Are Squirrels A Bigger Threat To Our Critical Infrastructure?

"The real threat to global critical infrastructure is not enemy states or organizations but squirrels, according to one security expert." Long-time Slashdot reader randomErr quotes the BBC. Cris Thomas has been tracking power cuts caused by animals since 2013... His Cyber Squirrel 1 project was set up to counteract what he called the "ludicrousness of cyber-war claims by people at high levels in government and industry", he told the audience at the Shmoocon security conference in Washington. Squirrels topped the list with 879 "attacks", followed by birds with 434 attacks and then snakes at 83 attacks.
Those three animals -- along with rats -- have caused 1,700 different power cuts affecting nearly 5,000,000 people .

Re:Yes but...

[Tablizer]

Were these RUSSIAN squirrels?

You can tell by where they are Putin the acorns.

Re:

[ncc74656]

Where's the "-1, Bad Pun" mod when you need it? :-)

Re:

[Anonymous Cow Ward]

I'm pretty sure that should be a +1.

Re:

[Aighearach]

Gonna ignore the pun and tell a short story.

Last summer my wife went outside in the morning and surprised a squirrel that had just dug a hole and was about to drop an acorn in it. It saw her and to hide its actions it started lifting the acorn up and down like a human exercising. Squirrel was totally like, "nothing to see here, just exercising, move along!" LOL

I'd read about the fact that when scrub jays (a natural enemy that eats and hides the same foods) are around they are more careful about their hiding

Re:

[FatdogHaiku]

Nyet!
Moose was sighted standing guard for squirrel!
Both escaped capture and are suspected to be in vicinity of Frostbite Falls.
Consultant Coyote has stated capture repeatedly fails due to lack of complicated schemes and devices to apprehend or annihilate subjects.
Coyote is expecting delivery from Acme Sales Corp. any day now...

Re:

[mcswell]

Boris, that you?

Re:

[mcswell]

Eh, no talk stink. Those animals gave their lives for this.

Re:

[The Grim Reefer]

Squirrels are rats with hairy tails, that's all.

My father jokingly called them "tree rats" when I was a kid.

Re:

[david_thornley]

I was doing testing when the local power company introduced a new system for outage and crew management. The first field report entering the system listed an outage as caused by a "fried tree rat".

Call To Trump

[Anonymous Coward]

Build tremendous walls to protect our infrastructure and make the aminals pay for it!

Re:Call To Trump

[sjames]

He has a shovel and he's doing his best. He wears one on his head as a trophy.

Re:

[AutodidactLabrat]

A shovel of alligators are his entire toolset.
You don't drain the swamp of lobbyists by putting billionaires who hire lobbyists to run the government

Re:

[quicks0rt]

No, the problem is more nuanced than that. See, we have corporation owned media who also employs lobbyists to fund campaign. On one hand, you hear little to nothing about many political corruptions because established media will not report on it, or downplay it so that least amount of eyeballs and ears hear about those stories. Most often, you will not know what the politician is up-to or what ties he/she has with rich donors until election is over. See, if your only source of political news is CNN, Fox Ne

Re:

[AutodidactLabrat]

Why am I always out of MOD POINTS! This is FUNNY!

CORRECT!

[mmell]

Trump didn't win . . . Hilary lost. So good of you to admit that.

Re:

[Coren22]

Trump won, the US lost.

He's missing the point.

[Cyberpunk Reality]

Squirrels and birds are never going to scare the public to the point of feeling good about hundreds of billions in spending, or freely abandoning long-cherished rights.

Re:He's missing the point.

[Sarten-X]

Squirrels and birds are also never going to be launching coordinated events designed to overwhelm the utilities' abilities to bypass and repair damage. Nobody cares that a foreign nation might be able to shut down a provider. The concern is that they might shut down all providers.

Re:

[umghhh]

What if squirrels organize? Even if they are not good at organizing I am sure Putin could help here...

