1

Water and CBRNE/Cyber Terrorism:

Waterborne threats and sustainability of cities including unusual secondary and tertiary water contamination lessons from Fukushima

Dr Sally Leivesley, Newrisk Limited UK

Table of Contents

Abstract

Waterborne Threats Defined

Table 1: Causes, Means and Consequences of Waterborne Threats

Terror Threats - International Terror Groups and Activists

Table 2: Examples of Waterborne Nuclear Terror Threats

Cyber Threats and Waterborne Vulnerabilities

Table 3: Examples of Cyber Terror Sources

Table 4: Examples of Cyber Threats to Water Facilities and Nuclear Power Plants

Biological

Table 5: Biological Terror Threats

Table 6: Water Facility and Buildings’ Vulnerabilities to Bio-Terrorism

Table 7: Scientific Mitigation of Biological threats to Water

Japan- Case Study 1: Fukushima Daiichi NPP Incident - Waterborne Radiation Consequences?

Table 8: Fukushima Daiichi NPP Accident: Lessons for Dirty Bombs on Cities

Table 9: Lessons for Decontamination of Dirty Bombs on Cities from the Fukushima Daiichi NPP Accident

Table 10: Generic Solutions to Water Contamination with Radiation

Iran – Case Study 2: Radiation Threats and to the Region and Waterborne Issues?

Table 11: Waterborne Threats from Breaches of Iranian NuclearFacilities

Table 12: Mitigation of Possible Regional Contamination from Breaching Iranian Nuclear facilities

Table 13: Generic Scientific Contributions to Waterborne Contamination Threats following a Radiation Incident

Communications, Media, Social Media and Psychological Operations

Table 14: Communications to the Public in the event of Catastrophic Threats

Conclusions and Recommendations: Continuity of Cities under Waterborne Threat – is there a 12 hour re-supply and recovery plan?

Table 15: Recommendations for Contributions of Science to Policy and Practice for Generic Protection from Waterborne Threats

Abstract

Water may become a medium for attacks through chemical, biological, radiological, nuclear, explosives, cyber impacts (CBRNE/cyber terrorism), and psychological operations from terrorists. The objective of this paper is to discuss strategies, policy, practice and technologies that prevent, disrupt, respond, mitigate and assist recovery from waterborne threats.

It is proposed that mitigation of potential waterborne components of CBRNE/cyber terrorism is critical for the sustainability of cities and that the problem can be addressed within a wider definition of waterborne threats to cover conflict, natural hazards and accidents as well as CBRNE/cyber terrorism. Included within the scope of this discussion are radiological ‘dirty bombs’, improvised nuclear devices and conventional conflicts between nations. Psychological operations of terror groups may have significant impacts in attacks on water facilities. Recommendations are made for new forms of fast, near-real time, trusted and unambiguous scientific communications techniques to mitigate unnecessary fear in the population and to limit other harmful effects.

Two case studies are presented to illustrate the importance of the sustainability of cities from waterborne threats. The first case study, of the Fukushima Daiichi Nuclear Power Plant (NPP) accident, shows the capacity of Tokyo to function despite city-wide contamination from Caesium-137 and Iodine-131 - although rural Japan continues to have unresolved challenges to agricultural land sustainability a year after the disaster. The second case study discusses Iran as a country under threat of conflicts which may breach underground and aboveground nuclear facilities, including a nuclear reactor. The potential for a perceived threat to fragile water resources within this region illustrates the importance of scientific communications for real-time public advice (for example on whether any incident requires shelter in-situ or evacuation) and the formulation of twelve hour plans to recover cities’ water access to prevent panic and refugee movements.

Keywords: Waterborne, terrorism, social activists, CBRNE, cyber, SCADA, dirty bombs, nuclear, chemical, biological, explosives, psychological operations, media, social media, Fukushima, Iran, Syria, recovery, sustainability, water resources, water facilities, refugees.

