SecuringAV: The Christmas Morning Bombing in Nashville
For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure, and cyber-physical security.
In my last SecuringAV column about the SolarWinds hack attack, I asked rAVe readers an open-ended question:
If extremists think that Big Tech is part of the problem, are we not in danger as technologists?
The explosion in Nashville, Tennessee, Dec. 25, 2020, suggests that at least some extremists separate technology from the people who make the technology happen. Early that morning, around 6:30 a.m., an RV camper full of explosives was detonated in the downtown portion of the city, causing significant damage to an AT&T telecommunications hub. The attacker in this case — who acted alone, according to an FBI report released Monday — arguably went out of his way to avoid hurting human beings before the mobile bomb exploded by broadcasting audible alerts. According to some reports, the song “Downtown” by Petula Clark was interlaced in between the warnings. Once the police knew that an explosion was imminent, they cleared everyone from the surrounding area.
This is a tricky attack — as it seems easy to jump from the hard facts to speculation to conspiracy theories. Let’s start the discussion by defining what I mean when I say “infrastructure attack.”
Many in “AV Land” would say infrastructure is the electrical boxes and conduits, the power outlets and the structural steel and beams that hold up loudspeakers and projectors. Others might say that infrastructure is the CatX and fiber, the back-end conference bridges and Ethernet switches and routers. Still, others might mention bridges and tunnels, the electrical grid (*cough* Texas *cough*) or service providers. However, a Jan. 2019 presidential executive order on infrastructure projects states:
“‘Infrastructure project’ means a project to develop public or private physical assets that are designed to provide or support services to the general public in the following sectors: surface transportation, including roadways, bridges, railroads, and transit; aviation; ports, including navigational channels; water resources projects; energy production, generation, and storage, including from fossil-fuels, renewable, nuclear, and hydroelectric sources; electricity transmission; gas, oil, and propane storage and transmission; electric, oil, natural gas, and propane distribution systems; broadband internet; pipelines; stormwater and sewer infrastructure; drinking water infrastructure; cybersecurity; and any other sector designated through a notice published in the Federal Register by the Federal Permitting Improvement Steering Council.”
(Note that the executive order above was recently revoked by a new executive order from President Joe Biden. However, the above definition of an infrastructure project still stands.)
So, by the above definition, infrastructure includes broadband internet, and the cybersecurity of it. Agree?
Suppose we can agree that broadband internet IS infrastructure (among other infrastructure). In that case, we can probably agree, at least in part, that the explosion on Christmas morning was an infrastructure attack. I admit that this is entirely my opinion, which is debatable, so let’s get back to the facts that support it.
The attacker could have easily neglected to use audio warnings and picked ANY day when many people WERE in the area but did not. (I am not entirely convinced this was a lone attacker, as the reports state.)
The attacker could have also picked any other location to detonate a bomb if he was only interested in blowing himself up. The fact is, he chose to park directly across from a major AT&T telecommunications hub and used an enormous amount of explosives, far more than needed for a suicide. It is a general consensus that the main suspect was upset with AT&T about its 5G technology. According to my sources, it took four days to get the city’s power, internet and phone service back online. (Within those four days — with no broadband internet, no telecommunications. limited cell phone coverage and a Federal Reserve on the same block — I wonder how much crime, if any, went undetected in the city?)
Okay, y’all, let’s bring ol’ PK back to the facts. The fact is, the attacker tried to blow up a telecom hub. “Why” doesn’t matter as much as “how” he went about it, doing his best not to hurt people. The attacker was essentially raging against the (telecom) machine, while simultaneously attempting to preserve human lives.
As AV people, we need to anticipate more infrastructure and hardware attacks, from cutting our cables to breaking our cameras to smashing our displays. Will there always be those who feel that technology is truly bad for the human race? Or, is it more of a question of breaking things out of pure angst and frustration? I am a member of the “AV Install Nightmares” Facebook Group; one member shared the below photo, “This years smashed TV’s from our Hotel Rooms […] This is a reflection on Covid. Typically we’d get 1/5th this amount.”