Re:He's missing the point.

[140Mandak262Jamuna]

You must have missed the documentary filmed by the noted historian one A. M. Hitchcock.

Re:

[antdude]

IIRC, humans tried to use rodents, birds, cats, dogs, etc. to take out things.

Re:

[default luser]

Specifically, this

The Bat Incendiary [wikipedia.org]

Re:

[Anonymous Coward]

Nobody cares that a foreign nation might be able to shut down a provider. The concern is that they might shut down all providers.

This is about the infrastructure (e.g. power lines), not the providers (e.g. power plants). That being said, if there's only one provider in my service area, or a single critical piece of infrastructure that can cut me off from all available provider, then I care a great deal about someone (or something's) ability to damage it.

Re:

[PJ6]

Squirrels and birds are also never going to be launching coordinated events designed to overwhelm the utilities' abilities to bypass and repair damage.

That's just what they want you to think.

Re:

[Tablizer]

Squirrels and birds are never going to scare the public to the point of ... billions in spending

Tell the public they are illegal Sharia atheist squirrels here to overthrow our elections, tax us, chew up our guns, and take our jobs. A reliable source told me so.

Re:

[AutodidactLabrat]

Why am I always out of Mod Points when the good stuff comes in?

Re:

[NEDHead]

Hitchcock might disagree

Re:He's missing the point.

[hey!]

It would be nice if people could learn to think in terms of threats that fell somewhere between "safe to ignore" and "extinction level event". Or could distinguish between "extreme and expensive" responses and "effective" ones.

9/11 could have been prevented by simple, conservative and inexpensive countermeasures. After 9/11 politicians droned on about how "9/11 changed everything," but the cold sober fact was that it in fact changed nothing. It just showed that some of the things sensible people had already been telling us to do (like reinforcing cockpit doors or getting agencies to work together despite institutional rivalries) really did need to be done. Instead "9/11 changed everything" became the rallying cry for every pet scheme that had heretofore been correctly dismissed as too expensive, hare-brained, or just plain dumb.

Which doesn't change the fact that something needed to be done. Here's the lesson I think we should take into this infrastructure debate: we should take sensible and conservative steps to secure infrastructure against terrorism now, before events put foolish ones on the table.

Re:

[ColdWetDog]

You must be new here.

Re:

[Mike Van Pelt]

9/11 did change something -- passengers will no longer meekly submit to hijackers; they'll swarm and stomp them.

Re:

[HornWumpus]

My cat brought me a 'complete' headless squirrel. I considered it a magnificent gift.

Re:

[Anonymous Coward]

They don't want middle eastern muslims to flood the USA and throw them off buildings.

How about ...

[BarbaraHudson]

Power cuts by drunks running into utility poles? Or idiots shooting out power transformers and insulators? And backhoe operators who don't call first to check for buried utilities?

Re:

[ColdWetDog]

"CyberBackhoe" or "CyberDrunk" just doesn't resonate like "CyberSquirrel".

Cute, furry rodents trump fat white guys any day.

Re:

[Aighearach]

That explains why the squirrels were chewing on the line, they were just trying to get some cyber' action!

Re:How about ...

[alvinrod]

Or meth heads trying to steal the copper out of electric cables or other equipment.

Re:

[mcswell]

Nyet, Boris and Natasha are busy tryink to make all traffik lights in US turn green at same time. They read about this in American science fiction story, http://www.gutenberg.org/files... [gutenberg.org].

Trees

[Fly Swatter]

.. cause far more outages and damage. Squirrels merely live in trees. Blame the trees.

non-stationary.

[Anonymous Coward]

The number of deaths due to nuclear weapons, as a fraction of total deaths, is very small as well.

That may be true most of the time

[davidwr]

But there were two particular days in 1945 when that wasn't the case.

Re:

[hey!]

Those are what are known in statistics as "outliers". They can be safely thrown out, unless the conclusion you're after depends on them.