Waterborne Threats Defined

The term ‘terror threats’ covers a plethora of targets, tactics, motivations and shared information (including information transmitted via the internet or other technological means). In the face of uncertain threats scientists need to find generic scientific solutions to ensure the continuity of water facilities and the protection of water resources. To assist the search for solutions that will protect across many different causal factors, this paper proposes to use an analysis of waterborne threats based on a consideration of terrorism, international conflict, natural hazards and accidents.

Within this context, waterborne threats are defined as accidents or natural hazards that threaten sustainable water supplies or water resources and where water is used as a platform to deliver an attack or is a target of CBRNE/cyber terrorism.

Water has an important weighting in threat assessments because of the emotive response of populations to any threats to life from losses of sustainable water supplies and waterborne threats may become a national or international security issue.

Once there is a wide definition of waterborne threats it is then possible to allocate multidisciplinary teams to develop generic solutions to address the threat spectrum and create specifications for policy, practice and operations. For example, it may be feasible to design a monitoring system for the water inlets of nuclear power plants that registers intruders as well as accidental radiation releases. A few key factors in the analysis of waterborne threats are summarised in Table 1 below:

Table 1: Causes, Means and Consequences of Waterborne Threats

  1. Terrorism, conflict, natural disasters and accidents are causes.
  2. Water is used as a medium or platform for attack or there is a disruption to the sustainability of water supply or water resources.
  3. Terrorists or hostile nations may deploy chemical, biological, radiological, nuclear, explosives and cyber weapons or devices (CBRNE/cyber) as well as psychological operations. Examples may include poisoning a building’s water supplies and attacks on nuclear reactors so as to cause radiation emissions contaminating water resources and water supplies.
  4. The emotive consequences of waterborne threats may include panic, flight, refugees, war and low level conflict.
  5. Other consequences of waterborne incidents may include threats to the sustainability of cities and agricultural land, mass casualty emergencies, economic losses and a weakening of national security.

This paper discusses two case studies to illustrate waterborne threats and the usefulness of generic policies in providing long term mitigation. The first case study is an assessment of waterborne consequences from an accidental release of radiation from the Fukushima Daiichi NPP as this incident provides data that is relevant for identifying the consequences of a terrorist attack with a radiological distribution device (in layman’s terms, a dirty bomb). The impact of the Fukushima Daiichi NPP accident was extensive and Tokyo presents an example of a modern city that experienced caesium-137, caesium-134 and iodine-131 in its water supply. Public response, government decisions and the effects on industry in Tokyo and other parts of Japan also provide valuable lessons which are applicable worldwide where there are threats of nuclear terrorism.[1] Caesium-137 has long been recognised as one of the many nuclear terror materials of interest to terrorists.[2]

The second case study is Iran – especially its nuclear programme which has attracted an increased threat of conflict which could lead to breaches of underground nuclear containments with conventional and nuclear weapons as well as threats to the Bushehr reactor. Iran has plans for two more nuclear reactors and an expansion of facilities within its nuclear programme. Within Iran and the surrounding region any perception of radiation threats to water could lead to flights of population and refugee crises unless (a) scientific clarification of any incident was immediately available and (b) there was a well-advertised plan for sustaining water supplies and water resources for cities in the region. It should be understood that it is the perceived threat to water that will create population flight if people have no threshold or benchmark which explains the health effects of radiation contamination of water. It is more difficult to prove a negative effect and to overcome general fears associated with the word ‘radiation’.

The objective of this paper is therefore to open a discussion on strategies, policy, practice and technologies that will prevent, disrupt, respond, mitigate and recover from waterborne threats. The top challenge for governments is the sustainability of cities if waterborne threats cause public panic and flight from cities and disrupt the economy of rural environments. Further, the scope of any regional radiation threat from Iran’s nuclear programme is one which needs quantification and consideration by the international scientific community and governments of the region.

Terror Threats - International Terror Groups and Activists

An early Al Qaeda plot to destroy critical water infrastructure was discovered in 2002 through video reconnaissance film of water pipelines at the Johor-Singapore Causeway. The video material was recovered from terrorists operating in Singapore.[3] This water facility was critical to Singaporean national security as it was the primary source of water supply for Singapore.

