Secure your small business:
Apps → Data →

Lithium and Cobalt Supplies Are Among the Cybersecurity Battlegrounds Emerging due to Electrification

We still think of cybersecurity as being about computer and network systems. But increasingly it’s about natural resources and everyday life.

“Electrification” is one way to describe the fact that more things in the real world than ever before are now computing systems under the hood.

Decades ago, the computing world was a smallish collection of desktop computers. Then, computers and laptops. After that, computers and laptops and phones—and people spoke breathlessly about how technology was taking over the world.

Today cars and a great many other everyday items that we don’t think of as computers—are computers, connected to the network, drawing electricity, and receiving OTA updates.© Sergey Kohl

Today it’s cars and trucks, watches and wearables, coffee makers, refrigerators, dishwashers, children’s toys, light switches, table lamps, doorbells, home alarms, garage door openers, not to mention utility, energy, and transportation infrastructure, manufacturing facilities, and just about any other thing you can think of aside from living things.

All of these are now in some way both electronic and also a computer on a network.

And all of this electrification has security consequences that we are only now beginning to understand. As a result of this understanding, it should be dawning on us as a global society that we need to enlarge our perspective.

Battles for Battery Metals, Natural Resources are Coming

As this electrification of society proceeds at breakneck pace, battles over natural resources are clearly on the horizon.

The most immediate concern is that a large proportion of these new computing devices rely in one way or another on mobile power—in other words, on rechargeable batteries. The best commericial battery technologies currently rely on lithium and cobalt for their manufacture and operation.

The world is more reliant than ever before on natural resources like lithium, required for batteries—and in increasingly short supply.© Vladimir Grigorev

Yet at the same time that nearly the entire advanced industrial world is turning as many possible everyday items into mobile electrified devices, supplies of these metals are becoming limited. Some projections suggest that demand for lithium will exceed supply within the next year or two  and our supply of cobalt is far from infinite given exponentially increasing demand. Worse, their supply isn’t evenly distributed around the globe, meaning that some countries will need to secure these supplies from other countries for society to continue to function.

Put that way, it becomes obvious that this isn’t just a question of trade, but can and likely will quickly become a question of politics, international relations, and economic warfare. And whenever politics, international relations, economic warfare, and computers and networks meet in the same discussion, we must immediately begin to talk about piracy, state actors, state-sponsored terrorism, and state-sponsored cyberattacks—which will likely increase as countries and other social units work to secure the resources needed to continue this transformation.

Battles over resources don’t stop with batteries, however. Batteries are in demand because they can power microprocessors to make devices “smart,” and it’s notable that they don’t charge themselves—the electricity stored in them must be generated.

To the first point, microprocessors have also started to become a key resource and a space of political conflict and competition, due to the fragmentation of the technology world along political lines. This is particularly true of the split between the U.S. and China (and their allies) over the last several years. 

To the second point, electricity generation is a longtime space of political and resource strife already—whether this generation relies on water in increasingly short supply, nuclear power and its universe of risk, or fossil fuels with their own political minefield—and this strife is likely to increase. Whatever power generation method is at issue, it’s more and more likely to be vulnerable to cyberattack as various forms of public infrastructure become ever more entwined with computation.

The “Electrifying” of Infrastructure and Manufacturing

This merging of various forms of infrastructure and manufacture—like power generation—with automation and computation has been one of the great trends of the last quarter century, largely hidden from public view.

Today computerized, event-driven automation and operational management are transforming just about every major system that underlies society.

In recent years, the world (and Florida) have been discovering that public utilities—like water treatment plants—are now networked computing systems, too.© Richardt777

Why sit a dedicated utility operator in a control center chair for each system, just to mostly observe and react all day, given that computing systems can do this more quickly, and with lower costs? Rather than a large number of human operators, automation enables us to reduce this labor force considerably.

Why pre-manufacture inventories of goods with human labor when we can automate manufacture to precisely respond “just-in-time” to demand? Why spend time preemptively running trains and trucks and speculatively moving things from place to place when we can simply monitor data flows and use robotic labor and automated transportation to move only what’s needed from place to place, and only at the moment of need?

The electrification and automation of infrastructure and manufacturing enables the productivity of a society to skyrocket; fewer errors are made, investments of all kinds (energy, time, resources) are made directly in response to actual need rather than as a matter of speculation or projection, and everything becomes faster and cheaper.

