantly at the start of World War II, will be tattered and fading by 2025, its eighth decade, and could be history by 2030.

Here’s are the four scenarios:

Let’s use the National Intelligence Council’s own futuristic methodology to suggest four realistic scenarios for how, whether with a bang or a whimper, U.S. global power could reach its end in the 2020s

Economic Decline: Present Situation

Today, three main threats exist to America’s dominant position in the global economy: loss of economic clout thanks to a shrinking share of world trade, the decline of American technological innovation, and the end of the dollar’s privileged status as the global reserve currency.

After years of swelling deficits fed by incessant warfare in distant lands, in 2020, as long expected, the U.S. dollar finally loses its special status as the world’s reserve currency. Suddenly, the cost of imports soars. Unable to pay for swelling deficits by selling now-devalued Treasury notes abroad, Washington is finally forced to slash its bloated military budget. Under pressure at home and abroad, Washington slowly pulls U.S. forces back from hundreds of overseas bases to a continental perimeter. By now, however, it is far too late.

Faced with a fading superpower incapable of paying the bills, China, India, Iran, Russia, and other powers, great and regional, provocatively challenge U.S. dominion over the oceans, space, and cyberspace. Meanwhile, amid soaring prices, ever-rising unemployment, and a continuing decline in real wages, domestic divisions widen into violent clashes and divisive debates, often over remarkably irrelevant issues. Riding a political tide of disillusionment and despair, a far-right patriot captures the presidency with thundering rhetoric, demanding respect for American authority and threatening military retaliation or economic reprisal.

Oil Shock: Present Situation

One casualty of America’s waning economic power has been its lock on global oil supplies. Speeding by America’s gas-guzzling economy in the passing lane, China became the world’s number one energy consumer this summer, a position the U.S. had held for over a century. Energy specialist Michael Klare has argued that this change means China will “set the pace in shaping our global future.”

By 2025, Iran and Russia will control almost half of the world’s natural gas supply, which will potentially give them enormous leverage over energy-starved Europe. Add petroleum reserves to the mix and, as the National Intelligence Council has warned, in just 15 years two countries, Russia and Iran, could “emerge as energy kingpins.”

Oil Shock: Scenario 2025 [I think the oil shock will strike between 2016 & 2020]

The United States remains so dependent upon foreign oil that a few adverse developments in the global energy market in 2025 spark an oil shock. By comparison, it makes the 1973 oil shock (when prices quadrupled in just months) look like the proverbial molehill. Angered at the dollar’s plummeting value, OPEC oil ministers, meeting in Riyadh, demand future energy payments in a “basket” of Yen, Yuan, and Euros. That only hikes the cost of U.S. oil imports further. At the same moment, while signing a new series of long-term delivery contracts with China, the Saudis stabilize their own foreign exchange reserves by switching to the Yuan. Meanwhile, China pours countless billions into building a massive trans-Asia pipeline and funding Iran’s exploitation of the world largest percent natural gas field at South Pars in the Persian Gulf.

With just a few strokes of the pen and some terse announcements, the “Carter Doctrine,” by which U.S. military power was to eternally protect the Persian Gulf, is laid to rest in 2025. All the elements that long assured the United States limitless supplies of low-cost oil from that region — logistics, exchange rates, and naval power — evaporate. At this point, the U.S. can still cover only an insignificant 12 percent of its energy needs from its nascent alternative energy industry, and remains dependent on imported oil for half of its energy consumption.

The oil shock that follows hits the country like a hurricane, sending prices to startling heights, making travel a staggeringly expensive proposition, putting real wages (which had long been declining) into freefall, and rendering non-competitive whatever American exports remained. With thermostats dropping, gas prices climbing through the roof, and dollars flowing overseas in return for costly oil, the American economy is paralyzed. With long-fraying alliances at an end and fiscal pressures mounting, U.S. military forces finally begin a staged withdrawal from their overseas bases.

Within a few years, the U.S. is functionally bankrupt and the clock is ticking toward midnight on the American Century.

Military Misadventure: Present Situation

Counter-intuitively, as their power wanes, empires often plunge into ill-advised military misadventures. This phenomenon is known among historians of empire as “micro-militarism” and seems to involve psychologically compensatory efforts to salve the sting of retreat or defeat by occupying new territories, however briefly and catastrophically. These operations, irrational even from an imperial point of view, often yield hemorrhaging expenditures or humiliating defeats that only accelerate the loss of power.

World War III: Present Situation

In the summer of 2010, military tensions between the U.S. and China began to rise in the western Pacific, once considered an American “lake.” Even a year earlier no one would have predicted such a development. As Washington played upon its alliance with London to appropriate much of Britain’s global power after World War II, so China is now using the profits from its export trade with the U.S. to fund what is likely to become a military challenge to American dominion over the waterways of Asia and the Pacific.

With its growing resources, Beijing is claiming a vast maritime arc from Korea to Indonesia long dominated by the U.S. Navy.