Re:

[david_thornley]

They weren't even the deadliest bombing raids in history. A March 1945 incendiary raid on Tokyo killed more people than either nuke.

Re:

[q4Fry]

Yes, but that raid took more than a single plane and warhead. With those 334 B-29s and atomic bombs, you could have killed at least a quarter the population of 1940s Japan.

Amped up squirrels

[burtosis]

We need cyber countermeasures to deduce how these squirrels conduct their missions and how we can short circuit their diabolical plans.

Squirrels spread their attacks conveniently

[grimJester]

Squirrels are just a cost, not a threat. They don't coordinate to attack all at once like a hacker group or hostile country would do. They'll never take out the whole country at once.

Re:Squirrels spread their attacks conveniently

[Kohath]

Yeah, the difference between random factors like squirrels and attackers is that random factors don't learn and adapt and scale up their attacks. Random factors stop randomly. Attackers don't stop unless you stop them.

Re:

[tehcyder]

they will never, ever stop until they get what they want.

Squirrel Terminators.

Re:

[phantomfive]

How many spies and saboteurs with well-placed bombs (or high-powered rifles) would it take to disable the power grid? Not many, I would think. There are a lot of threats besides 'the cyber.'

Security is something for professionals like us to think about always while we're working, but it's not something to panic about. A lot of these news stories like this one [nytimes.com] are designed to spread panic, and to increase power to those who are spreading panic.

Re:

[phantomfive]

ok, someone modded it down, but the push with "cyber security" and power is not a new thing. Remember when they wanted an 'internet kill switch?' [cbsnews.com] It's not about Russians, or Chinese, or fat people in the basement, it's about people using excuses to increase their power. This theme has been going on for as long as the 'invade Iraq' thing was going on........many years before the invasion actually happened.

Re:Squirrels spread their attacks conveniently

[Sarten-X]

How many spies and saboteurs with well-placed bombs (or high-powered rifles) would it take to disable the power grid? Not many, I would think. There are a lot of threats besides 'the cyber.'

Far more than it takes to set a flag on a C&C server. Those spies and saboteurs also have to be physically present around the time of the coordinated attack, increasing the risk they'll be caught, and the opportunity for them to double-cross the attacker and reveal the plan to the target.

On the other hand, malware can lurk for years undetected from a single entry point. A small team of sub-sub-sub-contracted service technicians can deploy malware to an embedded system, and walk away. Sufficiently advanced threats can hide their traffic inside the normal monitoring operations of the utility, cross through the network, and even add personnel records, effectively making their actions look like legitimate employee operations until they shut everything down.

Targeting infrastructure has been a military strategy for as long as there have been militaries. Modern tactics, however, focus on efficiency. If five malware-assisted spies can take down a target country's utilities with no risk, why spend the budgeted resources to recruit and train (and possibly extract) fifty to do the same job? That budget can then go toward hiring cryptographers to decrypt the target's movement orders, so you spend less budgeted resources trying to find the enemy units. That leaves more budget to use on building better bombs and guidance systems, and so on.

Ultimately, the goal is to win the war. With modern society relying on border-crossing communications, it is no longer really important who can put supplies into what territory, as was important until around 1960. Now, it's important to convince the locals that you're protecting them from the evil oppressive enemy, and doing that means minimizing civilian deaths. Better targeted bombs, better intel, and attacks that don't involve blowing up a power plant full of civilian workers, are all ways to reduce your side's death count.

Security is something for professionals like us to think about always while we're working, but it's not something to panic about. A lot of these news stories like this one [nytimes.com] are designed to spread panic...

There's very little panic, except for a few uninformed headlines where a laptop with malware became a complete takeover of the US power grid. On the other hand, the DNC hack is a great example of how information-based warfare will be conducted, and the news article you linked explains it well. Unlike Watergate, there was never a Russian physical presence in the DNC. There's nobody in the US that can be arrested for it. After the initial breaches, there was almost no evidence of the digital presence. The reality of the situation once it was discovered was met with skeptics like you, who underestimate how useful such an attack could be.

