What does Die Hard 4.0 (2007) have in common with business in the 21st century? In Diehard 4.0 the United States of America experienced a Fire Sale. A Fire Sale is a cyber attack against a state’s transportation system and their economy. Of course, as with all Hollywood films, it was far fetched and over the top. However, although Die Hard 4.0 was certainly fictitious could this happen in real life? Welcome to the reality of Stuxnet. So far malware (viruses, trojans, worms etc) has generally targeted governments and the private sector, but recently Stuxnet focused on larger targets. It aimed to cripple power stations and more importantly nuclear power stations. Many theories exist; was it created by a company, a government, or “outsourced” to an elite team of hi-tech programmers? Another theory is that it was created by a group of extremist environmental campaigners, though this seems unlikely.

The alleged target of Stuxnet was Iran’s nuclear facilities and no group has been identified as the creator of Stuxnet. Cyber warfare has two big advantages over “reality” based warfare. In the past, western nations have launched tactical strikes using fighter jets against “rogue” states’ nuclear power stations. This puts the pilot and fighter jet at risk; the pilot could be killed or captured over enemy territory. Hence bad PR for the country is generated with physical warfare, but with cyber warfare everything is electronic and harder to trace. Fly an F-22 Raptor worth £90million over enemy airspace and it is easily identifiable as coming from a particular air force. £90million is the cost of one fighter jet whereas programmers only cost £10s or £100s of thousands. Programmers can work from home thus making it hard to establish where the attack came from.

In the 21st century companies and the public rely heavily on technology. Roads, electricity, water, gas, shopping, media, finance, satellites, and the military all rely on technology for day to day operations. During the winter, especially when snow falls, many people don’t want to go out to shops and may rely on online retailers for ordering and deliveries instead. However a single DDOS attack (distributed denial-of-service) could take down an online retailer for hours or maybe days. This would reduce the company’s income and stop the vulnerable customers receiving groceries to their door. This scenario can be applied to anything; water or power is vital during the cold months. Countries or terror organisations could cripple another country without even leaving their desks.

A simple way of protecting vital utilities (gas, power and water) is to remove outside links. Control grids for power, water or gas should have little outside connectivity. Thus threats channelled by the means of the internet would have little effect. If outside connectivity is cut the only real method is by physical means. An attacker would either need to get past the physical security barriers or use an insider to implant malicious code. The most secure example is a laptop with no USB ports, no CD drive and no internet connection, locked in a safe. Of course, in the real world, this renders the device useless because there is little interaction or connection to the outside world, so a compromise must be made while ensuring it doesn’t compromise data security.