Lions and Tigers and Solar Flares, Oh My!
By Ed Higgins
This post may seem a little off-topic, science fictitious, or perhaps it might read a bit like a joke, but nonetheless, I wonder, in our assessment of IT security planning have we seriously considered natural disaster risks such as solar flares?
As a kid of the 70's, I remember that at certain times my CB Radio (remember those?) could receive signals from locations a few thousand miles away which was well beyond the capability of my radio and antenna. Or, I remember those times when the television reception was just not that good at all, terrible in fact? These things were all directly related to solar activity, sun spots, and solar flares.
So, now, we fast forward to current time, a time in which we are heavily dependent on electricity, computers, cellular, digital telecommunications, wireless, satellite communications, radio frequency and infrared devices, and anything pretty much magnetic.
In the past 10 years, we've seen our list of technology requirements grow as has our dependence on these and the resources that support them. Think for a minute... What would your life, right now, be like without a computer, network or cell phone for a week or perhaps several months? How about no television or satellite communications? What about our business transactions, electronic commerce, banking and trading? What if there were no electricity for several weeks or perhaps months because our energy grid management systems were broken, not able to automatically open and close the power switches along the grid that deliver electricity to our homes and businesses? What if energy produced by hydro, wind, nuclear, coal-fired generators were all halted because the microcomputers that control them were all fried and disconnected. Alarmist? Perhaps a bit. Thought-Provoking? Definitely. At least, I Think So!
Our Nation's energy businesses have all been diligently implementing controls and plans to protect us from the infamous "cyber attack" on our electrical grid systems. But, what if this particular threat was the least of our worries? Driven by NERC CIP, regulators mandate that energy producers improve Critical Infrastructure Protection, or the cyber-security controls that surrounds critical infrastructure systems that control things such as the energy grid, water treatment facilities, air filtration fans, and toxic materials disposal. These regulations greatly address the security risks of outages caused by terrorist act, accident, malicious hacker, and other cyber-villains.
While cyber attack is a very legitimate potential threat to our infrastructures, what if the bigger threat was the "11-year cycle of predictably repeated and historically accurate events relating to solar flares and sun spots that goes back millions of years"..
In these most recent of years, and at no other time in history have we all grown to be so very very dependent on microcomputer systems, cellular, and networks which are all most fragile to mass effects of solar flare activity.
In 1859, a solar eruption occurred that was so powerful it set fire to hundreds of telegraph offices... people got nasty electric shocks simply because they were working with metal objects. In 1859, however, we had no televisions, cell phones, power grid management systems, smart-meters, etc so arguably the impact was less visible.
Now continue these 11-year recurring events forward to modern times.....
In 2003, and the most recent peak in solar events, we experienced outages that included computer system failures, magnetic data backup tape failures, electricity outages to homes and businesses, disrupted television and satellite operations, and greatly disrupted radio signals.
NASA and the scientific community accurately predicted the solar events, however the only means of reducing the risks were to simply shut off high-risk devices. NASA temporarily shut down certain radar and satellite tracking antennae to avoid their destruction. NASA even grounded space shuttle programs to protect astronauts from the severe threat of deadly radiation exposure as space is not protected by the magnetic field that protects the Earth.
Check out these interesting and informative videos on the solar flare phenomena:
As we explore and deploy all of the new methods for acquiring and producing energy... thus expanding our power grid to accommodate wind farms...solar arrays... new nuclear plants ... and other renewable energy sources. This grid will get larger... and smarter.... With microprocessors inside almost every device...communicating and negotiating with one another... running everything from air conditioners to power plants.
A sudden surge of solar activity could strike the grid directly...inflicting substantial damage on our "smart power economy".
A similar storm today, or in 2013 when peak solar flare events are predicted, could easily cause several trillion dollars in damage to our sensitive high-tech infrastructure, potentially thousands of times greater than hurricane Katrina.
Modern information security strategies are focused on physically and logically protecting data, keeping systems up during brief outages, recovering a destroyed data center to another with waiting equipment, preventing intruders or insiders from stealing company secrets or sensitive information such as customer credit cards, health records, et cetera ad nauseam ad infinitum.
Our Disaster Recovery Plans and Business Continuity Plans tend to focus on events with which we have some prior experience, like the horrible tragedies of September 11th, hurricane Katrina, and even the threat of widespread pandemic influenza. But, what about the global impact on a modern-day solar flare event? How will we respond? What will we do when these naturally occurring solar flares generate similar interference as they have over previous 11-year cycles for past millions of years, but this time they cripple the computerized devices that we have become so dependent upon?
Thoughts? Provocative? Alarming? Ho-hum? Let me know...
I hope you enjoyed this article, and hope it was helpful.
Until next time,
Ed
Ed