As allies worldwide begin to realign their policies to take cognizance of rising Asian powers, the cost of maintaining 800 or more overseas military bases will simply become unsustainable, finally forcing a staged withdrawal on a still-unwilling Washington. With both the U.S. and China in a race to weaponize space and cyberspace, tensions between the two powers are bound to rise, making military conflict by 2025 at least feasible, if hardly guaranteed.

Complicating matters even more, the economic, military, and technological trends outlined above will not operate in tidy isolation. As happened to European empires after World War II, such negative forces will undoubtedly prove synergistic. They will combine in thoroughly unexpected ways, create crises for which Americans are remarkably unprepared, and threaten to spin the economy into a sudden downward spiral, consigning this country to a generation or more of economic misery.

If America’s decline is in fact on a 22-year trajectory from 2003 to 2025, then we have already frittered away most of the first decade of that decline with wars that distracted us from long-term problems and, like water tossed onto desert sands, wasted trillions of desperately needed dollars.

If only 15 years remain, the odds of frittering them all away still remain high. Congress and the president are now in gridlock; the American system is flooded with corporate money meant to jam up the works; and there is little suggestion that any issues of significance, including our wars, our bloated national security state, our starved education system, and our antiquated energy supplies, will be addressed with sufficient seriousness to assure the sort of soft landing that might maximize our country’s role and prosperity in a changing world.

Alfred W. McCoy is the J.R.W. Smail Professor of History at the University of Wisconsin-Madison. He is the author of A Question of Torture: CIA Interrogation, “From the Cold War to the War on Terror.” Later this year, “Policing America’s Empire: The United States, the Philippines, and the Rise of the Surveillance State,” a forthcoming book of his, will explore the influence of overseas counterinsurgency operations on the spread of internal security measures here at home.

Posted in 3) Fast Crash, By People | Comments Off on Alfred McCoy in Salon Magazine on How America will collapse (by 2025)

Decline and Fall of Civilizations links to articles about this

 

The Histomap. Four thousand years of world history. Relative power of contemporary states, nations, and empires from slate.com

Posted in 1) Decline | Tagged , | Comments Off on Decline and Fall of Civilizations links to articles about this

Cyber attack methods. Who are the cyber attackers?

This just in: Cyber criminals are planting chips in electric irons and kettles to launch spam attacks.  A Russian TV channel had footage of an iron being opened up to reveal a “spy chip” with a small microphone that could be used to spread viruses by connecting to any computer withing 656 feet using an unprotected Wi-Fi network.  Mobile phones, car dashboard cameras, and other devices were also found to have “spy chips” as well.  A customs brokerage professional said the hidden chips had been used to infiltrate company networks, sending out spam without administrators’ knowledge.

Cross-site scripting. An attack that uses third-party web resources to run script within the victim’s web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information, and remotely access and control the victim’s machine.

Denial-of-service. An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources.

Distributed denial-of-service. A variant of the denial-of-service attack that uses numerous hosts to perform the attack.

Logic bombs.  A piece of programming code intentionally inserted into a software system that will cause a malicious function to occur when one or more specified conditions are met.

Phishing. A digital form of social engineering that uses authentic looking, but fake, e-mails to request information from users or direct them to a fake website that requests information.

Passive wiretapping. The monitoring or recording of data, such as passwords transmitted in clear text, while they are being transmitted over a communications link. This is done without altering or affecting the data.

Structured Query Language (SQL) injection. An attack that involves the alteration of a database search in a web-based application, which can be used to obtain unauthorized access to sensitive information in a database.

Trojan horse. A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms by, for example, masquerading as a useful program that a user would likely execute.

Virus. A computer program that can copy itself and infect a computer without the permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a hard disk. Unlike a computer worm, a virus requires human involvement (usually unwitting) to propagate.

War driving. Driving through cities and neighborhoods with a wireless-equipped computer—sometimes with a powerful antenna—searching for unsecured wireless networks.

Worm.  A self-replicating, self-propagating, self-contained program that uses network mechanisms to spread itself. Unlike computer viruses, worms do not require human involvement to propagate.

Zero-day exploit. An exploit that takes advantage of a security vulnerability previously unknown to the general public. In many cases, the exploit code is written by the same person who discovered the vulnerability. By writing an exploit for the previously unknown vulnerability, the attacker creates a potent threat since the compressed time frame between public discoveries of both makes it difficult to defend against.

Who are the cyber attackers?

Bot-network operators use a network, or bot-net, of compromised, remotely-controlled systems to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available on underground markets (e.g., purchasing a denial-of-service attack or services to relay spam or phishing attacks).

Criminal groups seek to attack systems for monetary gain. Specifically, organized criminal groups use spam, phishing, and spyware/malware to commit identity theft, on-line fraud, and computer extortion. International corporate spies and criminal organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.

Hackers break into networks for the thrill of the challenge, bragging rights in the hacker community, revenge, stalking, monetary gain, and political activism, among other reasons. While gaining unauthorized access once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the world-wide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.

