pwn the future
pwn the future
Schrödinger's Infrastructure
11
0:00
-5:42

Schrödinger's Infrastructure

(NATCON3) On the Intersection of Industrial Nationalism and Cybersecurity
11

This is my speech from NATCON 3. I’ll post the full video in a few days.

The current state of our industrial nation.

Over the past thirty years, the West has embarked on terrifying project: to turn nearly everything that is not a computer into a computer. Cars, coffee mugs, factories, football stadiums.

Simultaneously, we’ve started making most of that stuff in China. Including the electronics that govern it.

Embedded compute has produced fantastic efficiencies. But removing humans has meant trading predictable downtime - people get sick - for the unpredictable downtime of digital catastrophe.

In the early late 90’s and early 2000’s, cyber attacks against industrial facilities were the stuff of Hollywood.

By 2010, elegant computer viruses destroyed a key Iranian nuclear facility, and illustrated to the world just how vulnerable digital equipment was to remote sabotage.

And in 2019, the head of the U.S. intelligence community testified to Congress that Russia and China “For Years… conducted cyber espionage to collect intelligence and target our critical infrastructure to hold it at risk.”

In just the past two years, we have seen oil pipelines, cream cheese factories, meatpacking plants, steel mills, rail lines, and water treatment plants all targeted by malicious cyber actors. Some were military hackers, but others were simply ransomware gangs, or disgruntled former employees.

Bottom line: the stuff we are building is no longer our own. Not only is it manufactured in a hostile nation, but it is then connected to the internet.

Like the famous mathematician who described a key concept of quantum physics with a cat that was both dead and alive at the same time, today we have what I call “Schrödinger's Infrastructure,” an industrial base that is simultaneously compromised and not compromised. We find out which it is once the PLA departs for Taipei.

This is an intellectual challenge for most Western minds, because what it means is that much of the decisive activity of a future conflict is actually happening now, as malicious cyber actors jockey to gain access to critical systems, such that they can be taken down when conflict ultimately comes.

Towards an Industrial Nationalism

To solve this problem we need to confront three realities, one digital, one industrial, and one mineral.

On the digital front, my company - Galvanick - is building software to continuously monitor complex industrial facilities for malicious cyber activity. Our tools, along with traditional anti-virus offerings, are critical to fighting back against the activities of our adversaries in cyberspace as they attempt to reach out and compromise our industrial facilities.

On the industrial front, we must continue the work of leveling the manufacturing playing field by pursuing policies that make it much less attractive to outsource to a nation whose leaders are waging a shadow war against us. The Chinese National Security Law states the Communist Party can secretly mandate their manufacturers install tools of sabotage. The result is equipment whose integrity cannot easily be evaluated.

Digitally-controlled industrial equipment manufactured by companies that, under Chinese law, must follow the secret orders of the CCP has no place in America’s infrastructure. We must aggressively phase this equipment out, and create the conditions for replacement equipment designed, and exclusively manufactured in the United States.

How might we do this? By using the various and diverse tools available, from tariffs to CFIUS to contracting requirements, to encourage, and even in some cases force American companies to make their goods in America, with American workers.

Finally, the mineral solution. It’s time for us to make it easier for American companies to extract raw materials from our great land. We have vast, little-touched mineral reserves. And after extracting them, our companies must be able to easily build new refineries, along with the power plants necessary to operate them.

In Closing

Next generation connected industrial equipment presents both an opportunity also a threat to the American way of life. When manufactured in China, it gives our adversaries an easy opportunity to install malicious software they can activate at a time and place of their choosing. And even when not manufactured abroad, it creates an attack surface whose potential risk we can only evaluate in retrospect.

And our adversaries are utilizing both their manufacture, and connected nature of these industrial systems to enable their destruction at a time and place of their chosing.

Our society has made the decision to pursue these types of hybrid digital-industrial factories and systems, and so in order to buy down risk, we need to not only protect these platforms digitally, but we must return their manufacture to the United States.

In other words: we’ve been fighting a war, we just didn’t understand we were fighting it - and losing.

Now we do. And we know how to win it. The United States has a generational opportunity to become the manufacturer of first resort for free nations around the world.

It’s time to bring back the arsenal of democracy.

11 Comments
pwn the future
pwn the future
notes from the (industrial control systems cybersecurity startup) underground.