This change, however, also makes these key social systems vulnerable to cyberattacks that have the potential to cause massive effects across wide swaths of the population. Witness the Florida water system  and Colonial Pipeline  attacks of recent years for an idea of how big these effects can get.

Worse, successful attacks can often target a small handful of (often hidden) points of failure—not just in the infrastructure and manufacturing space, but even in the consumer space.

When Everything is a Computer, Everything is a Vulnerability—Especially if They’re All the Same Computer

It’s easy to feel dismissive of the vulnerability of consumer devices after discussing “more weighty” issues like potential geopolitical battles over critical natural resources or attacks on public utilities. But jokes about how hackers are going to take over the coffee makers to mine crypto miss the point; if you’re concerned about the battles over battery metals, it’s worth being at least as concerned about the risks in what they’re powering, as these risks will remain for years or even decades to come..

The problem isn’t just that any one person’s coffee in any one kitchen is so tremendously valuable that an attacker will target it, or that the person who owns the coffee maker in question will be catastrophically disabled by the loss of their morning coffee. And it’s not just that battles over battery supplies may mean more expensive coffee makers.

Rather, today it’s not just the coffee maker any longer that’s vulnerable, but potentially every device they use in order to live—their actual computer, yes, but also their telephone, their television, all of their kitchen appliances, their laundry appliances, their power tools, their climate system, their home security system, as well as any vehicle (bus, truck, car, scooter, bicycle, skateboard) they might use to get around.

Nearly everything in consumer’s home or daily life is now “smart” and “connected.” Worryingly, all of these devices increasingly share underlying technology and systems with each other, and with more critical societal systems.© Wrightstudio

These networked computing systems aren’t just individually vulnerable to attack—they’re also increasingly connected to cloud management accounts that enable users to control many devices, many of them critical, from just one or a small handful of logins on systems hosting millions of similarly affected consumers.

Worse, most of the world’s embedded computing systems increasingly share just a handful of architectures (mostly ARM), operating systems (mostly Linux), and embedded platform manufacturers, who together encompass a vast sea of billions of everyday devices and industrial systems, both public and private.

So while an attack that “compromises the coffee maker” or a sudden increase in the price of coffee makers might seem amusing, it’s less amusing to imagine a single vulnerability that might grant attackers access to repeated swaths of many devices belonging to millions of consumers, not to mention the systems that manage them, or even the systems that manufacture them, that generate power for them, or that process the water that goes into them.

Most members of the public and many levels of government aren’t even vaguely aware of this logical multiplication and centralization of societal vulnerability as the world becomes electrified, but it’s rapidly becoming important for cybersecurity providers to be aware of it, because consumers choose poor passwords and don’t run firmware updates (which are often limited anyway), and embedded systems in industrial or infrastructure settings are often even older and worse off—from a security perspective—than consumer devices.

Yes, one water system attack or an attack on one family of consumer devices is scary, but what’s scarier is a vulnerability that counterintutively affects massive numbers of consumer devices, cloud accounts, and infrastructure systems all at once, and potentially from a single exploit or entry point. This is no longer beyond the realm of possibility.

Maybe It’s Time to Drop the “Cyber”

All of these battles—over resources, over infrastructure and manufacturing, and even over everyday devices—are today’s frontiers in cybersecurity. It’s 2023 and we live in an already electrified world of networked computers that, everywhere we turn, is becoming more electrified every day.

To the extent that we have a “cyber” earth, “cyber” security problems are less about a particular industry niche (“technology”) and more about society in general.© Goinyk Volodymyr

The “next frontier” that the futurists are talking about comprises artificial intelligence, artificial forms of life, transhumanism, and “human augmentation.”

Whether or not these come to pass, underneath it all they’ll really be more of the same—a net (and even radical) increase in the demand for computing power, mobility, electricity, and interconnectedness that is the backbone of contemporary electrified life in modern societies.

The term “cybersecurity” has been with us for a number of decades now, but it may be time to come to terms with the shift in what life—both at the individual level and at the societal level—actually looks like today. Maybe it’s time to simply call it “security.”

It’s also time to intensify our approach to this security as the entire world—communications, transportation, manufacturing, military, government, politics, consumer goods, and morning coffee—is increasingly an electrified field of interconnected computing devices that in their grandeur obscure a short list of shared failure points and a long future of battles over the scarce resources needed to keep them—and our way of life—operating. ■

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.