 |
|
|
|||||
The darkness that swept over the Venezuelan capital in the predawn hours of Jan. 3, 2026, signaled a profound shift in the nature of modern conflict: the convergence of physical and cyber warfare. While U.S. special operations forces carried out the dramatic seizure of Venezuelan President Nicolįs Maduro, a far quieter but equally devastating offensive was taking place in the unseen digital networks that help operate Caracas. The blackout was not the result of bombed transmission towers or severed power lines but rather a precise and invisible manipulation of the industrial control systems that manage the flow of electricity. This synchronization of traditional military action with advanced cyber warfare represents a new chapter in international conflict, one where lines of computer code that manipulate critical infrastructure are among the most potent weapons. To understand how a nation can turn an adversarys lights out without firing a shot, you have to look inside the controllers that regulate modern infrastructure. They are the digital brains responsible for opening valves, spinning turbines, and routing power. For decades, controller devices were considered simple and isolated. Grid modernization, however, has transformed them into sophisticated internet-connected computers. As a cybersecurity researcher, I track how advanced cyber forces exploit this modernization by using digital techniques to control the machinerys physical behavior. Hijacked machines My colleagues and I have demonstrated how malware can compromise a controller to create a split reality. The malware intercepts legitimate commands sent by grid operators and replaces them with malicious instructions designed to destabilize the system. For example, malware could send commands to rapidly open and close circuit breakers, a technique known as flapping. This action can physically damage massive transformers or generators by causing them to overheat or go out of sync with the grid. These actions can cause fires or explosions that take months to repair. Simultaneously, the malware calculates what the sensor readings should look like if the grid were operating normally and feeds these fabricated values back to the control room. The operators likely see green lights and stable voltage readings on their screens even as transformers are overloading and breakers are tripping in the physical world. This decoupling of the digital image from physical reality leaves defenders blind, unable to diagnose or respond to the failure until it is too late. Historical examples of this kind of attack include the Stuxnet malware that targeted Iranian nuclear enrichment plants. The malware destroyed centrifuges in 2009 by causing them to spin at dangerous speeds while feeding false normal data to operators. Another example is the Industroyer attack by Russia against Ukraines energy sector in 2016. Industroyer malware targeted Ukraines power grid, using the grids own industrial communication protocols to directly open circuit breakers and cut power to Kyiv. More recently, the Volt Typhoon attack by China against the United States critical infrastructure, exposed in 2023, was a campaign focused on pre-positioning. Unlike traditional sabotage, these hackers infiltrated networks to remain dormant and undetected, gaining the ability to disrupt the United States communications and power systems during a future crisis. To defend against these types of attacks, the U.S. militarys Cyber Command has adopted a defend forward strategy, actively hunting for threats in foreign networks before they reach U.S. soil. Domestically, the Cybersecurity and Infrastructure Security Agency promotes secure by design principles, urging manufacturers to eliminate default passwords and utilities to implement zero trust architectures that assume networks are already compromised. Supply chain vulnerability Nowadays, there is a vulnerability lurking within the supply chain of the controllers themselves. A dissection of firmware from major international vendors reveals a significant reliance on third-party software components to support modern features such as encryption and cloud connectivity. This modernization comes at a cost. Many of these critical devices run on outdated software libraries, some of which are years past their end-of-life support, meaning theyre no longer supported by the manufacturer. This creates a shared fragility across the industry. A vulnerability in a single, ubiquitous library like OpenSSLan open-source software tool kit used worldwide by nearly every web server and connected device to encrypt communicationscan expose controllers from multiple manufacturers to the same method of attack. Modern controllers have become web-enabled devices that often host their own administrative websites. These embedded web servers present an often overlooked point of entry for adversaries. Attackers can infect the web application of a controller, allowing the malware to execute within the web browser of any engineer or operator who logs in to manage the plant. This execution enables malicious code to piggyback on legitimate user sessions, bypassing firewalls and issuing commands to the physical machinery without requiring the devices password to be cracked. The scale of this vulnerability is vast, and the potential for damage extends far beyond the power grid, including transportation, manufacturing, and water