A team of Fordham computer scientists demonstrated in dramatic fashion how, for less than $200, one can assemble a device no larger than a lunch box that can disable cell phones, laptops, and other electronics via an electromagnetic pulse(EMP).
In a Jan. 10 session at the ICCS18, Thaier Hayajneh, Ph.D., associate professor of computer and information sciences and director of Fordham’s Center on Cybersecurity, Rien Chy, GSAS ’07, operations manager for Fordham, and Damianos Pinou, GSAS ’07, director of Data Center Operations at BITS, made an impassioned plea for the more attention to protecting the nation’s power grid.
The team cited several past incidents as cause for concern: A 2013 sniper attack on 17 electrical transformers at a transmission substation near San Jose, California; “Dragonfly,” a 2014 cyber espionage campaign that disabled energy-related targets in the United States and Europe; and the attack on a Ukrainian power grid in 2015 that left nearly 230,000 people without power for up to six hours.
“Our grid is extremely old, exceedingly fragile, and expensive to repair. The United States has a total of 55,000 high-voltage transformers or substations, 10 of which represent the main interconnected points. For security reasons, these main ones are in undisclosed locations. But an attack that was planned and orchestrated properly on them could collapse the entire grid,” said Pinou.
In many cases, he noted that high-voltage transformers are only partially protected by metal fences—as opposed to full enclosures like those found in Germany. Such enclosures are one of several proven methods to protect data centers from EMPs, others that the team discussed are: maintaining distance from an attacker, metal lining in hardened walls, and wire mesh covered (or bricked over) windows.
Faraday Cage to the Rescue
To demonstrate why they’re so important, Pinou turned on a prototype EMP device in the vicinity of two laptops; the team had constructed the EMP from over-the-counter parts. One laptop was unprotected and the second was ensconced in a metal mesh “Faraday cage.”
When activated a few inches away, the EMP device shut down the unprotected laptop immediately, while the latter was unharmed as the mesh cage dispersed the energy.
“Imagine anyone with access to critical network, who has certain privileges and is able to identify key components in that infrastructure. That person can easily magnify this and walk into allocation, take down something, and walk out,” he said.
Pinou and Chy conducted the research as part of a capstone project in a cybersecurity course under the supervision of Hayajneh, and are presenting their findings in a forthcoming paper, “Electronic Warfare and Cyber Security Threat.”
“This is a core course in our MS program in Cybersecurity in which we teach the student’s cybersecurity research and analysis methodologies,” Hayajneh said.
They said that first and foremost, the question of who is responsible—government or private industry—for protecting the electrical grid from physical and cyberthreats needs to be resolved.
“Unfortunately, if Congress and the government continue to move at a slow pace, once day it may be too little, too late,” Pinou said.