Terrorists within Pakistan have demonstrated a capacity to threaten workers of nuclear sites with attacks on journeys to work using improvised explosive devices and the radicalisation of workers within power plants. In respect of insider threats, the capacity of terrorists to radicalise and persuade workers in nuclear power plants presents a critical vulnerability if insiders consequently assist in a terror attack on key areas of a nuclear facility.

There are potential threats to nuclear and conventional power plants if water cooling systems or dams are disrupted by explosives or cyber attacks on control systems. The ability to turn off or destroy safety systems using cyber penetration of control systems or insider cooperation would be extremely destructive. The attraction of nuclear power plants as a target for terrorist attacks received some media attention when, some weeks after the Fukushima Daiichi NPP accident and three days after the death of Bin Laden, five individuals of Bangladeshi origin who had travelled 300 miles from London were arrested when photographing the Sellafield MOX plant ‘which has long been regarded as a major target for Islamic terrorists’.[4] The individuals were later released.

Indications of a core Al Qaeda interest in acquiring nuclear weapons and using nuclear materials have arisen from statements of intent and the disruption of ineffective plots. Dhiren Barot was arrested for planning to detonate dirty bombs.[5]

Although terrorists’ targets are not definitively foreseeable it is still possible to assess the range of devices or weapons that may be used to create radiation emissions or to attack critical infrastructure through waterborne vulnerabilities. These devices may include chemical, biological, radiological, nuclear, explosives, cyber impacts (CBRNE/cyber) and an attack may be accompanied by psychological operations. Waterborne nuclear terror threats are summarised in Table 2 below.

Table 2: Examples of Waterborne Nuclear Terror Threats

  1. Acquisition of control over and/or access to nuclear facilities through radicalisation of personnel.
  2. Backdoor entry to nuclear power plants or planting of explosives by divers in water inlets.
  3. Backdoor cyber disruption of water cooling systems or cyber penetration of plant control systems.
  4. Targeting of nuclear workers on journeys to and from work with improvised explosive devices.
  5. Dirty bomb plots to distribute radiological materials over cities.
  6. Psychological operations to enhance the threat and disrupt the economy.

  1. Activist groups and sole activists. For example, in 2001, Anders Breivik a sole Norwegian activist distributed to activist groups a 1500 page compendium with an assessment of nuclear power plant containment vulnerability to explosives and a list of European nuclear power plants.[6]

Cyber Threats and Waterborne Vulnerabilities

Cyber terrorism is an emerging threat and the dimensions of this threat remain poorly defined, particularly at the catastrophic level of attacks on critical infrastructure.

Cyber terrorism in this paper is defined as the use of the world-wide-web (WWW) and digital and electronic systems as a means of destroying, disrupting or controlling critical systems including communications infrastructure or as a platform for the delivery of terrorist propaganda in order to promote a terrorist objective.

The emerging pattern of terrorists’ cyber capability reveals a complex family of cyber attack tools which when considered together follow a pathway similar to a military attack with reconnaissance, intelligence gathering, probing for vulnerabilities and penetration of Supervisory Control and Data Acquisition (SCADA) controls to deliver an overwhelming loss of capability to critical systems and national security. This pattern has a particular application to water systems as well as other critical infrastructure.

Cyber security within water infrastructure remains an ongoing technical challenge although the most serious risk to water systems in the near term may be insider activity that successfully bypasses encryption and firewall protections. The capacity to diagnose, defend against and manage cyber incidents may require cooperation between technical experts within industry and government. ‘Communities of Interest’ of private sector and government organisations to pool cyber defence capability can give early warnings of cyber attack intent, recognise threats, share data, speed up repairs of systems and provide alternate operating platforms if systems are overwhelmed by a cyber attack. Cyber terror sources are summarised in Table 3.