treatment systems. Using automated scanning tools, my colleagues and I have discovered that the number of industrial controllers exposed to the public internet is significantly higher than industry estimates suggest. Thousands of critical devices, from hospital equipment to substation relays, are visible to anyone with the right search criteria. This exposure provides a rich hunting ground for adversaries to conduct reconnaissance and identify vulnerable targets that serve as etry points into deeper, more protected networks. The success of recent U.S. cyber operations forces a difficult conversation about the vulnerability of the United States. The uncomfortable truth is that the American power grid relies on the same technologies, protocols, and supply chains as the systems compromised abroad. The U.S. power grid is vulnerable to hackers. Regulatory misalignment The domestic risk, however, is compounded by regulatory frameworks that struggle to address the realities of the grid. A comprehensive investigation into the U.S. electric power sector that my colleagues and I conducted revealed significant misalignment between compliance with regulations and actual security. Our study found that while regulations establish a baseline, they often foster a checklist mentality. Utilities are burdened with excessive documentation requirements that divert resources away from effective security measures. This regulatory lag is particularly concerning, given the rapid evolution of the technologies that connect customers to the power grid. The widespread adoption of distributed energy resources, such as residential solar inverters, has created a large, decentralized vulnerability that current regulations barely touch. Analysis supported by the Department of Energy has shown that these devices are often insecure. By compromising a relatively small percentage of these inverters, my colleagues and I found that an attacker could manipulate their power output to cause severe instabilities across the distribution network. Unlike centralized power plants protected by guards and security systems, these devices sit in private homes and businesses. Accounting for the physical Defending American infrastructure requires moving beyond the compliance checklists that currently dominate the industry. Defense strategies now require a level of sophistication that matches the attacks. This implies a fundamental shift toward security measures that take into account how attackers could manipulate physical machinery. The integration of internet-connected computers into power grids, factories, and transportation networks is creating a world where the line between code and physical destruction is irrevocably blurred. Ensuring the resilience of critical infrastructure requires accepting this new reality and building defenses that verify every component, rather than unquestioningly trusting the software and hardwareor the green lights on a control panel. Saman Zonouz is an associate professor of cybersecurity and privacy and electrical and computer engineering at the Georgia Institute of Technology. This article is republished from The Conversation under a Creative Commons license. Read the original article.
Category:
E-Commerce
Meetings are breeding grounds for three highly toxic power moves: AMPLIFICATION: The boss speaks, and suddenly its gospel. People start self-censoring, sugarcoating bad news, and swallowing their dissenting opinions. INCOMPETENCE: When a leader cant run a meeting, it drains the rooms energy. People leave annoyed and wondering why they bothered to show up. JERK BEHAVIOR: Bullies, interrupters, and blowhards hijack the room. Collaboration isnt just stifledits publicly executed. These power moves reduce meetings to lifeless, performative rituals where the people who hold the most power call the shots and everyone else plays defense. But it doesnt have to be this way. Design your meetings to defang these power moves, and youll create a space where people speak up, push back, and bring bolder and better ideas to the table. Amplification: When Power Overpowers Jade Rubick, former VP of engineering at New Relic, remembers the exact moment he became brilliant. It wasnt because of a sudden surge in IQ or creativity. It was his promotion to senior director, accompanied by a glowing speech in front of his peers. Overnight, everything changed. In meetings, people went out of their way to praise his ideas. Person after person would go out of their way to say why my suggestion was the right approach, Rubick recalls. All of a sudden, my ideas were BRILLIANTAll of a sudden, I was a different person, a Very Important Person. What Rubick experienced was a classic case of what Professor Adam Galinsky calls amplification: the invisible megaphone leaders inherit when they step into a position of power. A passing comment becomes a marching order. An offhand suggestion rockets to the top of the teams priority list. A poorly timed yawn during your presentation plunges you into a spiral of self-doubt: They hate this. They hate me. Instead of focusing on the work, people start decoding every glance, sigh, or eyebrow twitch as part of a high-stakes game of corporate charades. When amplification takes over meetings, people start filtering their ideas or stop sharing them altogether. They nod along like bobble-heads and, before long, the room turns into an echo chamberparrots squawking