Are You Cyber Resilient?

 

Ukraine hit by cyberattack, Russia moves more troops after talks hit 'dead end' The developments came after no breakthrough was reached at meetings between Russia and Western states, which fear Moscow could launch a new military attack on its neighbor.

There is a lot of talk about an upcoming war with China and Russia in the future. There is speculation that, unlike any previous war, this upcoming conflict will be preceded by cyber-warfare, designed to cripple the vast swathes of our country’s information systems before we see missiles and bombs raining on the ground.

Since everything in modern society, including our national infrastructure (e.g. water, electricity, fuel and communications), is controlled and administered through information systems, any crippling of the latter will have a dire consequences for civilization as we know it.

Remember the infamous Colonial Pipeline ransomware attack that caused extensive fuel shortages in the southeastern United States? That was not even a full-blown cyber-attack. It was just a greedy criminal. Imagine what can happen in a full-blown cyber-war!

So, how do you prepare for cyber-warfare?

First, assume that basic services like water, electricity and fuel will be affected. Supply chains will be disrupted, resulting in empty shelves in supermarkets and drug stores, along with empty gas tanks. Other writers at Peak Prosperity address how to be resilient in this area and so I will not delve further into it. But in this article, I will talk about resilience in the cyber-realm.

Have we taken Internet availability for granted?

When you turn on your tap, you expect water will always flow out. When you flip a switch, you expect the light bulb will always shine. When you press start on your microwave oven, you expect it will always warm your food.

Likewise, we take Internet availability for granted. We assume our smartphone is always connected. For many of us, the first thing we do when we wake up in the morning is to check our phones for notifications. When we turn on our computer, the first application that we launch likely connects to the Internet.

What if the Internet is not available?

As part of your resilience planning, you must assume that in the event of a major war, the Internet will not be available for an extended period time. I am not talking about annoying outages that ruin your mood for the day. I am talking about extended outages that can last for days, weeks and possibly months.

<img class=“aligncenter size-full wp-image-700246” src=“https://peakprosperity.com/wp-content/uploads/2022/01/PC-hacked-shutterstock_1047662398.jpg” alt=“”" width=“1000” height=“667” />

When the Big Tech servers go down

Unavailability of the Internet is one possible scenario. Another is the denial of service of important Big Tech infrastructure.

In a major war, state-sponsored cyber-attacks may put important infrastructure servers out of action. Although the Internet was originally designed to be robust in the event of a nuclear war, today’s Internet is dominated by servers from a small number big companies. In other words, the major tech companies represent a small target that impacts

To give you a taste of what can happen, consider the outcome of a recent power failure in a single data centre. Just a few weeks ago, Amazon Web Service went down hard. As a result, it had a knock-on effect on these services: Slack, Asana, Hulu and the Epic Games Store.

Can you imagine a concerted state-sponsored cyber-attack that brings down multiple critical data centres simultaneously? You can bet the “Internet” and the connected services that the vast majority of the population rely on will grind to a halt.

Monoculture of server software

In agriculture, monoculture is a bad practice. A virus can sweep through and devastate the vast majority of farmland, endangering food security.

In the same way, software monoculture is also a bad idea. A bug in critical servers running the same software all over the Internet can be exploited by an adversary to bring most of the Internet to its knees.

The recent Log4J cybersecurity bug is an example of software monoculture. Log4J is the software used to record all manner of activities that go on under the hood in a wide range of computer systems in millions of computers. It records events – errors and routine system operations – and communicates diagnostic messages about them to system administrators and users.

A malicious state-sponsored adversary could have released a computer worm to exploit the bug in Apache Log4J. A computer worm is a self-replicating malicious software that can spread on its own from computer to computer, server to server. A worm exploiting Log4J could have been weaponized to bring the “Internet” down. Fortunately, it didn’t happen.

But in a cyberwar, you can bet it will happen. Make no mistake, Log4J is not the only software monoculture.

What can go wrong and what can you do about it?

Cashless payments

We are largely living in a cashless society today and it requires payment terminals to work. What if the Internet goes down? Without it, we can rule out using fintech like PayPal, Cash app, Internet bank transfers, and so on.