Insiders. The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat includes contractors hired by the organization, as well as careless or poorly-trained employees who may inadvertently introduce malware into systems.

Nations use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power—impacts that could affect the daily lives of citizens across the country. In his January 2012 testimony, the Director of National Intelligence stated that, among state actors, China and Russia are of particular concern.

Phishers. Individuals or small groups execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware or malware to accomplish their objectives.

Spammers. Individuals or organizations distribute unsolicited e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware or malware, or attack organizations (e.g., a denial of service).

Spyware or malware authors. Individuals or organizations with malicious intent carry out attacks against users by producing and distributing spyware and malware. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, and Blaster.

Terrorists seek to destroy, incapacitate, or exploit critical infrastructures in order to threaten National security, cause mass casualties, weaken the economy, and damage public morale and confidence. Terrorists may use phishing schemes or spyware/malware in order to generate funds or gather sensitive information.

Related articles

Electric Grid

Posted in CyberAttacks | Tagged | Comments Off on Cyber attack methods. Who are the cyber attackers?

Cyber Attacks an unprecedented threat to U.S. National Security

Preface. This post contains extracts from 3 congressional hearings in the House of representatives session on cyber attacks.

Alice Friedemann  www.energyskeptic.com  Author of Life After Fossil Fuels: A Reality Check on Alternative Energy; When Trucks Stop Running: Energy and the Future of Transportation”, Barriers to Making Algal Biofuels, & “Crunch! Whole Grain Artisan Chips and Crackers”.  Women in ecology  Podcasts: WGBH, Jore, Planet: Critical, Crazy Town, Collapse Chronicles, Derrick Jensen, Practical Prepping, Kunstler 253 &278, Peak Prosperity,  Index of best energyskeptic posts

***

March 21, 2013 Cyber attacks: An unprecedented threat to U.S. National security

Mr. Rohrabacher: The type of targets hackers assault are often placed in 2 categories:

1) Strategic targets attacked by military means in a war such as transportation systems, power grids, defense industries, communications, and government centers.

2) Commercial warfare. The scale upon which it is being conducted is beyond anything we have experienced and far exceeds traditional espionage. [Last month the Mandiant report identified a military unit of the Chinese People’s Liberation Army that has been conducting commercial warfare since 2006, hacking business and industry targets.  These attacks cost the American economy $250 billion per year and affect our economy and the balance of power.]

Over the last 10 years the United States trade deficit in goods with China was over $2.4 trillion. Entire industries have been moved across the Pacific to create what we see as the rise of China. We cannot just rely on technology to defend against these type of attacks. We must use diplomacy to deter them by telling Beijing and others in clear terms that we will not allow their hacking to continue without retaliation. We should sanction states that support hacking just as we sanction states that support terrorism or engage in other hostile actions. This war will not just be waged in cyberspace, but across every front and using every lever of American power to defeat an aggressor and to take the profit out of attacking our businesses, our defenses, and yes, our country.

There have been several Congressional hearings on cyber warfare, but most have concentrated on the technology involved and how we can devise defenses to block hackers from breaking into our government and business computer networks. The greatest dangers to our nation are not, however, really about technology. It is about international relations. Foreign governments that employ cyber warriors to attack other countries, or which “allow” hackers to attack other countries should be considered as hostile as governments which support terrorism. These are acts which put our country in severe jeopardy and must be met with the same national security and diplomatic measures that we use to meet any other external threat.

Chinese firms are dominated by state-owned enterprises with ties to Communist Party officials and their families. It is a matrix that not only serves to grow the wealth and power of China but also the personal fortunes of its leaders. The transfer of wealth by the theft of technology and other information vital to the development of industry is then used to gain a competitive advantage in world trade, which brings even more wealth to China.

The people of China are being cheated in that the apparatus that has been set up to protect them is being used to enrich the elite, and at the same time put China into a hostile relationship with the United States and other free countries of the world. And on top of that, the elite in China are using this not to protect China, not to make it more prosperous, but also to repress their own people.  The elite in China, their vanity and their desire for more wealth and power has led China down a wrong path, and I would urge those people in China, which is the vast majority, the people of goodwill there, to push this elite that is running their country that is raping their country and putting us on a path to conflict, to push them out of power.

Yesterday, several banks and broadcast outlets in South Korea were attacked, and apparently the assumption was that the cyber attacks were from North Korea. However, the news this morning is that South Korea is claiming that these attacks were located, the attacker was located in China. [This] raises questions as to whether China and North Korea are cooperating in cyber warfare against people that they think are their enemies.

Duncan: The director of National Intelligence on 12 March, James Clapper, said “there is a remote chance of a major cyber attack against U.S. critical infrastructure systems during the next 2 years that will result in a long-term, wide-scale disruption of services such as regional power outage.’’

If they are stealing the plans of an F–35 and so we have to send F–35s against a comparable aircraft, that is taking some of that competitive advantage away that we have militarily to protect this country.

