If the country were ever faced with an immediate threat of cyberattack, a copy of this booklet would be impossible to distribute to every household as part of a public information campaign. There are so many media platforms, we have no idea which one or ones to use that would, in their combination, reach all households. Moreover, even if we got the booklet out, how would we make sure that people actually read it? Let’s face it, attention spans are not what they were in the 80s, when all we were worried about were nuclear missiles and bombs.
If the country were attacked by a wide-ranging cyberattack, we do not know what targets will be chosen or how severe the assault would be. We probably couldn’t even imagine what would be attacked, so we’re rather certain that there will be critical flaws in this plan because of faulty assumptions made that a particular service would be available or that help would be on its way to those in distress.
If cyberattacks are used on a large scale, those of us living in rural areas would be potentially exposed to as much risk as those in urban areas. Supply chain disruption could deprive all areas of critical resources such as food, medical supplies, fuel, and so on. Service disruption could mean that sectors of the country would not have basic police, fire, and/or emergency protection. We like to think that the emergency response system is hardened against attack, but the truth is that that system is quite vulnerable in many areas. It is likely that some emergency systems are still managed via insecure methods and would be easily compromised by a large-scale cyberattack. This could also mean that alarm systems would be on constantly, without interruption, producing high levels of mental stress.
The dangers which you and your family will face in this situation might not be reduced if you do as this booklet describes, but at least you won’t be as surprised about what goes down as someone who hasn’t read this booklet.
READ THIS BOOKLET WITH CARE. IF YOU RECEIVE AN ELECTRONIC COPY, PRINT IT OUT AS SOON AS POSSIBLE BEFORE YOUR HOME NETWORK, POSSIBLY INCLUDING YOUR PRINTER, IS COMPROMISED BY THE ENEMY.
1. Challenge to Survival
Everything that is connected to the Internet during a cyberattack will potentially be damaged, destroyed, or weaponized.
Any device connected to a network that is itself connected to the Internet is at risk of complete or partial data loss. While personal data loss may be limited to items of a sentimental nature and locally-managed personal data, public and corporate data loss could potentially result in wiping of individual records. These records would potentially be those used to justify access to products and services, both public and private. Because it is cost-prohibitive to retain hard copies of these records, we recommend that you retain a hard copy of a volume of Stoic philosophy, Seneca being a good example of such, so that you can endure your losses with dignity. It is likely that restoring lost data would involve a process at least as long as used when it was first created, likely a longer process due to the need to utilize pen, paper, typewriter, and processes that we as a nation have largely abandoned due to our digitalization.
Any device with an Internet connection is also at risk of being rendered completely useless by way of having its software wiped or corrupted. Such devices would not be able to be updated by their vendors, either via the Internet or via hands-on methods. While loss of function for home thermostats would result in substantial discomfort, loss of function for medical devices and potentially refrigeration devices could lead to sudden or eventual loss of life. While we cannot advise that all persons immediately exchange “smart” medical devices for non-Internet connected equivalents, we do advise that persons with “smart” medical devices consult with their trusted medical specialists about the feasibility of eventually replacing such devices. As for persons who rely upon refrigeration to preserve medical supplies, we strongly recommend not using a “smart” refrigerator and that they maintain a power supply independent of the local grid, with sufficient fuel to last for 2-3 days. Maybe 4. Or 5. Or 6. 7, tops. Well, 8-12 in a severe case. 13-21 in a worst-case scenario. Could be a month or two, really, before services get restored if the attackers keep following up with additional exploits. Maybe even up to a year, when we think about it. Don’t want anyone to panic, but, yeah, we’re that vulnerable.
While it is possible that a cyberattacker would utilize connected devices to intercept domestic communications, we consider such a scenario to be low risk. We are more concerned about an attacker exploiting vulnerabilities in connected devices that would cause them to malfunction to the point where they would be potential fire and/or explosive hazards. To minimize this risk, we recommend that citizens unplug – not just turn off, but unplug – all electronic devices not in use. This includes unplugging them from the Internet. This also includes unplugging devices that do not connect to the Internet, as it is possible an attacker could weaponize the power grid to send a power surge to a residence, with the intent of creating chaos and confusion.
