CASCADE - Chapter 20

BOT HERDER

March 17, 2023

BOT HERDER

When it came to computers and information technology, Clay was a genius. Clay envisioned an event so massive that it would garner worldwide attention. After months of research and study, he attended a conference at Princeton. It was a security symposium, and the pieces were put together there. Clay knew that the cyber security solutions presented would be slow to develop or not developed at all. In their Congressional narcissism, the U.S. congress was more interested in making the other side look bad than in real solutions. After extensive research, Clay knew the nation’s power grid was a vulnerable large target. In Europe, this was proven in 2015 when foreign hackers shut down the power of a large portion of the population in Ukraine. After all his investigation, he determined that one person could accomplish a fail-safe plan, and that person was him.

Colvin was surprised when he saw a whiteboard set up in the cabin. Colvin chided, “Really? When did you get a whiteboard?”

“The last time I got supplies in town.” Clay smiled with excitement. “I have been working on this for a long time. The test I did the other day with malware, used the back door of the Appalachian Power Company’s computer system, prevented line isolation, and caused a cascade. That cascade shut down the Electric Grid for Virginia, West Virginia, and Tennessee.” He continued, “I have found a way to go through the front door.” On the whiteboard, he wrote IoT. After, he wrote Internet of Things.

Colvin questioned, “What kind of things?”

“Smart devices, but what we are looking for are high-wattage smart devices that consume a great deal of energy, such as Smart TVs, air conditioners, furnaces, water heaters, and refrigerators.”

Colvin interrupted, “I get the point, Smart.”

Clay continued, “So the internet of things can be configured into a network. A rather unconventional network, but a network all the same. Each device in the network is called a BOT, and the network is called a BOTNET.”

Colvin proudly proclaimed, “Ok, I am with you so far.”

“Now, let’s turn our attention to a utility company.” He drew a box. He drew monitors, utility poles, and power lines outside the box. Then he asked, “What are a utility company's supply and demand sides?”

“Great, more questions.” But then Colvin quickly followed, “Supply is when electricity is generated, and demand is where it is used. Oh! Like a BOT.”

Clay was happy to be understood. “If I took that BOT and inserted malware, my network of computers, my BOTNET, could become weaponized.” Proudly, “Now I, the BOT herder, can cause manipulation of demand through the Internet of Things.” Writing quickly on the whiteboard, “This is known as MadIoT.” Clay walked closer to Colvin and proudly said, “I would be attacking the demand side of the GRID, causing large-scale blackouts.”

Colvin interrupted, “You could do this on a large scale?”

“I would only need a small number of BOTs. Research modeled a disruption of a Polish GRID with as little as 200 Smart Air Conditioners. That 1% increase in demand would cause a cascading GRID failure. “However, we would also want some insurance for success.”

“How would you get that?”

“By a successful phishing e-mail attack on the utility companies. A company employee opens an e-mail and clicks on a maldoc, such as a video, which then installs malware. The unsuspecting employee goes on with their day, and the malware is inserted into the system, waiting to be activated. I can then learn about the IT network and obtain user names and passwords, access employee workstations, and execute control commands sent by the malware. The executed control command will prevent operators from communicating with substations.”

“All by one phishing e-mail?”

“Yes, one phishing e-mail, which I finished two weeks ago, to all the employees of several different utility companies. I only need one employee, from each targeted utility, to open the e-mail and click on the video, which installs the malware.”

Colvin pondered all that was shared. He asked, “What do you have concerns about?”

Clay sat down thoughtfully, “Starting the cascade does not have a specific timeframe. It’s not like flipping a light switch. After activating the BOTNET, the cascade will take hours to develop, and a blackout will occur. I am also concerned about the manual part of this plan with Mason, even if he agrees.”

Colvin concluded, “The cascade will happen in the timeframe it takes to happen; we have no control over that. The blackout will provide a diversion as long as it is close to the time of the other plans. As for your second concern, Mason will agree, I am sure. It will work, and we will stop the mountaintop removal operation.”