Mr. STOCKMAN. My district encompasses everything from NASA to petrochemical plants. We were touring some of the plants, and they said they were getting very little cooperation from the government to help deter cyber attacks, which could cripple our nation. Just by turning off a few valves a plant could be blown up.  One plant alone in my district produces about 600,000 barrels a day. If that were to be taken off the market you would see a quick crisis occur. And if you took off several plants it would shut down the United States.

This reminds me of 9/11 when we knew about the Philippines. We picked up documents which showed that they wanted to use planes as weapons, yet we ignored all the signs. I feel like we are ignoring all the signs.  I have plant managers telling me their concerns and I am asking you, is there any kind of game plan to help critical infrastructure?   

The Mandiant report on Chinese APT1-unit cyber attacks

APT1 has:

  • systematically stolen hundreds of terabytes of data from at least 141 organizations, and can steal from dozens of organizations simultaneously.
  • targeted industries China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan.
  • a well-defined attack methodology, honed over years and designed to steal large volumes of valuable intellectual property.
  • revisited victim’s network over several months or years to steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership.
  • used tools and techniques not yet observed being used by other groups including two utilities designed to steal email
  • maintained access to victim networks for an average of 356 days and up to nearly 5 years
  • stolen 6.5 terabytes of compressed data from a single organization over a ten-month time period.
  • Compromised at least 17 new victims operating in 10 different industries the first month of 2011 .
  • compromised organizations across a broad range of industries in English speaking countries. Of the 141 APT1 victims, 87% of them are headquartered in countries where English is the native language.
  • maintained an extensive infrastructure of computer systems around the world.
  • controls over thousands of systems in support of their computer intrusion activities.

[And much more is in this document, or see the full Mandiant report]

Mr. Autry: These attacks are not an isolated case of industrial espionage but rather part of an integrated military-economic-cultural assault on America, a nation that China views not as a benefactor and valued trading partner, but rather as an ideological adversary who must be subdued by any means necessary. Chinese senior military strategists have discussed such multidimensional warfare for years. While the Chinese economic assault on the U.S. manufacturing base is painfully visible to our unemployed, the Mandiant report shows that China views this as a military operation. In the process China has debased the Internet, a gift to the world developed at U.S. taxpayer expense.

Why are the Chinese being allowed to get away with this?

I think that the problem is that a lot of American corporations are co-opted by the Chinese regime. They have such a huge interest in the production capabilities and the ability to exploit Chinese labor and the Chinese environment to lower their costs, and they are chasing the delusional promise of this giant market that they are someday actually going to be given access to that they don’t dare offend their Chinese host. They are like the abused partner in an abusive spousal relationship. They are not going to call the cops on the Chinese, and they are really not going to do it when they know that the cops don’t show up and that the cops don’t have any guns, which is the situation that we are in now. This is not a technical challenge, it is a military one. No amount of locks or alarms could protect your home if there was no belief that the police would show up or that the prosecutors would do anything if you had burglars working in broad daylight against whatever security you had put in place.

We should have a ban on the import of any Chinese networking hardware, and specifically I mean Huawei. We need to stop the revolving door at the State, Treasury, and Commerce Departments where officials from those Departments come directly from doing business with China or look forward to doing business with the Chinese as soon as they get out of government service.

Finally, we need to stop educating our adversary. Our computer science departments and engineering departments are full of mainland Chinese students, the majority of whom return to mainland China. Why are we educating these students of a country who are using that technology that we are handing them to oppose our interests?

How does an economist estimate the cost of Chinese cyber warfare?

The evidence suggests these revelations are merely the tip of the iceberg. The FBI admits, “As a result of the inability to define and calculate losses, the best that the government and private sector can offer are estimates.” A full accounting of the damage done to the U.S. is impossible to compile, because most of the victims will never detect the Chinese intrusions or will decline to admit to their losses. The discrepancy between expert estimates and the value of crimes actually reported makes this under reporting obvious. For instance, Symantec estimated 2011 individual and small business cybercrime losses at $388 Billion, while the FBI’s IC3 summary of actual reports that totaled a mere $485million. McAfee even tossed out a $1 Trillion estimate a few years ago. Using the more conservative number only a little more than a tenth of one percent (0.0125%) of these crimes by cost were reported. Even if Symantec overstated the problem by an order of magnitude we still have more than 98% of cybercrimes going unreported.

In any case, how do we place a value on something like Google’s source code? The firm trades at 25 times its annual earnings, suggesting most of its value is in future revenues. Conservatively assuming that half of Google’s market capitalization of $248 billion reflects the value of its technology (other factors might be labor force, brand equity and assets) this implies a property worth $124 billion has been compromised. While assessing the total cost over time has too many unknowns to model, Google has clearly suffered at the hands of its Chinese competitor Baidu. Google has lost $ billions in the Chinese market alone prompting Google’s co-founder Eric Schmidt to brand the Chinese government a “menace.” He has wisely noted that “The disparity between American and Chinese firms and their tactics will put both the government and the companies of the United States at a distinct disadvantage.” In other words we don’t cheat and steal well.