Therefore, keep some cold hard physical cash. It will be the only payment method that will work. You may also want to keep some physical silver and gold coins, just in case.

Cryptocurrency

If payment terminals stop working and we run out of physical cash, can we then rely on cryptocurrencies to function as money?

Without the Internet, that’s a hard no.

Documents in the cloud

What about the documents that you store on the cloud? If there’s no Internet, will they all disappear?

If you use cloud storage services like iCloud, OneDrive and Google Drive, only some of your documents are cached locally on your device by default. They are only downloaded on the fly when needed to save storage space on your device or computer. While that is convenient, it also means that whenever there is an Internet outage, you will not have access to your documents. Most cloud storage services have a switch somewhere to make your documents available “offline”. Find and turn that switch on.

As an example of resilience planning, let’s take Box as a case study. They provide Box Drive and Box Sync to allow you convenient access to your documents from your computer. The former caches some of your files in your computer. The latter syncs every document from Box cloud storage to a folder in your computer. Although the latter is deprecated by Box, I will still choose to use it because it helps me to be more resilient. Should the Internet go down, I still have a copy of every document on my computer.

Memories

I know of many people who keep their memories on Facebook. They have tons of photos and videos stored there. What if Facebook goes down or becomes inaccessible for a long time? That is a lot of sweet memories gone!

Therefore, download a copy of all your Facebook data and carefully organise and sort all your memories on your computer (and back them up too). Also, make sure that from now on, you have a copy of it offline before uploading to Facebook.

Entertainment

If you rely on streaming media to listen to music and watch movies, how will you enjoy entertainment without the Internet?

Most streaming media services like Spotify, Netflix, and Apple Music allow you to download your media to listen or watch offline. The tricky part is to move your downloaded media to an external storage or network-attached storage (NAS) and stream from there in the event of an Internet outage. This will require planning and tinkering on your part.

Electronic books and magazines

Ebook services like Apple Books and Amazon Kindle allow you to download your books to a device for offline reading. For some other services like Apple News, you may not have such an option for electronic magazines.

Connection with people

If you rely on Facebook, WhatsApp and Zoom to communicate and connect with people, how are you going to do so if the Internet goes down?

Here are some non-Internet alternatives:

• Two-way radios - Perhaps it is a good idea to invest in walkie-talkies and long-range ham radios?
• Mesh network chat apps - Several apps allow you to communicate “off-the-grid”. Some of these apps allow multiple users to connect in a mesh and “piggy-back” on each other’s communication traffic beyond what is physically possible with a smartphone’s radio. Take a look at this link for ideas.
• BearTooth - This is an interesting product. It is a device that works with your smartphone to communicate off grid via text and voice messages. You can also share maps with other users. Multiple BearTooth users can connect to form a network.
• Satellite phones - This is the most expensive option. But it will work without cell coverage. On second thought, maybe not. State-sponsored adversaries already have the means to shoot down or disable communication satellites.

Does your app work without the Internet?

Some apps require an Internet connection to work.

A great example is Grammarly. It does not check the grammar on your device. Your text is sent to the cloud to be reviewed before the results are returned to your device. If the Internet goes down, Grammarly will not work.

Notion.so as another example. It is a wonderful product. But you need an Internet connection to access your documents. That will be problematic in terms of resilience.

To be cyber-resilient, you need to audit your software and apps and find out whether they will still work without an Internet connection. It is quite easy to find out whether this is the case. Just turn on airplane mode and see if they still work. You may want to turn on airplane mode for the entire day to simulate an Internet outage and see how far you can go without an Internet connection. Very soon you will have a list of important apps and software that is dependent on the Internet to work. The next step is to come up with a Plan B.

Important links and information on websites

Over time, you will have accumulated links and web-browser bookmarks to important informational websites, news articles, documents, and so on.

If the Internet goes down for an extended period or a massive cyberattack wipes out those websites permanently, get in the habit of saving downloaded documents and printing the content of web pages into PDF documents. Then systematically organize them into folders. Your computer’s operating system will have the functionality of indexing the contents of all these documents to allow you to search later on.