Table 3: Examples of Cyber Terror Sources

  1. Activist groups and sole activists.
  2. National and international terror groups.
  3. Proxy terror groups acting under direction of or in association with a nation’s state apparatus or with elements of a state apparatus that may or may not be under direction of the head of state.
  4. Nation states engaging in an undeclared war or engaging in low level conflict with or without attribution.
  5. Terrorist publications or chat forums using the WWW to share information

The most frequent form of attack on governments and the economy in the recent past appear to have been conducted primarily by activists using denial-of-service attacks to overwhelm a computer or internet service or the more destructive distributed denial-of-service attacks where the attacker controls compromised computers, commonly described as ‘bots’ which form a ‘botnet’ to deliver a focused and overwhelming attack on a victim. In 2012 the British Government was embarrassed by activist groups which attacked a Home Office web site and perpetrated a telecommunications intercept on a police counter-terrorist hotline accompanied by interviews to the media to demonstrate their capability.

The vulnerability of water facilities to an external cyber control is a security risk but incidents have not been frequently reported in open source literature. [7] A sophisticated attack could

take control over internal systems in a facility, causing damage whilst masking the reports of damage so that a facility does not, and cannot, respond to the incident. This capability was indicated in the reported performance of the Stuxnet malware on centrifuges in the Iranian nuclear programme.[8] In addition, the Duqu virus[9] was found to have been designed to specifically target control systems for critical infrastructure and the Flame virus (suspected of deployment in 2010) was discovered by a Russian laboratory and described as a cyber weapon with widespread data gathering capability which appeared to target specific countries.

A serious proxy cyber terror plot involved FARC, a Colombian terror group backed by Iran, that planned to use students in a Mexican university laboratory[10] to mount cyber attacks on US critical infrastructure. Audio and video obtained by the students at the National Autonomous University of Mexico, suggested a Venezuelan diplomat was seeking information about the servers of nuclear power plants in the U.S.
The generic growth in capability of a nation state to use terrorist proxies and to mix this with organised crime proxies has been indicated in low level conflict reports about Iran in 2011 and 2012. An example was plots on Saudi and Israeli diplomats in several countries. [11]

Water facility operators and nuclear power plant operators may wish to assess specific components of cyber threats when planning for the sustainability of facilities. Cyber threats to water facilities and nuclear power plants are summarised in Table 4 below.

Table 4: Examples of Cyber Threats to Water Facilities and Nuclear Power Plants

  1. Recruitment of organised crime and terror groups for proxy attacks by nations engaged in low level conflict with or without attribution.
  2. Insider recruitment by terror groups which may not be identified through traditional vetting of personnel where deception is used and if radicalisation occurs post-recruitment and within a very short period.
  3. Nation states deploying sophisticated cyber attack tools that have the capacity to overwhelm critical infrastructure and employ deception to achieve control and destruction. Encryption and firewall security breaches with insider assistance, spying tools and possibly espionage.
  4. Access to SCADA control systems.
  5. Cyber weapons deploying counter measures to mask a destructive attack on a facility.
  6. Denial–of-service attacks and distributed denial-of service – effective in legacy systems and where patching is inadequate or there are other human failures in systems security maintenance.
  7. Use of telephone systems and other linked communications routes to access systems and control operations including Bluetooth which may span an air gap to defeat unconnected systems.
  8. External maintenance routes into the system or external dial-in by employees on their laptops may provide a route to bypass firewalls or dual use of computers, phones or other systems that may carry unsecured non-corporate private communications routes.
  9. Externalisation of information technology services to service providers with Cloud computing may provide new routes for penetration depending on the integrity of any shared Cloud system.

Terrorists may self- recruit, go onto the internet to seek connections in terror chat room forums and attend religious meetings to attempt to link into radical elements. Recruitment of ‘clean skins’ by terrorists may be done within a short time so the continuous scrutiny for insider risks is a key factor in critical infrastructure. Insider recruitment could lead to breaches in encrypted systems and firewalls. Insiders may bypass encryption unless monitored and counter measures may be used to mask insider operations on a system. Breaches of database systems (as in the Wikileaks classified military database publication incident)[12] have indicated the catastrophic loss potential and threat to life and national security from insider recruitment.