Consider that the economic costs of the September 11 attacks (excluding the military reaction) have been estimated at around $175 Billion. The annual cost of Chinese military hacking to the US economy is therefore in the same range as 9/11. Every $100 billion implies a loss of about 1 million American jobs. Chinese military hacking has left millions of American workers unemployed. And although we’ve been spared the specter of horrible televised deaths, the suicide and death rates for the unemployed are substantially higher than the national average. The statistics would suggest that over the years, Chinese military hacking has killed thousands of Americans.

Technical protections against cyber intrusion have consistently proven to be insufficient because most initial system compromises are achieved via exploitation of human beings with “social engineering” tricks like spear phishing. The criminal consequences of getting caught are minimal.

Victims of Chinese cyber attacks are actually helping to conceal the extent of this problem. They wish to avoid public humiliation, negative stock market reaction and the liability associated with the loss of customer data. What makes the silence more worrisome is that most large American corporations have been, for all practical purposes, coopted by the Chinese government. They are so dependent on low-cost production in China and strategically committed to the promise of the “world’s largest market” that exposing the criminal behavior of their notoriously vindictive host is unthinkable. With the noble exceptions of Google and the New York Times, an American Corporation is no more likely to “call the cops” on China than are the victims of abusive relationships likely to testify against their spouses.

Worse, many officials in the departments of State, Treasury and Commerce upon whom we depend to make China play fair come straight from doing business with China or proceed to do so as soon as they leave government.

We are executing an “Asian Pivot” strategy to confront China’s increasingly belligerent military posture in the Western Pacific, while our consumption of Chinese goods finances a massive PLA arms buildup.

Do we believe that China’s corrupt, state dominated economy is actually beating American private enterprise in a fair contest? While Shanghai booms and Chinese billionaires sprout up like rice in the spring, 25% of Americans are unemployed or underemployed. This is the root of our intractable fiscal dilemma. While we cut and tax, the Chinese government can hardly think of enough new things to do with the vast wealth our consumers and corporations transfer to them – from maglev trains and moon missions to a frightening military buildup. This is what losing a 21″ century war looks like.

On page 44 there are a number of remedies proposed, including:

Encourage U.S. Education in Computer Science: Direct the majority of student aid to STEM majors and specifically graduate degrees in computer science and engineering.

Stop Educating Our Adversaries in Military Technology: Ban the admission of computer science student to the U.S. from nations whose militaries engage in cyber attacks against America and her allies. We are educating a massive pool of Chinese talent in our computer science and engineering schools, where they displace tens of thousands of American citizens and allies.

[I like these solutions because I was a systems engineer/architect for 25 years, and saw many of my colleagues replaced by outsourced workers.  Now these outsourced jobs pay more than what an American worker would cost, because once an outsourcer has a company by the balls, they can charge whatever they please, often far more than what an American computer programmer/engineer would be paid. Most foreign workers came in without the necessary skills and were trained on the job – why couldn’t the same training have been given to American college graduates?   I could also do 3 times as much work as an outsourced worker, because I had years of experience and institutional knowledge].

Protect and Reclaim The Internet: The Internet is an invention of the American government funded by U.S. taxpayers. The U.S. government and the U.S. armed forces are reasonably entitled to demand special privileges in its use. Any attempt to transfer further administrative oversight of the Internet to international regulatory bodies must be most strongly opposed. Any opportunity to regain U.S. control of the Internet would be in the interest of all people, most notably the citizens of China. Specifically ICANN and control of the DNS root must remain in the U.S. Root servers currently in the U.S. must remain there. The location of anycast servers should be restricted to friendly nations.

Mr. MAZZA. China sees cyber capabilities as a tool of statecraft to use in the pursuit of national interests. The primary goal of the Chinese Communist Party (CCP), is to stay in power. No longer securing its legitimacy on a foundation of Marxist ideology, the Party now relies on delivering economic prosperity and on its claim to a nationalist mantle to ensure its continued rule.

China’s continued rise is crucial if the CCP is to validate its claim that it and it alone can lead the country back to what it sees as its traditional and rightful place atop the Asian hierarchy. To do so, Beijing must restore sovereignty over territory supposedly wrongly taken from it. Doing so would not only allow Beijing to complete what it sees as an historic mission, but to enhance its own security. Controlling islands in the East and South China Seas would grant China greater strategic depth, allow it to more easily safeguard or control sea lanes, and permit it to more easily access the Pacific and Indian Oceans.

But these waters are also home to our partners. Tensions have been running high in this region, where conflict is most likely to break out because U.S. and Chinese interests clash. Differing visions of what Asian and perhaps global order should like have led China and the United States into what is shaping up to be a long-term strategic competition.