Under no circumstances should a citizen consider operating a motor vehicle during a major cyberattack. Even if your personal vehicle is not Internet-capable, you cannot say the same for the other vehicles on the road, nor can that be said for your municipality’s traffic control systems.
If you have a home alarm system, disconnect it as soon as you have advance warning of a cyberattack or become aware that such an attack is underway. This disconnection will need to include the battery back-up system for the home alarm system. The concern here is that the attacker will create chaos and confusion by triggering the alarm. The constant noise of the alarm would both render the home unusable as a shelter as well as lead to mental strain for one’s neighbors. Triggering home alarms across a wide area would also overload emergency response systems, if those haven’t also gone down in the original attack.
In the event of a cyberattack, remove all batteries from smartphones, tablets, and cell phones so that those devices cannot be weaponized, as described above.
We’re pretty sure we left something off this list that will result in massive injury and loss of life. In our defense, there are so many Internet-connected devices, we can’t even begin to imagine how to protect against all possible situations in which they could be compromised and/or weaponized. The guy in the cubicle next to me just mentioned something about Internet-connected cat boxes. Again, if this was 1980, we wouldn’t have to face such a scenario. But this is 2018, so we may very well have a cat box-related tragedy befall our nation in a major cyberattack.
2. Planning for Survival
Stay at Home
The title of this section is reassuring, more so than the more accurate “Stay Near Home, Possibly in a Public Shelter, Unless Those Are Also Compromised in the Attack.” If your home isn’t rendered unusable due to your domestic devices being shut down, incapacitated, or weaponized, you will have as good a place as any to ride out the attack.You may die there, cold, hungry, dehydrated, and exhausted, but wouldn’t you rather die at home than on the street or in some wilderness? It’s your call, but at least if you die at home, it’ll be easier to notify your next of kin, assuming we can get communications systems back online and are not overwhelmed by local casualties.
Anticipate complete disruption of electrical, water, natural gas, and sewage utilities and plan accordingly. “Plan accordingly” is really a cop-out. We have no idea how every family in a major urban area would be able to arrange resources to cope with such a disruption in services. Especially families in apartment complexes, and doubly so for those receiving public housing assistance. Good lord, they might riot within 72 hours as the food in the local stores is exhausted. But where will you go? It’s not like these riots will be localized. I’m looking right now at a scenario in which the national distribution network is knocked offline for two weeks, and the carnage will be awful. So, yes, do stay at home. It will help you preserve your strength for the coming armageddon.
Plan a Refuge
If you can adopt a pre-industrial lifestyle where you raise your own food without the aid of mechanization, chemical fertilizers, or modern distribution networks, the sooner the better. Of course, that also means exposing yourself to diseases that pretty much exist only in developing nations and history books, so there’s a bit of a trade-off there. You could go with getting a year’s supply of food and a local water gathering system, but there may actually be laws in your area that make water gathering illegal. As for the food, that’s a major expense, so you can’t ramp it up all at once. Basically, if you don’t have a refuge now, you may be too late. Don’t panic, however. There is still plenty of time to print off the public-domain works of a Stoic philosopher so that you can endure these hardships with dignity.
If you live in a tiny house with a chemical toilet, you may be better off than most at first. Nobody here envies you for the task of replenishing that toilet, should the distribution network still be down when the time comes.
Plan Your Survival Kit
Stock enough food and water for 14 days. Why 14 days? We have no idea, but if it was good enough for the people who wrote the pamphlet on how to survive nuclear war, it’s good enough for us. Each person should drink two pints a day, so that means 3.5 gallons per person. I can’t do metric, so you’re on your own there. This water is for drinking. You’ll need twice as much per person for washing, and we’re not talking about showers or baths, either. You’re going to get rather grimy in the event of a major cyberattack.
Choose foods that can be eaten cold and that will also keep fresh, such as cans of soup or beans. You will likely want to practice eating soup straight out of the can now so that you can discover which flavors you prefer best and so that you learn to suppress your gag reflexes, should they be evident while consuming such a meal. The cold soup you eat today may mean cyberattack survival tomorrow!
Heaven help you if you have a baby or special dietary requirements. You are going to suffer grievously.