While that holds true, the attacks won't likely escalate. As soon as an enemy attacks the American power grid, every American company will treat information attacks more seriously, and the low-hanging fruit will disappear.

...and to increase power to those who are spreading panic.

There's nobody really getting more power from this, though, except for a few hucksters who are selling fraudulent security systems. The threats have been real and the attacks have been ongoing for the past few decades, and the people who have been wise enough to care have found that there are solutions available. There are backup generators and UPSes protecting vital systems from outages of the power grid. There are airgaps and mitigations protecting secret information. There are encryption algorithms and opsec protocols protecting identities... Security is cheap, but it is very user-driven. The user has to care for security

Re:

[phantomfive]

I feel like you have a reasonable assessment of the security problems the country faces, but I think you underestimate the resources required to exploit them. It's probably takes more than five malware assisted spies to take down the infrastructure (say, the power grid). It takes a lot of training, expertise, and if you want to target SCADA systems, a lot of expensive equipment, and if you want to attack hardware that is properly air-gapped, then even more effort and a bit of luck, too. It's not a cheap ope

Re:

[Sarten-X]

I apologize for the length of these posts... Weekends get boring, and I tend to ramble about these things.

It doesn't really take much. For a nation-state attacker, it takes almost no resources in comparison to a foreign-based physical operation.

First, understand that there are two different kinds of attacks being discussed here. The DNC hack was a general APT penetration, while attacks on SCADA systems (like Stuxnet) are usually more targeted and require more expert knowledge. Since they work hand-in-hand,

Re:

[Sarten-X]

At the nation state level, I don't think it operates the same way. That is, I don't think they rely on a few dumb operators. Looking at what the NSA does, they're able to attack the supply lines and send you pre-compromised hardware. They have advanced exfiltration systems that don't need to touch your network at all. They have malware that cannot be decrypted by any machine other than the target that makes you think there's nothing wrong. It's also custom, just for you, so AV programs aren't going to see it.

Those statements are mostly true, but only to a certain extent.

The APT teams aren't operating at a nation-state level. They are nation-state funded, but they're still operating more like an experiment, mostly due to the lack of available expertise in the field. Think more along the lines of the Manhattan Project. A very small number of people are doing the real work, and a lot of people figuring out how to apply this new weapon strategically.

Yes, the intelligence agencies have lots of fancy tools, and they'

Re:

[gurps_npc]

You need to read white paper I saw recently, titled:

"The Unbeatable Squirrel Girl (2015)"

Re:

[Aighearach]

I have a first edition of Samurai Squirrel (1986), it definitely leaves me wondering, "What if they're fighting for the enemy?!" We'd be totally screwed.

Re:

[dywolf]

that'd be pretty cool though

Re:

[PopeRatzo]

Squirrels are just a cost, not a threat. They don't coordinate to attack all at once

They pose a mortal goddamn threat to the peaches on the tree in my backyard.

#FuckSquirrels #KillAllSquirrels #BushyTailedRats

Re:

[big-giant-head]

You have obviously never watched squirrels for any length of time .. They do coordinate attacks and can be darn pesky if they and racoons convert to ISIS we are DOOMED!!!!

Water vapor

[Anonymous Coward]

Water vapor combustion products from power plants stays in the atmosphere, condenses and forms ice that downs power lines.

It's a vicious cycle. So....more funding for climate change studies.