For China, cyber capabilities are tools to be used in waging this competition and in securing its interest in the Asia Pacific. China uses cyber capabilities for three related but different purposes.

1)      Chinese hackers will engage in espionage activities in the pursuit of both strategic and tactical intelligence.

2)      The People’s Liberation Army, or PLA, will use cyber warfare as part of its suite of anti-access/area denial capabilities, or A2/AD. The PLA has been developing systems aimed at keeping U.S. forces distant from Chinese shores, complicating in particular the U.S. Navy’s ability to operate freely in the Asia-Pacific Theater and thus making U.S. intervention in the Taiwan Strait or other conflict more difficult. In the event of a conflict, PLA cyber forces would likely aim to disrupt U.S. military command and communications networks, essentially trying to blind, deafen, and silence U.S. forces.

3)      Most worrisome is China’s development of what might be called strategic cyber weapons. Recent revelations of Chinese cyber intrusions into U.S. critical infrastructure are especially troubling. That an attacker a half a world away could threaten our electrical grid, water supply, financial stability or transportation security is frightening and potentially destabilizing.  Because these weapons lack the ugliness of nuclear weapons-there is no radiation and they don’t immediately and directly cause widespread death and destruction-not to mention the fact that their origin may be difficult to trace, Beijing may come to see them as more “useable” than nuclear weapons. And with such weapons likely to be seen as adding an intermediate step on the escalation ladder-one preceding the use of nuclear weapons-Beijing may come to see armed conflict as less dangerous than it otherwise would have. Conflict would become even more likely if Beijing believes that the American response to a strategic cyber attack would be one that China can tolerate.   Meanwhile, effective espionage would allow China to more accurately predict U.S. actions. to gauge U.S. vulnerabilities, and to speed along its own military modernization. At the same time, theft of IP and trade secrets would be making American companies less competitive, putting a drag on the U.S. economy and putting further budgetary pressures on defense spending.

My comments:

It’s really too late to do much security wise, there are too many millions of lines of code to fix on a system that was originally designed to be open.  The visionaries who created it do so as a way to share information among scientists, as well as to make sure that citizens share information and communicate with each other no matter how corrupt their government was.  That was the philosophy of the founders and that philosophy is embedded down to the very roots of the system.

China is the big loser in the end.  They’ve poisoned their land, air, and water for hundreds of thousands of years.  Computer microchips and other complex  information technology will be one of the first to vanish as Liebig’s law of the minimum kicks in at some point when shortages of key resources vanish, supply chains fail, and social unrest, war, and chaos descend as oil declines and not enough food can be grown and delivered to 7 billion people, more fully described in Peak Resources and the Preservation of Knowledge.

[ Cloud computing is seen as a way to protect small businesses according to the testimony from the staff of these businesses, since the cloud provider has the staff to maintain sophisticated firewalls and keep malware patches up-to-date, back up the data, etc..  But small businesses still need to protect their internal networks, protect their data as it is transmitted from one network to another and protect their network endpoints—their individual PCs—from compromise. If you have or work at a small business, you may want to read all of this 65-page document. I’ve only excerpted a small part of it. ]

U.S. House. March 21, 2013.  Protecting small businesses against emerging and complex cyber-attacks.

Chairman Collins: One reason we are having the meeting is to shine a light on the fact that 77% of small businesses are not even considering [cyber attacks and crime]. They are coming to work every day to make a sale, to have some cash in the bank, pay their bills. It is not on their radar. We want to put it on their radar.

What the internet does for small businesses

Our nation’s digital infrastructure has become an essential component of how small businesses operate and compete in the 21st century. It provides access to a variety of innovative tools and resources to help reduce costs and increase productivity. E-mail, social media, online sales, and global video conferencing are just a few of the examples. A couple of the most dynamic industries that have emerged are cloud computing and mobile applications. It is now easier than ever for small businesses to store and access their information from anywhere in the world without purchasing thousands of dollars in IT equipment. In addition, the boom in mobile applications is a great success story for both entrepreneurs looking to create the next best app and for small businesses that use them. From mobile banking to online marketing there is a plethora of applications available to help small business firms increase productivity.

America’s 23 million small businesses are some of the savviest users of technology by using the Internet to access new markets to grow and diversify. In fact, small businesses are the driving forces behind further technological innovation as they produce about 13 times more patents per employee than other businesses. For the established small business, modern technology can expand a firm’s client base using a company website, social networking, or other forms of online advertising. Firms can utilize voice and video communication as a low cost method to connect with customers around the world and reach previously untapped markets. They can store data online, access office productivity tools, and even improve the energy efficiency of their business.

Threats

40% of all threats are focused on firms with less than 500 employees. Nearly $86 billion is lost, with companies incurring an average of $188,000 in losses.

[There are a] growing number of cyber criminals trying to steal sensitive information, including intellectual property and personal financial information. These attacks can be catastrophic, leaving many small businesses unable to recover. A recent report shows that nearly 60% of small businesses will close within 6 months of a cyber-attack.