Emails

Most of us have our emails stored in the cloud. Over the years, you will have accumulated at least tens of thousands of emails, maybe even hundreds of thousands. Nowadays, emails are not just a record of your correspondence. For most people, it has become an important filing cabinet containing bills, notices, contracts, important information and so on. Email has become an archival store of your life.

What if you lose access to your filing cabinet?

Most email apps only keep a cache of some of your messages. The rest will only be retrieved from the cloud when needed. So, what can you do to ensure that all of your emails are available offline in the event of an extended outage of the Internet?

If you are on the Windows platform, I recommend a free software called MailStore Home. It can download every copy of your emails into your computer in the form of a searchable database.

If you are on the Mac platform, Apple’s default Mail app can do the job. It downloads your entire email history into your Mac.

Finally

As our lives continue to grow more entwined with the Internet, we need to seriously consider how cyber-resilient we are should the Internet go down for a long time. Although it has happened temporarily (e.g. in natural disaster situations), we have yet to experience a long outage. If we are ever at war with any of the cyberwarfare-capable states like Russia, China, Iran, North Korea you should expect long Internet outages.

Cyber-resilience is something that requires a personal audit, planning and time to implement. I hope this article will give you some food for thought.

This article was written for Peak Prosperity by Terence Kam, founder and cybersecurity consultant at iSecurityGuru.com. You can follow his company on LinkedIn. Or subscribe to his writings on Medium, where he writes on a wider variety of topics.

This is a companion discussion topic for the original entry at https://peakprosperity.com/are-you-cyber-resilient/

What steps are Peak Prosperity taking to be cyber resilient?
In particular I wonder about the community communications being resilient.

I see the internet as a transitory phenomenon. While it is here it is a great tool, but it’s greatest value is for planned obsolescence. The internet, Amazon, even Peak Prosperity will all be gone someday and we will have only what we have built on a local level.
We can use these tools to build our alternative society….but must be prepared to see them vanish.

Peer-to-peer encrypted radio amateur message networks.

So I’m guessing a fair number of us use google maps to navigate. It doesn’t work w/o internet.
However there is a feature that allows you to download a map to your phone. They call it a “local map”. In my trips to foreign countries, where I don’t have constant internet, I use local maps to navigate. It works reasonably well. Not perfectly though.
As our security guru suggests, you can trial this by going into airplane mode, and then seeing how navigating with a local map works for you.
 

I have a set of these awesome map books for BC - each book represents a specific region. I have no doubt there are similar things for other countries, especially the USA.
I keep several in my SUV with my bug out stuff. They detail all kinds of important criteria which helps one to choose adequate places for temporary refuge, as well as exploring to find suitable places to live either temporarily or permanently.
https://www.backroadmapbooks.com/
Hard copies of maps are great back ups to electronic devices ??

This would really change things!
.
Street Maps of the cities where we live and visit.
Topo maps of the areas where we hike or drive to in the wilderness.
Small pocket-sized phone directories (personal numbers)
City phone books.
Newspapers delivered daily. (Meet at the library at 9 am Saturday morning.)
Bread and Milk delivered daily.
How to books: How to cook a berry pie. How to can meat when the power goes out and we must save the stuff in the freezer quickly. How to start my chain saw. How to breakdown and clean my shotgun.
Cash and PMs for trade. (Bank card is not working)
CB radio in car. (Cell phone not working).
Network of Ham operators with lists of PP contacts. Some doing long distance region-to-region, some doing local news relays. Still would love to set this up!!
How to send Morris code messages using flashing lights. (slowly at first)
A drone to fly out over the pastures to check on the cows, on the neighbor’s home or on the roadway.

How to send Morris code messages using flashing lights. (slowly at first)

It's Morse Code. As in Samuel Morse. Morris was a small car. A Minor.

We can use these tools to build our alternative society….but must be prepared to see them vanish.

Now THAT's resiliency. Ready for it boys and girls? An additional after thought. We will probably discover that not much travel is really necessary. And not much communication is really necessary. Focus on local. As has been said. A friend was all worried about power for her refrigerator. I asked why? What do you need it for, to keep all that food cold that the store does not have for you to buy? Think this stuff through. Better to build a hen house than install a generator for your refrigerator. Our forebears 200 years ago did just fine.