back the leaders words instead of expressing their own. Heres how you can address it. 1. Dial down the talking Research shows that high-performing teams share airtime more equally. In a perfect world, leaders would recognize that and adjust accordingly. But self-awareness isnt always their strong suit. And the more power they hold, the less likely anyone is to tell them theyre hogging the mic. If youre dealing with a leader who cant stop steamrolling the room, there are ways to take back the room. At one organization, team members came up with a creative solution: a miniature stuffed horse. If someone is too long-winded, anyone can toss the horse in front of that person as a signal to stop beating a dead horse, one team member explained. Now, chucking stuffed animals at your coworkersespecially the powerful onesis probably a career-limiting move. But the spirit of the idea is sound: Find a way to flag the airtime hogs. Fortunately, technology offers a safer option. Today, tools like Fireflies.AI and Equal track metrics like talk-to-listen ratios and flag monologues. Some even analyze gender dynamics, surfacing when women and nonbinary participants are getting drowned out. Another way to stop people from hijacking the conversation is to get them to speak last. At Pixar, cofounder Ed Catmull understood the risks of speaking first. In brainstorming meetings, he deliberately held back his input until the end so his team could explore ideas without the gravitational pull of his amplified words. Catmull understood what many leaders overlook: New ideas are fragile. As he put it, they need protection from getting pancaked by heavy-handed forces like a leaders amplification. Thats also why Catmull struck a deal with Steve Jobs when Jobs was CEO of Pixar. They agreed that Jobs would sit out of Pixars legendary Braintrust meeting, where senior creatives critiqued early-stage films. As Catmull put it, Jobss bigger-than-life presence would make it harder to be candid. 2. Don’t amplify ambiguity Weve all been there: Your boss drops a cryptic meeting invite on your calendar and your brain immediately spirals. Am I in trouble? Is this about that thing I said in Slack? Am I getting fired? Amplification kicks in, and that vague invite snowballs into employees worst-case scenarios. This kind of ambiguity is the second type of communication that Adam Galinsky, a social psychologist and Columbia business school professor, says is prone to amplification. When leaders say or do something vague, employees fill in the blanksoften with their own worst fears. Galinskys advice for leaders prone to amplification is simple: Be transparent. A quick message like Hey, I need to see you laterits nothing to worry about can save your team from hours of anxiety. And if your calendar is public, dont leave room for speculation. Trust me, your team is watching your calendar if its public, and theyre overanalyzing every entry, especially the vague ones. Dont give their imaginations room to fill in the blanks. Because theyll assume theyre the blanks. Incompetence: The Accidental Power Move Some of the most destructive power moves arent malicious. Theyre the result of sheer incompetence, which is amplified by a leaders position of power. Its like handing a megaphone to someone who doesnt know how to use it. They shout into the wrong end, and the whole room winces at the ear-splitting feedback. Leaders who dont know how to effectively design and deploy meetings end up scheduling them for every problem, real or imagined. According to Neil Vyner, VP of growth and go-to-market at Worklytics, just 5% of employees schedule 60% of all meetings. These serial schedulers tend to be the most powerful people in the company (or their assistants acting on their behalf). New managers are some of the worst offenders. Theyre promoted because they excelled in their previous roles, not because they know how to facilitate productive discussions, navigate hairy decisions, or avoid letting their new dinosaur tail knock over their teams ideas. Theyre handed a packed calendar of high-stakes meetings and a megaphone, but no user manual. Meanwhile, their employees watch their boss bumble through bad meetings and assume, Well, I guess this is how its done. Inefficiency gets institutionalized, and before long, the entire team is trapped in a cycle of toxic meeting mediocrity. Or worse, full-blown dysfunction. 1. One-on-ones aren’t for you, boss Incompetent managers often treat one-on-ones as their meetinga chance todownload updates, deliver monologues, or check a box. But thats not how they should be treated. As Ben Horowitz puts it, The key to a good one-on-one meeting is the understanding that it is the employees meeting rather than the managers meeting. A leaders job is to create space for whatever employees need to move their work forward, whether its advice, a pitch, or just a chance to vent. According to research by Gallup, just one meaningful one-on-one meeting each week does more to build high-performance relationships than any other leadership activityand meetings as short as 15 minutes are enough to make a difference. 