20% of cyber-attacks are on small firms with less than 250 employees. Small businesses generally have fewer resources available to monitor and combat cyber threats, making them easy targets for expert criminals. In addition, many of these firms have a false sense of security, and they believe they are immune from a possible cyber-attack. The same report shows that 77 percent of small firms believe they are safe from a cyberattack, even though 87 percent of those firms do not have a written security policy in place.

The sophistication and scope of these attacks continues to grow at a rapid pace. A report by the Office of National Counterintelligence Executive indicated that tens of billions of dollars in trade secrets, intellectual property, and technology are being stolen each year by foreign nations like China and Russia. These are not rogue hackers. They are foreign governments engaged in complex cyber espionage with a mission to steal our trade secrets and intellectual property. As the leader in producing intellectual property, the United States and small businesses will continue to be a primary target for cyber criminals seeking an economic advantage.

McAfee: attacks on the mobile space

[Attacks have increased] 70% the past year. We went from 792 to 37,000 malware threats – with 95% of that increase in 2012. Small business leverages these mobile devices because they are inexpensive in many cases. They are easy. They can do their home transactions, their work transactions all at once. They take them on the road and they leverage it with cloud services because there is very little computing resource on the small device so they can outsource the data storage. The threats to this and mobility, we see those threats of the adversary trying to access that device to get your personal information and/or access your computer network, so the small business that cannot afford necessarily a team to watch this has an even stronger vulnerability because they have so much of their infrastructure dependent on mobile.

What to do: passwords

McAfee, cloud services, and other companies who testified promoted their businesses as solutions to congress.

Mr. Weber: if I was going to make one recommendation, the thing that hurts our customers more than anything else is using poor passwords. It sounds so basic. You would think that today in 2013 that people would know what they ought to be doing but they do not. They are very dumb about password selection. So today a secure password ought to be at least 12 digits long. It ought to have capital letters, it ought to have lower case letters, and it ought to have a number or two in it. A password like that is not going to be cracked. But small businesses do not want to do that because it feels inconvenient. There are all kind of techniques you can use for generating these passwords and make them easy to remember.

Mr. Freeman: the number one threat we see to customers are when their systems are compromised because a malicious third party has garnered a list of passwords from another service. When you reuse the same password on your Evernote account as your Gmail account and someone is able to hack one or the other, they get a list of the passwords and they are able to use that against all of your infrastructure. And routinely third parties will go out and simply bang against every provider available to see if the same user name and password combination exist.

What to do: Encryption

Businesses need to encrypt their sensitive data, both economically sensitive and regulated data. Encryption really is the only means that has the fundamental integrity with which to protect data. Because systems will be compromised because we cannot guarantee that an intruder will not get access to a system, the only thing we can do is really secure the data that they might get access to, and encryption is far and beyond the gold standard when it comes to that type of security.

Firewalls, up-to-date networks, compliance policies

Mr. Shapero: tip number one advice is make sure that your network is compliant. And when I say compliant, you do not just have anti-virus, anti-malware software, a firewall in place, but you are making sure that all your definitions are up-to-date, meaning that you are up-to-date on what the latest threats are. That your firmware on your firewall is up-to-date so that you have got the latest and greatest to protect yourself from those threats. And also your operating systems. So all those patches that come out on a regular basis. They might seem like a nuisance to many small business owners and it may be a basic thing like passwords, but make sure that you are applying them as recommended by your IT service provider. Encrypting your data is also an important part of ensuring that you have a compliant network. Doing a periodic network scan is something that you should do as part of making sure that you have a compliant network. So there is a whole list of checklists to make sure your network is compliant. The next thing is policies. So you pointed out most companies do not have a written policy for their employees. It might be something like acceptance use for mobile devices in their organization. Am I allowed to have corporate data on my personal device? Am I allowed to have personal data on my corporate device? Because it can get really tricky when a device might be lost or stolen and you are trying to lock down that data if you do not have those policies in place. Policies for what to do in case of a breach. Who do I notify? Which of those 47 states am I required to disclose to when I have lost data from my consumers?

Also training. It is really an educational process, not only for the business owner but for their staff as well.

Ms. SCHNECK.  I agree. This is not just a technology problem; this is a people problem. So a lot of emphasis on the training and education.

U.S. House. April 26, 2012. Iranian cyber threat to the U.S. homeland

Some excerpts from this 52-page document:

The threat of cyber warfare may be relatively new, but it is not small. Iran has reportedly invested over $1 billion in developing their cyber capabilities, and it appears they may have already carried out attacks against organizations like the BBC, and Voice of America. There have been reports that Iran may have even attempted to breach the private networks of a major Israeli financial institution. Iran is very publicly testing its cyber capabilities in the region, and in time, will expand its reach.

