top of page
Search
  • Phil Venables
    • Apr 6
    • 6 min read

A Letter from the Future

Updated: Apr 8

A few weeks ago The White House published our PCAST report on cyber-physical resilience. Thank you for all the positive reactions to this. There is already much work going on behind the scenes in public/private sector organizations to implement various of the recommendations. One of the things we were going to put in the report was a “Letter from the Future”. I like such things, despite them being a contrivance, as it paints a more vivid picture of what might be. However, we had a lot of things to cut from the report to keep the main body of the report compact and so this letter had to go. But here it is. I hope you enjoy it. 


_______________________________________________________________________


A Letter from the Future 


The street lights at first flickered and then the city went dark. John and Sarah were driving home on autopilot discussing their New Year 2029 celebration plans. As they approached the intersection neither they or their car noticed the traffic lights go dark nor did they see the truck barreling toward them.


John slowly opened his eyes in what appeared to be a hospital corridor. Everyone was rushing around, the lights were dimmer than he would expect. He sat up on the gurney and grabbed the first nurse he could, “Where is my wife?” The nurse responded, “I can’t help you find her right now. We don’t know how long the generators will last and we need to get as many people stable as we can.” He checked himself, apart from the neck brace and a headache he seemed ok. He got out his phone. No signal. Not even any wi-fi. He stood up and walked down the corridor and only became aware of how thirsty he was when he saw the water fountain, but as he approached he could see it was taped up. The sign read, “Out of Order. Absolutely no use. Toxic.” He walked on further and looked out of the window to the city, it was dark, there were fires dotting the nightscape. Then, at the end of the hall, he saw Sarah sitting on the floor. They sat and Sarah explained what she knew. There was some kind of major event across the entire North East, possibly farther. All the power is out, the Internet and cell phone networks are down, traffic lights are out, people are saying some oil refineries have exploded, but radios are still working and a few of the news stations are broadcasting. John looked around the room and he could see a few people with old handheld radios pressed to their ears. Where did they even find those? “What about the water?”, John asked, “Oh, yes, the water tastes really bad, like disinfectant. The lab people here tested it and they say it’s been massively over chlorinated, we can’t drink it, same everywhere.” It dawned on John he didn’t know if he’d seen a Doctor. “Am I ok?”, Sarah looked puzzled, “I don't know if I've seen a Doctor yet?”, “Oh, they think so, you were supposed to be getting a CT scan but apparently the machine won’t work without the Internet.”, she smiled for the first time as she realized how ridiculous that sounded. They held each other and drifted to sleep. 


John awoke first. Things seemed calmer. He noticed people were back on their phones and the TVs in the waiting room were on. There were piles of bottled water and packets of food labeled, “Emergency Rations: Day 1”. He grabbed some and nudged Sarah. They both took out their phones, the cellular connection was slow, but workable. There was still no wi-fi or Internet in the hospital.  Over the next hour they absorbed the situation as best as they could amid the confused stories and conspiracy theories. It appears there was some type of cyberattack, from who and for what reason is unknown, but of course everyone has their theories. Apparently, a few power generation plants were shut down that caused a wider grid impact and the control systems couldn’t keep up. About the same time the Internet went down the cell phone networks also stopped working. There are scattered reports of water treatment plants being impacted, which is causing a lot of panic buying of water, which quickly turned to looting as the payment terminals and tills wouldn’t work without power or Internet.


At the nurses station John asked when he could be seen, the nurse looking at his name tag replied curtly, “Ah we’ve been looking for you, the techs got the CT machines working so you need to go get scanned.” He laid down on the bed of the CT scanner and asked the technician how they’d got things working again. The tech grinned, “We switched the machine into emergency local mode, good job we’d tested it a few years ago and realized we needed to get the manufacturers to ensure we could run without the network at times like this…..forward planning who’d have thought?”


As they left the hospital to start their long walk home, they saw streams of FEMA trucks dropping off what looked like containers of medical supplies, food, water and even some batteries, radios, scooters, and small generators. The trucks had a livery John hadn’t seen before, “FEMA Emergency Stockpile Distribution”. He grabbed a radio and tuned it to the first news channel he could find. A lot of the power was coming back on-line as crews were manually restarting facilities and the local control systems were able to be reached despite the continued lack of Internet and other communications. The spokesperson for the power company reassured that this was all part of a protection and recovery capability put in place several years ago for this type of situation.


As they walked further, getting closer to home, they noticed police patrols seemed to have quelled any remaining looting and looked well coordinated. Even the stores seemed to be working, with payment terminals back on line. As they were getting closer to home, they walked past one the few remaining bank branches, a sign outside announced, “All systems now operational and recovered for local services - but in semi-isolated mode so some large value payments may be limited.” After another hour's walk they finally made it to the entrance of their apartment building. They touched the key fob to the door, nothing happened. Thankfully, the attendant appeared and recognized them and let them in. He went behind the desk and handed them a physical key with some instructions on how to override the electronic lock on the door of their unit. 


The next day, they weren’t sure when exactly, the Internet started to come back. At first it was a spurt of emails and then a cacophony of social media alerts. Sarah’s AR glasses chaotically dumped these so fast it made her dizzy. 


Three weeks later. The President and the heads of DHS and multiple other agencies briefed the nation on the Cyber Safety Review Board’s rapid post-mortem. The attack, while impactful, had been contained and thwarted. First the core Internet was attacked, but not before it was used by the attackers to connect to industrial control systems in several power plants to force shut downs, to cycle grid control systems to create an imbalance that would spread throughout the North East. Several water treatment plants had similar activation of malware implants laid down years ago that permitted the attackers to increase chlorine levels in the water supply. The briefing continued, “while we have lessons to learn about increasing our defenses to prevent such attacks, we are pleased to report the measures put in place several years ago as part of the National Cyber-physical Resilience Plan were effective, and the New Orchestrated Cyber-physical Homeland Oversight And Security (NO-CHAOS) Act passed by Congress in 2025 provided the resources and authorities Sector Risk Management Agencies so desperately needed. Many attacks were actively stopped by our AI hunt agents that came from the DARPA and IARPA grand challenge research program. The National Cyber Infrastructure Observatory revealed where the concentrated attack points were so we could contain the attack. What got through was further contained by the segmentation put in place. Although network and Internet communications were overwhelmed, it was not as impactful as it could have been given the ability of our first responders to locally control our critical infrastructure and bring services back on line. At no time during the event were our public and private sector cyber teams out of contact. All our critical infrastructure has recovered and is operational; although for the next few days only in minimum viable operating mode.” 


The President took the podium again, “I’d like to thank all of our Government agencies who over many years, in close partnership with our private sector leaders and their shareholders, have invested so much to make ourselves resilient to this type of event. We said we could do it and we did. Now, let us turn to the serious business of who we believe did this and what our response will be. Here to address you next is the head of the US Cyber Force ………”


4,548 views0 comments

Recent Posts

See All

Security and Ten Laws of Technology 

There are many well known, so called, laws of technology. Moore’s law being particularly emblematic. Let’s look at some of them and see what the security implications have been for each and what might

InfoSec Hard Problems

We still have plenty of open problems in information and cybersecurity (InfoSec). Many of these problems are what could easily be classed as “hard” problems by any measure. Despite progress, more rese

DevOps and Security

Each year, DevOps Research and Assessment (DORA) within Google Cloud publishes the excellent State of DevOps report. The 2023 report published in Q4 was as good as ever and in particular documented so

bottom of page