Wrong question

[NEDHead]

Are BIGGER squirrels a threat to our infrastructure

Crazy Ants FTW

[turkeydance]

They are frightening because they make no sense, because of the utter disarray of their existence. “They run around the floors like they’re on crack, and then they die,” he said. “They’re freakin’ crazy, man.” link: http://www.nytimes.com/2013/12... [nytimes.com]

Re:

[Mashiki]

Crazy ants are also drawn in by EM fields. So are some other species, and a couple of different kinds of insects. Palm roaches and grasshoppers love newer PC's, stuff like Roku boxes, some types of cable boxes for example. Older PC's like P2/P3's? Crickets, especially the crickets we have in the NE US and Canada. Our company lost 3 remotes in FL and TX a few years ago to crazy ants, best thing you can do is seal them up as best as possible and put a "best practices" training system into place for people

Re:

[sims 2]

From getting to work on them roaches love the Xbox 360S you know the one with the touch controls? That one. Causes the system to shutoff and/or eject discs at random.

Dupe

[thegarbz]

Sick of hearing about squirrels being a threat. [slashdot.org]

We understand the "squirrel problem"

[davidwr]

Problems like this have existed for decades or more and we know how to prevent it.

It's a business decision whether to invest in prevention, mitigation, both, or neither.

The "foreign government cyber-warfare" problem is less well-understood and is ever-evolving.

----
For what it's worth, most "mother nature" problems can be handled by having adequate redundancy and/or backup systems and, for most users, having an expected service level that allows for the grid (or internet, or other utility) to be offline for several seconds at a time while backup systems kick in. A state-level attacker is likely to be aware of the backup systems and attack both simultaneously.

Re:

[ColdWetDog]

The point is that squirrels (and similar furry or feathery threats) have caused demonstrable damage.

But, as far as infrastructure is concerned, terrorists have yet to rise to the level of the local rodent and bird population.

Allay thy fears. Quail not.

Re:

[Aighearach]

Is that because they aren't trying very hard, or there are only a few of them, or is it because people are so afraid of them that lots and lots of effort gets put into preventing attacks?

There might be layers of points to be had. ;)

Its not the Number of "Attacks"

[wisnoskij]

It's not the number, in any system as large as the American electrical grid some percentage will always be down. The threat is some incredibly inconvenient parts of the grid going down at inconvenient times. Squirrels might cause thousands of "attacks", but they will never randomly knock out three levels of backups at key installations spread across the continent at the same time that China just happens to launch a nuclear attack.

Give the fucking squirrels a break

[Godwin O'Hitler]

And stop thinking mankind is the ultimate in evolution.
I so wish there was competition between species for dominance of this planet.

Re:

[tomhath]

I never brake for squirrels, whether they're copulating or not.

Re:

[ColdWetDog]

There is competition. We won.

That's what they want you to believe.

Focus!

[pipingguy]

Was typing a comment but got distrac

Around here it's raccoons

[Streetlight]

Here in Colorado Springs the problem seems to be raccoons in older parts of town. Not sure if raccoons are good to eat but some hunters shoot squirrels for food. Those found dead in substations fried on transformers are precooked.

Especially in Sacramento, CA

[kenwd0elq]

In the Central Valley of California, we have a long dry season and (generally) a short cold wet season. Squirrels rip the insulation off of buried power cables during the dry season. Then when the rains come, rain water shorts out the systems causing power outages. This used to be exceptionally common, but has been less so during our 5-year drought.

I'm actually surprised that we haven't had more power failures in the last month's "Pineapple Express" storms; my power hasn't even flickered in several mon

This isn't nuts

[movdqa]

I've noticed rising squirrel populations in our housing development over the last ten years (chipmunks and a few other critters too). Sometimes they gnaw on parts of your house but they mostly go after the trash. I guess that it's the lack of natural predators that has their populations growing. If you want to see a safe habitat for squirrels, walk around Boston Common where the pigeons and squirrels can compete for your snacks.

Nothing to see here, move on.

[westlake]

Telegraph companies were dealing with problems like these in the 1840s. It's a damn nuisance when a rodent chews through a cable or a storm brings down a pole. But these are random, localized, events that aren't likely to cause any lasting harm.

