One advantage that we all now have in addressing a cyber attack is awareness. During heightened tensions with other countries, you will be aware of the potential risk that these devices may pose and utilize your electronic equipment sparingly. Knowledge is power.
Defensive measures have two considerations. The first thing to ask is, how should I protect myself. The second is, how should I ensure my equipment and my property is not causing damage to my country or the general population. The best defense is to eliminate dependency. Minimizing or reducing our need for electronic devices is the most practical and cost effective way to mitigate this risk. For me (and I assume most of you as well, since you are reading a blog site), these modern tools provide advantages that allow us to produce, perform, and recreate easier and faster and provide greater returns for the effort. I know I utilize my computers for work and play and do not look forward to a day where I may have to give them up. Still, it should be strongly considered, and minimizing devices as much as possible provides protection.
If you have such devices, you may be relying on your security software. While again, I am not an expert, talking to those who have an understanding, the primary functions of these programs is to prevent theft and to prevent system malfunction. These are commercial and civilian programs, and they would be of extremely limited use for sophisticated nation state supported military sponsored software. In addition, if these programs are part of your hardware or are included in your software but are having no ill effects on the system, your security software will most likely not be a target for them. We must also consider that the nation states, with significant resources available, may actually corrupt the makers of these products. China demanded access to Microsoft’s operating system, threatening to come up with an alternative and prevent Microsoft from entering the lucrative Chinese market. Microsoft, after a prolonged defiance, eventually complied and has been cooperating with the Chinese government ever since. As of 2015, the Chinese government has also announced a plan to move away from Microsoft and Apple operating systems for all government installations. Software is continually redesigned and evolving, and security software is not pre-cognizant and is always responding to the problem. While it provides a defense against rogue hackers and some criminal elements, it is very limited protection from a true cyber attack.
What are the other options aside from eliminating my devices? Richard Clarke’s book identified nation state defenses and proposed a bevy of new spending and regulation. These are all designed to protect government and infrastructure, and secondarily to protect the local citizenry by continuing active utilities and government. Most of his suggestions do not translate to the average individual, but those that did have been shared. I would love to hear comments from the other readers of this blog. I have a few ideas that I believe may mitigate some issues.
Power Down
The first is to power down and disconnect from the Internet on a regular basis, especially when you are away from your home or asleep. Most of our computers, if connected to the Internet, even while powered down may reactivate in the early morning hours to update their systems on a regularly scheduled basis in order to provide us with a better user experience. So, to truly power down, it should be disconnected from the power source, such as utilizing a power surge protector with a switch. Now, if you do have dormant malware in your system, it most likely will need an activation code to start the process for which it was designed; otherwise, these programs would be consistently revealing themselves. Powering down or disconnecting from the Internet should prevent or delay an activation code. Also, if a virus is on your system and propagating to other computers, you are minimizing the ability for it to accomplish its mission. However, I could foresee a sophisticated program that activates at a specific date or thereafter. If you have powered down your equipment and there are concerns of a global attack, be wary as you decide to engage such equipment and take appropriate precautions.
Remove Battery/Fire Risk
It should mitigate risk to remove the battery in devices. The most combustible part and key ignition source for our mobile devices is the battery. Even new desktops do not have the power override button in the back anymore, and many of these have batteries as well. Removing it from the device should render them both relatively harmless. However, if you bought a laptop recently, the batteries are no longer removable; thus, even while powered down and disconnected, I would recommend storing these devices in a place that would not create an issue if they overheated. (You might consider a kitchen counter instead of on your desk amid a pile of papers.)
One Device At a Time
Consider starting or utilizing one device at a time. If you have multiple devices and they are all powered off, do not have everyone in the house activating multiple devices at the same time. If you are in dire need of outside communication and you are activating a device, do so considerately and pay attention to it closely.
Control Access To/Disconnect From the Internet
A technique that China has developed is to disconnect from the Internet leaving China Internet operational but independent from the web. The U.S. military has a stand-alone intranet separate from the web that was infiltrated by the Russians. Disconnecting the landline in your home and disabling your Wi-Fi may mitigate risk. Unfortunately the problem is that our devices seek any and all services. If your neighborhood coffee shop has Wi-Fi that is still active, your devices may continue to communicate and be infected or create problems. Some devices have physical switches to disconnect Wi-Fi, and all have the ability to do so via software. However, it is possible that the malware may be sophisticated enough to instruct the devices to reactivate Wi-Fi communication. In more remote locations, you may be the only Wi-Fi source and therefore have a greater control, but everyone should be aware of signal sources.
Take Smartphone and Vehicles Offline (OnStar, Et Cetera)
Our smartphone devices also pick up telecommunication signals and potentially even satellite. It will be nearly impossible to disrupt these signals. As above, some devices can be instructed to go offline (airplane mode) but the same caveats about malware apply. Many of our newer vehicles are connected and some have the potential to start the ignition or unlock doors. There are multiple tutorials on how to disconnect devices such as OnStar on YouTube. You should investigate regarding the make and model of your vehicle. Again, one of the truisms often discussed here about having an older vehicle takes care of this situation.
Use Surge Protectors
Surge protectors may have some value in this situation, and again I would like to know what the readers think about this issue. I don’t know how much transient voltage a device could create. The concern from surges would actually be from cyber attacks on the grid targeting generators and eliminating protective devices. This would obviously be a non-issue if you provided your own power and were not connected to the electrical grid. Whole house and individual device surge protectors would then be a secondary protection, but this would be from the effects of the attack and not protection from the software attack.
Software and Hardware
Choice of operating systems appears to be of no benefit.
I know people who build their own computers and that may ensure some hardware security, but there is still potential to have compromised components. Knowing your own computer would allow you to confirm disconnection from electric and Internet. I have not found U.S.-made CPU’s for sale anywhere, but it is my understanding there is a push to do so for government use. A difficult effort would be to understand programming, but that would take significant time away from other activities.
If anyone had additional thoughts I would enjoy reading them. The books and articles that I have been reading are more directed to corporate or governmental protection and policy than the concerns of individuals. This may be one of the newer and graver geopolitical threats that is rapidly evolving and could potentially impact everyone connected to the Internet.
Finally, I would like to close as I opened, with references to an EMP. Again, I did not go through all the preparations we would have for an EMP, and all of those would help. Also, much like an older model car without computer components at all, a Ham radio (while still requiring electricity) may be your best consideration for communications. Lastly, you may not be able to trust an “EMP protected device” and therefore require physical copies. If you are putting that off, these physical copies can be used without devices or electricity. As always, do your own homework, make your own decisions, and God bless.