By Guest Author Jim Cavanagh, firstname.lastname@example.org, +1.770.984.5800
Am I a "security guy"? I have written or edited half a dozen or so books and hundreds of articles and white papers on security, I routinely speak at cybersecurity trade shows and conferences and I am a DHS-credentialed table top exercise writer and moderator. So people might assume I am a "security guy" but, no, I am actually a computer and network technologist who needs to secure stuff. It may boil down to pretty much the same thing but the perspective - the angle from which I attack a problem - is very different from that of a security guy.
I am often asked "what keeps me up at night?" The answers have changed a lot over the years and have often been resolved with additional study or new countermeasures or security techniques. What kept me awake in 1995, for instance, is much different than what causes loss of sleep now. A much better question would be "what kept me awake last night"? The answer is IEMI, is it science fiction or reality?
IEMI stands for Intentional Electromagnetic Interference, which is very closely related to Electromagnetic Pulse, or EMP. Most Americans have heard of EMP and know the story: a man-made EMP weapon detonated about 300 miles over the Earth's surface causes widespread damage to electronic components. This includes everything from cell phones, PCs, notebooks, tablets and palm devices to SCADA electronics, refrigeration, weather sensors, train gates, car and truck electrical systems, even the power grid itself. And a million other electronic things. What differentiates EMP from IEMI is that EMP can originate from a rogue state but is just as likely to be caused by Mother Nature. IEMI is completely of human origin.
So, why does IEMI keep me awake? First of all, IEMI is not science fiction. IEMI can be used by disgruntled employees, rogue states, cybercriminals, terrorists and even spurned lovers. In fact, the list is almost endless. One thing that all of the folks that use IEMI have in common is that some of them are extremely intelligent. But they don't have to be. The second thing is that IEMI weapons can be sophisticated truck-mounted Star Wars-like affairs made by experts at great expense but for the most part are constructed with a minimum of technical skill from readily available parts. A perfectly workable, and dangerous, IEMI weapon can fit in a soft drink can, or can even be smaller. The third thing that is always a part of my IEMI nightmares is that a destructive IEMI signal can go through walls and, in fact, can inflict extreme collateral damage on all nearby systems that are not correctly shielded. In many cases at a range of two-football fields or more.
There is a growing body of evidence that IEMI is being used on US soil by an ever-expanding cast of bad characters for the same reasons law enforcement and the military have been using it for years: it works from a distance with no real danger to the perpetrator. IEMI weapons can be constructed easily from parts readily at hand, such as components from discarded microwave ovens. IEMI defenses, such as shielding and detectors are not widely known or utilized but are available. And, most importantly, so little is known about IEMI by the IT and tech communities that IEMI attacks are often written off to static electricity or electrical spikes and are not researched further or even logged as problems.
What can you do so that IEMI doesn't keep you awake at night? Learn more, check and see if your cloud-based or corporate data center is properly shielded and, better yet, has IEMI detectors. It isn't the entire solution but it's a start.
About the Author
James P. Cavanagh is a technologist and network engineer who spends a lot of time and effort on assuring the security, hardening, resiliency and business continuity of systems, regardless of the cause. His organization, Cyber Exercises, along with Technology Association of Georgia pioneered the Cyber Attack & Business Continuity Simulation in February 2013. It was the first open table top simulation of its kind featuring over 40 on-stage role-players working to bring the fictional Global News Network back on the air after a paralyzing series of terrorist attacks on GNN's uplink satellite facilities. Two of the attacks were IEMI.