Stuxnet may be proof of Iran’s vulnerability and the effectiveness of other nation’s state cyber arsenals. However, it would also be possible for Iran to gain some knowledge of creating a Stuxnet-like virus from analyzing its network effects. This leads to fear of reverse engineering leading to a capability of the types of cyber attacks on U.S. critical infrastructure that could rise to the level of a National security crisis. We must be prepared for such rogue actions and be prepared on the National defense level, as well as protecting our critical business operations, vital infrastructure functions, and frankly, our daily lives.

Law enforcement officials have also observed a striking convergence of crime and terrorism, a trend highlighted, I might note earlier this week by Defense Secretary Panetta, and further reinforced by SOUTHCOM Commander General Fraser. Hezbollah’s nexus with criminal activity is greater than that of any other known terrorist group. These links, including with gangs and cartels, generate new possibilities for outsourcing, and new networks that can facilitate terrorist travel, logistics, recruitment, and operations, and I might note, including cyber.

the good news is that if you were to rack and stack the greatest cyber threats in nations, Iran is not at the top of the list. Russia, PRC, and others are. The bad news is is what they lack in capability, they make up for in intent, and are not as constrained as other countries may be from engaging in cyber attacks or computer network attacks. Given Iran’s history to employ proxies for terrorist purposes, there is little, if any, reason to think that Iran would hesitate to engage proxies to conduct cyber attacks against perceived adversaries.

Cyber basically levels the playing field. It provides asymmetry that can give small groups disproportionate impact and consequence. Whereas they may not have the capability, they can rent or buy that capability. There is a cyber arms bizarre on the internet. Intent and cash can take you a long way, and that is what I think we need to be thinking about.

Last summer a hard-liner Iranian newspaper affiliated with the Revolutionary Guard, warned the United States, that America no longer has the ‘‘exclusive capability in cyber space and it has underestimated the Islamic Republic,’’ and now needs to worry about ‘‘an unknown player somewhere in the world attacking a section of its critical infrastructure.’’

Anonymity, who is behind that clickety-clack of the keyboard breaking into your system? Are you dealing with a pimply kid, or are you dealing with a foreign intelligence service, an organized crime, an economic competitor? You simply don’t know much of the time at the breach itself. So attribution, while we are making progress, smoking guns are hard to find in the counterterrorism environment; smoking keyboards are that much more difficult. I would also note that cyber space is made, I mean, it is made for plausible deniability. [This was in the context of how would we know it was Iran vs China vs Russia].

I am concerned about the Russias and the Chinas is we have seen a sophistication level that is very high. But they are in the business right now of computer network exploits to steal secrets. If their intent changes, they could just flip the switch and it becomes an attack tool. I might note that what we have seen that I think is most concerning is we have seen adversaries map critical infrastructures.  I don’t see what that intent could be other than to potentially use in a time of crisis.  It is just that they haven’t flipped the switch. Right now it is obtaining information, but they haven’t turned it in a proactive sense into delivering some kind of an attack.

Mr. LUNGREN. When we talk about asymmetric warfare it is interesting because one way of looking at it is that the small less powerful guy who has an opportunity to do harm to a stronger adversary for less capital investment and manpower, et cetera. It seems to me we ought to look at asymmetric warfare in the terms of the war on terror; that is, asymmetric warfare with the purpose of doing what? Not just destroying property but causing psychological damage to the adversary.

So when we talk about critical infrastructure, one of the things that comes to mind with me is our health system is a critical infrastructure. If I were to attack the United States one of the things that would be very effective in an asymmetric way would be to attack the health system. If you could invade the information systems of several health systems of the United States such that no one could depend on the accuracy of the information, such as someone lying on a surgical table and getting the wrong blood type, etc. If you did that in a series of attacks, you wouldn’t have to be successful with too many of them to cause a psychological damage to the United States.

CILLUFFO: One of the biggest missing elements of our strategy is we don’t have a cyber deterrent strategy. We need to clearly articulate one, we need to identify bright red lines in the sand or maybe in the silicon more apt and we need to identify what is unacceptable. Oh, by the way, we can’t firewall our way out of this problem.

CASLOW: If Iran were to target a hospital and take down the nearby electric grid and attack the water system, i.e. parts per million of chlorine goes up down but no one knows because the read-outs are fine — all of a sudden we have hundreds of thousands people sick from an area where we have troops deployed overseas. The ultimate end-game here is not to make those people sick. The ultimate end-game is to terrorize our troops overseas so that our Marines who are deployed in combat zones can no longer do their mission because they are worried about their children, their wives, their grandmothers, whatever, who are now ill back on the home front because they are communicating with them and now they know they are sick.

CASLOW: the data flows, the internet can go everywhere. I can still go to a dark reading room on the internet and download any number of very bad, nasty little critters that are out there and then use those same critters to attack a network or system. I can buy those capabilities, I can download some of them for free.

Related articles

Electric Grid

Posted in China and War, Cyber, CyberAttacks, U.S. Congress Infrastructure | Tagged , , , | Comments Off on Cyber Attacks an unprecedented threat to U.S. National Security