No coordination

[hawguy]

When squirrels coordinate their attacks to target a large geographical area, then I'll be worried about them.

1700 attacks affecting 5M people is only 3000 people per incident. I'm not sure what time range those numbers cover but if it's 35 years (based on the talk being called "35 Years of Cyberwar: The Squirrels Are Winning"), that's only 50 incidents per year, which doesn't seem like a lot if spread across the USA or the world.

I've never been in a squirrel related power outages (that I know of), but have

Not equivalent

[RobinH]

Squirrels are an event that you can plan for - it happens all the time and it's a calculated cost. They're not intelligent actors trying to sabotage your system, they're just varmints doing what they do. Someone probing and making a list of the vulnerabilities of your system so they can perform a massive across-the-board outage of your infrastructure is a completely different thing. When a squirrel takes out a transformer it only affects a local area and for a short duration of time. Since it happens al

Those Threatening Squirrels

[Timothy J. Schutte]

Squirrels chew on everything. Like all rodents, squirrels' teeth grow throughout their lives.

Yes, squirrels are.

[Jerry]

A power transformer across the street from my office window on the 2nd floor of the NE State office bldg was blown out three times during the ten year period before I retired. I watched the last rascal jump between two insulators and draw a 21,000 volt spark. There was an explosion and fell to the pavement. With the power down and nothing else to do I went outside to check the squirrel. His skin was split from his left rear foot pad to his left front paw, like a zipper had been unzipped. And the a

Squrriels and power!

[TigerPlish]

True story... back in the Stone Age, BI (Before Internet) I was at my first weather school in the USAF, at Chanute AFB IL, on a smoke break (remember those?), it was an instructor and a few us students.. we were on a side of the building that faced a sub-station.

There was a small explosion, we felt a very slight disturbance, a teeny tiny shockwave I guess. People started pouring out of the school -- the power had gone out at the school and surrounding buildings. After assessment, we were told "Go home, it

Squirrel Hunting SysAdmin

[Da Cheez]

I'm a security-conscious sysadmin, which is why I spent my Saturday hunting squirrels.* You're welcome, America.

*actually, because free meat. Didn't know about The Rodent Threat until reading this, but you're still welcome, America.

What about fiber cuts?

[Doke]

The article only deals with power cuts. What about fiber data line cuts? We had a squirrel chew through one of our WAN links, inside a conduit. I can't imagine that could have tasted good.

Re:

[david_thornley]

The main rodent threat is that the evil creatures are suicide short-circuiters, getting into our transformers and infringing on our personal liberties. Chewing through things is less common and less destructive.

Not such a threat, really

[excursive]

They're not killing nearly as many people as toddlers with guns, and we're not doing anything about those!

http://www.snopes.com/toddlers... [snopes.com]

a low tech 'threat' response

[swell]

"Rats must chew or their teeth grow through their heads!" - Hemlock Stones in Firesign Theater's - The Tale of the Giant Rat of Sumatra

These growing rodent teeth, just like a dog or cat's claws are relentless. Imagine yourself a rodent with a need to chew- what would you choose? A rock? A discarded piece of fruit? It happens that the insulation used in much wiring is preferred.

I experienced this problem when rodents chose to chew the wiring in my new car at the place I was required to park overnight. It happens that a low tech solution was ideal. I acquired some spongy insulation that is normally used to insulate hot water pipes, and wrapped it around parts of my wiring harness.

The soft foam did not satisfy the chewing urge so the rodents never bothered my car again.

Whether animals or humans create some sort of threat, we should understand their motivations in order to form an ideal response. OFF TOPIC: and when we treat humans badly and expect them to be nice in return we are both blind and stupid.

Squirrels have brought down Nasdaq at least twice

[rla3rd]

http://www.cantechletter.com/2... [cantechletter.com]

MSP's

[raind]

I had a Comcast tech tell me the critters are his nemisis. Also grow rooms!