There was also the Morris Major. Fairly popular but IMO a gormless-looking thing.
In the 1970s I had a Datsun 1200.
Pros: completely analogue! Impervious to digital disruption! Splendid little car, great for city use, manual transmission only, very small turning circle (not quite within its own length but close), tiny fuel consumption, great car for an impecunious uni student. I could and did service the whole vehicle myself, even repair the gearbox. Which was light enough to hold in one hand.
Cons: it felt as though it were made out of tin cans rolled out flat, noisy, tedious and tiring on long trips, couldn’t carry much. Seats tended to break.
The level of technology to build this type of car is still fairly sophisticated. I can’t see us reverting to that level in a hurry.
Other preparatory things I do include (1) no use of the cloud for anything, especially data storage, (2) book maps in the car. These still exist.

An interesting read, thank you.
The Beartooth product looks nice and everything, but it relies on your Android smartphone, so you’d better make sure you have a very reliable phone. If you want to take it outdoors, better make sure said phone is weather resistant, and preferably, ingress protection rated, as well (look for the IP ratings on rugged/durable phones).
Looking at the specs, it’s 900 MHz, which is a band with decent range, but it only has max power output of 1 watt. Even with that retractable fractional antenna, there’s no way in humanity those range numbers are realistic, even in rural areas with Line of Sight between units. Those are just bullshit marketing numbers. I’d expect more like a mile, maybe 1.5 miles, and that would be in ideal weather, with line of sight. In the city, it would be very low, and there are plenty of other devices that use the same ISM 900 MHz band, so count on some interference. The guy who did the engineering for the Beartooth took electronic engineering in college and does HAM radio as a hobby, but his business partner worked at Goldman Sachs, so that’s a flashing red light for me.
Any high quality, mid-priced HAM walkie talkie would provide better range than Beartooth. I know…you need a license. For Americans, that test is very easy. Not so much in some other countries.
The Internet is designed to withstand a nuclear war. Yes, if part of the backbone goes down or all DNS servers went down, we’d have some very very serious problems, but I’m pretty sure the entire Internet won’t go down. Maybe if the Global Routing Table was corrupted, but things would likely work for a while until that got replicated across all routers. Cutting essential undersea cables might cut off large geographical areas. There are hundreds of those cables around the world, however. From my (limited) readings, an intense solar flare is a much higher risk, as that could cause worldwide problems in a short time. And of course, there would be no fix for that.
WiFi would seem to me to be a much better candidate for building mesh networks. That’s already been done and well-documented. Of course, that would probably require more planning than turning on Beartooth. And of the average person isn’t interested much in planning. Of course, none of us here are average, right?
Another, simple thing to think about is how you would access data if you had no power. How would you look up information that had never been printed on paper or in book form?
A low power PC or a laptop or subnotebook typically requires a lot less power than a desktop or tower PC these days, so you might want to think about a UPS, battery backups etc and do the calculations to see how long you could run your existing gear on batteries.
 
 
 
 
 

Morris also marketed a Mini. Even smaller. My good buddy hated his Minor Woody. I loved my early Minis, perhaps not so much as my VW microbus. Still love my '65 Bonneville…(oops, hijack. Sorry). Aloha, Steve.

I purchased a couple Beartooth when they first came out, what?, 4 or 5 years ago. Fellow hams and I played with them a bit, and they ended up on the unused-hamgear-shelf. Range was dismal and the system didn’t seem to provide a benefit to hams. Good comments on your post, Shplad. Aloha, Steve

Any high quality, mid-priced HAM walkie talkie would provide better range than Beartooth. I know...you need a license. For Americans, that test is very easy.

Get a license. Get a decent radio per your needs. Get involved in the amateur radio (Ham) world and you will quickly discover emergency communications networks, systems, communities, protocols, repeaters, etc etc are already up and running. World wide even. Heck, I can reach New Zealand or Argentina from California on my 20 meter 100 watt radio powered by my modest solar power system. And our good hand held 2 meter radios are good for 100 miles from a clear high spot. Comm problem is already solved if you are a licensed ham radio operator. Just do it, as they say. No need to invent another wheel. Just jump on this existing one.