2. Stop hosting meetings just to spoon-feed the boss One of the most commonand costlysigns of incompetence is the boss briefing: a meeting held not to collaborate or solve problems, but to spoon-feed status updates to a leader who cant be bothered to check the project tracker. If you just need updates from your team, dont drag them into a hostage situation. Ask for a written summary or a short video update instead. The same goes for updates that youre pushing out to your team. Skip the meeting and record a quick video instead. Film it from a real-life backdrop: a home office with kids barging in, or post-run and still dripping with sweat. That kind of raw, unfiltered communication hits differently. It satisfies the TikTok generations appetite for authenticity and transparency. Jerk Behavior: When the Boss Is the Bully Unlike amplification or incompetence, jerk behavior isnt an accidental or inevitable side effect of holding a position of power. Its a deliberate abuse of it. And unfortunately, its disturbingly common. Research by Simon Croom, a professor at the University of San Diego, found that 12 percent of corporate senior leaders exhibit psychopathic traits, up to twelve times the rate found in the general population. Yikes. Jerk behaviorinterrupting, nitpicking, steamrolling, humiliating, or straight-up bullyingsucks the oxygen out of the meeting. And the damage doesnt stay neatly contained at the top. It spreads. Employees who cant push back against a jerk boss dont just absorb the blow, they pass it along to the next person in line. Sure enough, supervisors who report to abusive bosses are more likely to engage in abusive behavior themselves. 1.Shine a light on jerk behavior Sometimes, the fastest way to shut down jerk behavior is to bring it into the light. Set up an anonymous feedback form so employees can report toxic behavior without fearing retaliation. But thats just step one. Dont let feedback languish in a forgotten Google Doc. Act on it. Prove youre serious about creating a jerk-free culture. Because doing nothing is worse than not asking for feedback in the first place. It sends a clear message: Were going to pretend that your voice matters, but it really doesnt. And thats just another form of jerk behavior. 2. When all else fails, protect yourself Some jerks are beyond redemption. If youre stuck with one of these un-fixable types, your best move is self-preservation. Dont let their toxicity take up space in your head. Or on your calendar. Start by limiting your exposure to them. Avoid meetings with them if you can. If thats not an option, move the conversation to email or chat to contain their toxicity behind a digital firewall. This will also generate a handy digital paper trail if you need to file a formal report with HR. And whatever you do, dont feed the beast. Jerks thrive on attention, so starve them of yours. Keep your responses short, flat, and factual. The less entertaining you are as a target, the faster theyll lose interest. Your goal isnt to win them over. Its to bore them into submission. Excerpted from Your Best Meeting Ever: 7 Principles for Designing Meetings That Get Things Done. Copyright 2026, Rebecca Hinds. Reproduced by permission of Simon Element, an imprint of Simon & Schuster. All rights reserved
Category:
E-Commerce
A decade ago, when Claire Burgi moved to New York City, she decided to cut meat out of her diet. The 33-year-old actor and audiobook narrator, who lives in Queens, grew up in California, where shed seen the effects of climate change firsthand. She knew that meat consumption was a major driver of greenhouse gas emissions and that vegetarianism was a way to help conserve resources and reduce pollution. When I was young, it rained a lot, she says. Now, it rains much less. All the fires are astoundingly horrific. The December 2017 Thomas wildfire burned more than 280,000 acres in and around Burgis hometown of Ventura, just north of Los Angeles. I just didnt want to be contributing to anything that was causing that, Burgi says. She recently made another major decision to reduce her eco-footprint: not to use generative AI. Shes been shocked, she says, by research showing how much electricity that the underlying technology generative AI tools like ChatGPT use, and how much this is raising carbon emissions. One paper published in 2023 predicted that AI-related infrastructure would soon consume six times more water than is used in Denmark yearly. Another piece of research from 2024 showed that a request made through ChatGPT consumes 10 times the electricity of a Google search. They make me think of Frankenstein, Burgi says of AI models. There have been times in history, she says, when humans have acted without any idea of what the consequences would be, because it was convenient for us in that moment. Right now, she adds, thats whats happening with AI. In general, women have been slower to adopt AI use than men. This gender gap has been well documented over the last few years. According to Harvard Business School associate professor Rembrand Koningwho synthesized data from 18 studies covering more than 140,000 individuals across the worldwomen are about 20% less likely than men to directly engage with this new technology. Whats less clearly established is the precise reason why. But when it comes to environmentally motivated reasons, Burgi isnt alone. “Environmental angst” The reasons for this gender gap vary. Some studies indicate that women are less likely to trust that gen AI providers will keep their data secure. Other research shows that women are more fearful of a loss of control that comes with these technologieswhich is, for example, reflected in their more muted enthusiasm for