In the past, a radio would be one’s only link with the outside world, but even emergency and commercial radio systems can be disrupted in a major cyberattack. You might as well get a hand-cranked radio and try it out from time to time, in case we get lucky and manage to restore radio services.
Make sure you have plenty of warm clothing, first aid supplies, cutlery, dishes, and a can opener. Nobody wants to be the chump that stocked up on canned goods, only to forget a can opener. Better get several, just in case one breaks.
You will also find sleeping bags, flashlights, camp stoves (be sure to have the proper fuel and ventilation for these), spare batteries, toilet articles, and buckets to be very useful. You will also want a shovel and a location at least 20 feet away from your home where you can bury your solid biological waste. You would want this to be in an area that is not exposed to rain runoff or the local water table, as it will be a source of disease.
Also have tissues, notebooks, pencils, brushes, cleaning materials, plastic or rubber gloves, toys, reading material (including the Stoic philosophy that will help you cope), a mechanical wind-up clock, and a calendar.
Finally, in advance of a cyberattack or as one is underway, it may be advisable to shut off gas, electricity, and water services at the utility shut-off point so that damage to those systems will not compromise your shelter.
3. Protect and Survive
In the 1980s, we could discuss the methods of warning about an imminent nuclear attack. Such warning would be available in the case of a bomber attack or ICBM launch. We did not talk much about a submarine-launched missile attack, as those would have far less time between missile launch, missile detection, and missile target impact. We would basically know about the attack right before it took place.
In the event of a wide-ranging cyberattack, we may not know about the attack until some time has passed after the initial phases of the attack have been completed and the secondary phases of the attack commence. It is also possible that the cyberattack targets the warning systems themselves, so that they emit one or more false warnings to crate chaos and confusion and mental stress – or so that the warning systems do not function at all, as a prelude to a nuclear weapons attack by way of bombers, ICBMs, and/or submarine-launched missiles.
That last one would be the worst possible scenario. No warning, all major cities and quite a few minor ones all hit at the same time. The enemy wouldn’t dream of doing that, however, unless it also had managed to deprive us of our ability to use our nuclear weapons in that cyberattack. Since the enemy has been very persistent in attempting to penetrate our cyberdefenses, we can’t rule out that they might gain that upper hand and then launch the attack that effectively destroys our nation at little or no risk to their nation and/or allies.
It’s also possible that the enemy nation merely launch the cyberattack to deprive us of our nuclear weapons, with the intent of capturing and controlling our industrial base and natural resources. It is possible that the enemy nation would change the function of industrial security systems to keep loyal workers locked out, so as to prevent acts of sabotage to prevent industry from falling into their hands.
The same enemy nation may also be interested in disrupting the supply chain so as to induce mass panic, protest, and rioting. In the resultant die-off, our population would be too weakened by civil unrest and famine to mount an effective, coordinated resistance.
If, for some reason, our national leaders miscalculate on a massive scale and have to resort to a launch of nuclear weapons as a last-ditch measure, it is quite likely that the enemy nation will launch a wide-ranging cyberattack in conjunction with a discharge of its nuclear weapons, so as to take us down to hell with them. I know I said that a situation described above would be the worst case, now I’m not so sure.
We’ve so far attributed wide-ranging cyberattacks to enemy nations, but we also have to consider the possibility of the attacks originating from a non-nation-state actor, an internal threat, or as a result of pure accident. In such cases, we estimate that the impact of the attack would not be as comprehensive as described above, but could still incapacitate one or more major utilities and/or public services.
Holy crap, I haven’t even thought about air traffic control systems or airports until just now. If there’s a major cyberattack, pray that you’re not in the skies, should those systems be compromised.
Same goes for commuter rail and metro systems. I’m getting sick, just thinking about those.
My boss just looked over my shoulder and read what I’m typing. He didn’t say one word about changing my cynical tone. He just sighed and went into his office and shut his door. I think I can hear him crying in there.
If that part about the crying is in the final pamphlet that goes out, it must be because this threat is way worse than I’m letting on here and that this document, cynical and depressing as it is, is actually somehow better than leveling with you and telling the full story.
May God have mercy on our Internet-connected souls.