U.S. Drone Crashes in Yemen

Yemeni officials said that an American drone crashed last week in a deserted area in eastern Yemen.

Three military officers, attached to a military brigade in al-Mahrah province, said that one of their brigade teams was tasked early Thursday, Jan. 16*, to fetch the drone wreck that is now with the brigade near the crash scene.

The United States has used drones to attack suspected militants of the local branch al Qaeda in the Arabian Peninsula, considered the most dangerous affiliate of the global al Qaeda network.

An officer with the 123rd Infantry Brigade under the command of the local "Axis," or local military headquarters, in the town of al-Ghaydah, said that his commander tasked a team on early Thursday morning to fetch the wreck after Bedouins informed him of the crash a few hours earlier. "First, the Bedouins saw it catch fire while still in the air. Then it fell immediately to the desert," said the military officer, who spoke anonymously, citing the "sensitivity" of the matter.

Since 2002, the United States is estimated to have conducted more than 86 strikes against suspected al Qaeda militants, according to the Long War Journal, a website that tracks the covert drone program based on international media outlets and Yemeni local reports. The estimated death toll of suspected al Qaeda members has reached 396, while the civilian death toll has numbered approximately 100. Late last year, a U.S. drone targeted a wedding convoy in al-Bayda province, killing nine civilians and at least three militants who locals said were part of the procession.

This isn't* the first time a drone has supposedly gone down over Yemen. In 2011, for example, a unmanned aircraft crashed in Abyan province. (Initial press reports said it was a Predator drone; locals I spoke with said it was a smaller, hand-held Raven.) Four more drones had major mishaps in the skies over Afghanistan, according to U.S. military statistics.

The 123rd Brigade officer said this most recent crash took place at sunset on Wednesday in a deserted district called Hat, some estimated 60 kilometers from the brigade's headquarters. But the Bedouins who witnessed the drone crash -- some of whom serve as border guards and are enlisted in the 123rd Brigade -- weren't able to inform the military until approximately 9 p.m.

After the local brigade commander informed senior officials in Sanaa, said the officer, a team was tasked to fetch the wrecked drone at 1 a.m. Thursday. "They arrived at the scene to find it totally burned," said the officer.

So far, the Yemeni government hasn't commented on the issue. Mohammed al-Basha, spokesperson at the Yemeni Embassy in Washington, said, "At this point I can't confirm nor deny the incident." Other officers from the 123rd Brigade, contacted by phone, declined to speak on the record because they were not authorized to do so. Representatives for the CIA and the Pentagon also declined to comment.

One officer from the 123rd Brigade said that his fellow soldiers found two missiles next to the drone and detonated them based on the commander's order. "They did so for fear they would later explode and do harm."

He said he wasn't among the team that first came across the drone. But he saw the wreck in the morning after the team brought it into the brigade and he helped carry it from a military truck.

He said the drone was fairly damaged and roughly the size of a Toyota Corolla -- too small to be one of Yemen's traditional, manned aircraft.

He said that an intelligence representative and other officers from the main military "Axis" in the city of al-Ghaydah arrived Thursday morning to give a report to senior officials but that the wreck is still with the brigade. "It's still in the 123rd Brigade and will remain probably until a wider committee is formed to investigate the matter," he said.

Shuaib Almosawa is a freelance journalist based in Yemen. Follow him on Twitter at @Shuaibalmosawa.

*Correction, Jan. 21, 2014: The brigade team was tasked on early Thursday, Jan. 16, to fetch the wrecked drone. An earlier version of this article said the team was tasked to fetch it on early Wednesday. (Return to reading.)

*Correction, Jan. 21, 2014: This incident was not the first time a drone has allegedly crashed over Yemen. Another alleged drone crash occurred in 2011. An earlier version of this article incorrectly said this incident was the first time that a drone has allegedly crashed over Yemen. (Return to reading.)

United State Air Force

National Security

Shutting Down the Power Grid Is Way Easier Than You Think

If you've been paying even the slightest bit of attention to cybersecurity, you know that the security of power grids is a top concern. It's kind of a disturbing threat, given that almost every other critical infrastructure supporting modern life is dependent on keeping the juice flowing. Well bad news, cyber worrywarts. New research shows there's even more for you to fret about.

A new study published by West Point's Network Science Center (PDF) shows how hackers can cause blackouts by targeting a relative handful of small substations -- the often-overlooked and poorly-defended parts of a power grid. The research, authored by Paulo Shakarian, Hansheng Lei and Roy Lindelauf and sponsored by the Army Research Office, argues that this kind of a strategy can cause a chain reaction of power overloading known a cascading failure.

"An adversary looking to disrupt a power grid may look to target certain substations and sources of power generation to initiate a cascading failure that maximizes the number of customers without electricity," the authors warn. The problem for those trying to defend such systems is that they "can harden the security posture at certain power stations but may lack the time and resources to do this for the entire power grid."

It's a somewhat counterintuitive approach. The distributed and complex structure of America's power grid might seem like a natural obstacle for an attacker looking to cause the most mayhem for the maximum number of people. Properly exploited, though, grid complexity can be an asset according to the study.

The security of networks and software in power generation and transmission facilities has been a constant source of concern among cybersecurity experts. Thus far, no hacker has managed to sabotage an American critical infrastructure system. In fact, if you're looking at threats to the power grid, unlucky squirrels electrocuting themselves on power lines have proven themselves to be a much greater threat to the integrity of the power grid than hackers. Fear-mongering in the debate has also distorted the public perception of relative threats to power grids, leading some to portray humdrum blackouts caused by sooty insulators as the nefarious deeds of cybercriminals.

But that doesn't mean hacking a grid is impossible. In fact, some experts claim it's not quite as hard as you might think.

Using game theory, the researchers in the West Point study modeled a simulated attack on a power grid with an attacker and defender strategizing against each other over the integrity of power delivery on a grid. Instead of trying to take on a large, well-defended parts of the grid, the attacker instead set his sights farther down to just a few smaller substations. By knocking these components offline, the attacker forced them to shift their loads to other parts of the grid, causing successive overloading in other facilities and triggering a cascading failure.

For an example of the kind of damage a cascading failure can do, look no further than the blackout of 2003, which abruptly darkened swaths of the Northeast in 2003. The power outage, which began with an accidental fault on a power line in Ohio, cost $6 billion, left 50 million people in the United States and Canada without electricity and was a factor in the deaths of 11 people.

The foibles of software patching and power generation make this kind of strategy all the more difficult to defend against.

Hackers often exploit little-known security vulnerabilities in commonly-used software in order to get access to sensitive data and systems. Once these vulnerabilities are discovered, they can be patched with software updates. Since much of the software and hardware used in power facilities is proprietary, defenders are often dependent on vendors to find and fix potential vulnerabilities. That can cause problems if power companies, as often happens with infrastructure facilities, use older software platforms which are no longer supported with updates and patches. Even if grid facilities had prompt software updates, though, they can't all shut down to update their systems at once without affecting customers.

Not all is lost, though. Of course, defenders can't be everywhere at once. So to maximize the use of finite security resources, the authors developed algorithms that randomly identify specific nodes to protect in a grid at different times, which can limit the scope of a potential cascading failure.

So while hackers may be able to cause headaches at a handful of substations, smarter algorithms may just be able to keep the lights on for the rest of us.

Getty Images