driverless cars. Studies have also shown that women are more likely to avoid AI because of fears that it could steal their job, and still other studies have found that women are more concerned than men about the ethical implications of AI use. But a growing body of research also indicates that a sizable chunk of the gap might be attributable to the type of environmental angst that people like Burgi feel. Earlier this month, academics at the University of Oxford published a paper showing that the reasons for the adoption gap are manifold, but that environmental concerns certainly play a significant part. The research, titled Women Worry, Men Adopt: How Gendered Perceptions Shape the Use of Generative AI, draws on survey responses from 8,000 individuals in 2023 and 2024 across the U.K. It established that 14.7% of women and 20% of men reported using gen AI tools frequentlyat least once a weekin a personal context. This corresponds to a gap of just over 5 percentage points. But the gap widens significantly in subsets of respondents who admit to being concerned about environmental and mental health risks. Among those who say they are worried about the climate, the gender gap is 9.3 percentage points; for those concerned about the mental health impact of these new technologies, it widens to 16.8 percentage points. Among older users of artificial intelligence, the gender gap for concerns about AIs climate effect is particularly wide: almost 18 percentage points. These findings echo previous research showing that women are more likely to display eco-anxiety than mena phrase thats been coined to refer to the mental health distress caused by climate change, ranging from concerns about the impact of extreme weather to the future of biodiversity. And the academics at Oxford write that their findings align with evidence of greater social compassion and moral sensitivity among women. Counterintuitive findings Fabian Stephany, a departmental research lecturer at the Oxford Internet Institute and one of the authors of the study, says that one of the most interesting things his research found was that some common preconceptions about AI usage werent corroborated. Theres a widely held assumption, for example, that greater tech literacy translates into higher use and adoption. But he found that this isnt always the case. In fact, in some cases, greater literacy and knowledge about AI actually drove down use. Also of note, the research found that among those who said they were concerned about AIs impact on the environment and on mental health, womens concerns were more likely to translate into action than mens concerns. In other words: Women were more likely to stop using AI because of the way they felt about it. Asked why that might be, Stephany said he could only speculate. Research done by academics in Iran in 2022, though, might provide an answer: It shows that women generally lean toward a more collectivist mindsetreflected in concerns for society, for examplewhile men tend to lean toward a more individualist one. Women are “the canary in the coal mine” Stephany says that the last thing he wants people to take away from this research is that women need to change or be fixed in some way. Their concerns are real, he says. Women are like the canary in the coal mine. And we should listen to these concerns, he adds. The important thing isnt to tell women to be more optimisticits to address the harms. And, he says, these harms can be addressed. Biases can be reduced, carbon footprints can be lowered, smaller models can be run locally, Stephani says. We dont have to wait for future breakthroughs. We can reduce harms now. His research suggests that theres a sizable market of people with strong convictions about AI consumption, he says. A more green, sustainable, inclusive gen AI model would have a clear target market.” And there are already platforms available that seem to be tapping into this market that Stephany mentions. GreenPT, for example, bills itself as a platform that runs on renewable energy and is hosted in Europe for strict data protection. Viro, another platform, funds clean energy projects and markets itself as a climate-neutral alternative to less environmentally conscious options. Speaking at the Massachusetts Institute of Technology last year, Sam Altman, the CEO of OpenAI, which operates ChatGPT, tried to allay fears that his technology might be accelerating climate change by framing it as a tool to enhance sustainability. If we have to spend even 1% of the worlds electricity training powerful AI, and that AI helps us figure out how to get to non-carbon-based energy or to do carbon capture better, that would be a massive win, he said. As for Burgi, she would want to see a lot of changes before even entertaining the idea of intentionally incorporating AI use into her daily life. She doesnt think that anything could meaningfully allay her ethical concerns about AI. Especially as an artist, I just don’t feel morally aligned with using AI, she says. In terms of her environmental concerns, shes similarly skeptical. If there was more transparency, and if it seemed like more thought and care was being put into these thingsif it wasnt just about greed and capitalismthen I might consider it from an environmental concern, she says. But right now? I dont really see any of that happening.
Category:
E-Commerce
All news |
||||||||||||||||||
|
||||||||||||||||||