An Attack by Major States, Like China or Russia, Could Severely Disrupt U.S. Civilization as We Know It.

I guess i have to apply a little fix... "An Attack by Major States, Like China, Russia or the US Deep State Could Severely Disrupt U.S. Civilization as We Know It." I am just thinking it might be only a question of time before the US IT Industry is getting jealous on their mighty Pharma buddies how they have sized the opportunity to force their "products" on us.

Open source Thunderbird email can get and keep email on your pc:
https://www.thunderbird.net/en-US/
Morris was also a chair.

How would VHF radios fare? they are widespread in marine use, though now displaced by cellphones.

The team at S2 have a good primer on secure comms:
https://youtu.be/apLxePngNlM

I just want to repeat what I mentioned earlier. For Americans, getting a technician-level license is really easy.
In other countries, not so much. The Go-to HAM radio book up here in Canada is more like 250 or 300 pages. And the test is quite a bit more difficult.
Just 'sayin.

A few notes by a beginner on the above video posted by Tycer. Our communication infrastructure is no longer “ours.”
Secure Radio Communications
Using less common frequencies is one way to hide transmission contents. For a sophisticated network of communicators.
Analog transmissions can be heard by many. Kid down the block with a walkie-talkie can hear you.
Digital—much more private, mostly because it is much less common than analog, need a license to be legal (this may become less important in some situations). Receiving radio must be set up to receive the transmission. Digital systems can only be heard by another digital radio set up to that digital mode. Very few are set up to listen—even if not “encrypted.”
Multiple digital modes—“DMR” most common. Others. Can send text messages on digital radios.
Down-sides of digital radio:
more expensive, you are supposed to have a license, very hard to build repeaters for digital radios. (Repeaters are expensive to buy pre—made $2K-$3K?)
Encryption—mostly not legal to encrypt. (However …… controversial) (Privacy tones do not encrypt–useless) You can be circumspect and use code words. “Big daddy is strollin’ down the lane”. “1 by land, 2 by sea”
“Trunked radio systems” used by police—not technically “encrypted” but very hard to listen to unless buy the equipment tuned to this system. Very complex. This gives privacy without actually “encrypting.”
Some common commercially available radios actually do have encryption built into their software, but they don’t mention it in the documentation. You would never know unless you look into their software. All are proprietary.
AES-256 the only good encryption. Standard developed by the Motorola company, used now by other companies, too.
Hiding transmissions: Contents of transmission vs where the transmitter is physically located.
Useless to hide message contents when the transmitter can be geolocated using direction finding equipment. The house can be located by triangulation. Don’t transmit repeatedly from the place where you sleep at night. Radio geolocation. RDF -radio direction finding. Used in modern warfare to locate enemies command and communication centers.
Hiding physical location from radio direction finding equipment.

1. Use a low power level—only use enough power to reach recipient. High power transmissions can be triangulated on more easily. (And jammed) Crucial aspect of hiding location.
2. Terrain mapping. Transmit down a valley where mountains limit spread of the signal off to the sides.
3. Using directional antenna to aim the transmission at a target (the actual person who is to receive it, or a repeater).
4. Short bursts. Short voice, short text messages, packet transmission (functions like an email or text message sent in a short burst)
5. Use repeaters—DF will locate the repeaters first.
6. Combine the above modalities.

Family factor—convenience. Can your kids use it. Grandma? Neighbors? A radio that can’t be configured with a simple “push button to talk” won’t work for your neighbors, grandparents and children. Locally, a simple programmable radio might be best for a neighborhood. You will want to buy a radio for neighbors and set them up. They are your eyes from that end of the neighborhood. Communication is a great equalizer on a battlefield or in a crisis. Like weather. Not exciting or entertaining. Takes hard work to learn about it. But it is a tool that empowers “the little guys” who are smart enough and diligent enough to learn. The internet is vulnerable at its core. Bloggers can be de-platformed. Email addresses can be blocked. Your entire domain can be delisted. The packets can be read and sender and receiver located. The internet is not any longer a reliable or private. Control of the internet now lies in the hands of big corporations and governments. Be strategically and tactically superior in a technically challenging field--communications. What radio do I need to buy? It depends…… they have another video to follow...