Hitler wanted to build an atomic weapon, and the Allies knew it.

The year was 1943, and this is the story of Operation Gunnerside.

What does this have to do with industrial control systems cybersecurity? Keep reading and find out.

Everybody thinks “ooh, Manhattan project, big BIG secret.”

Little do they know* that the concept of nuclear weapons was well known by both sides during the Second World War.

The trick was making them.

*That* was the secret.

Not going to get into nuclear physics, but suffice it to say the Germans and the Americans chose different approaches to building nuclear weapons.

The Germans needed an incredible amount of water and power.

Want to know more? Look up “Deuterium”

The Germans required lots of “heavy water” (deuterium), which required an incredible amount of power to extract out of regular water.

They were using a hydroelectric power plant to get it.

This is Vemork power station, at the Rjukan waterfall in Telemark, Norway. 👇

Starting in 1940, the British Special Operations Executive began planning sabotage operations against the facility in an effort to limit its ability to produce heavy water.

Slowing heavy water production would slow the German nuclear weapons program.

The British failed to destroy Vemork w/bombers.

By 1942, the decision was made that the SOE would organize a daring raid by partisan commandos trained by the Allies.

Long-distance cross country skiing. Ice climbing. Direct assault against the facility. Then time-bombs.

The operations sustained heavy casualties, but the Norwegian commandos ultimately succeeded in taking Vemork offline.

Years of planning. Hundreds of participants. A massive support apparatus.

OPERATION GUNNERSIDE significantly delaying the German nuclear program.

What does this have to do with Industrial Control Systems cybersecurity?

A lot.

The parent company of that power station, now called Hydro (or Norsk Hydro) continues to operate as it has since its founding in 1905.

And in 2019, fell victim to a cyber-attack.

In a matter of hours, Norsk Hydro’s infrastructure was brought to a halt.


The company remained impaired for weeks, as production operations had to roll back to using manual processes.

In the two years since, the Norsk Hydro case study has become a famous one in the world of ICS cybersecurity:


The lesson here?

Things that took years of planning and hundreds of people to accomplish can now be done remotely.

Instead of explosives, saboteurs can use code.

And they’re coming for the big industrial infrastructures that form the backbone of our society.

That’s it for NOW. Stay tuned for more threads on sabotage, cyber, and irregular warfare. And if you want more content, check out my substack:


*you ppl really need to read more books and stop reading my twitter rants!

Here is a great book that covers Op. Gunnerside, the OSS, and irregular warfare during the Second World War:

And don’t forget my favorite book, Cryptonomicon. It’s fiction, but an outstanding ever-so-slightly-alternative history about the Second World War, special operations, codebreaking, cryptocurrency (you read that right!), and the digital future.

If you’re like my writing, here’s my latest post on the ol’ substack.


An audio version, read by yours truly, is embedded, so you can listen on your drive home.


• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with joshua steinman 🇺🇸

joshua steinman 🇺🇸 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AreDangerousMen

18 Jul
We always knew this day was coming.

But I didn’t expect it so soon.

I would say this marks the end of the beginning - the end of the web’s first form.
Here’s what comes next, from my perspective:

- more aggressive use of ML to minimize the effectiveness of centralized web-based platforms for heterodox thinkers/doers.

- endpoint monitoring (your android phone is next)

- possibly even at the chip level
Will be interesting to see what @Apple does here. They have been playing with iCloud encryption, which would prevent this type of thing so far as I understand. But given the pressures, I’m only 50/50 on them not caving as well.
Read 4 tweets
18 Jul
Some thoughts on 5G…

From the guy who coordinated the entire USG strategy on it, from the national security council.

Telecom equipment today is like a TI-83 calculator.

Custom built hardware.

Works really well. But is expensive to build and only works at scale.

At some point in the future, that hardware will turn into a .exe file downloaded into millions of servers worldwide, sitting in data centers, and at the base of cellphone towers.

In other words: @pmarca‘s prediction continues its long march down the stack.

Read 5 tweets
18 Jul
The Four Horsemen of the New Golden Age:
1: Ubiquitous and unhindered communications
2: Low cost compute
Read 5 tweets
17 Jul
It’s like math - you can infer it from raw facts:

- make a list of ten quantifiable things you care about (“access to water” “days of snow per year” “close to…” etc)


- pick out twenty places you *might* want to live, spread out across the country or world and rank them 1-10 for their qualities per your ten factors.


- see which places score the best. Backwards extrapolate generalizable features of those best-scoring places and look for other similar locations.

Read 5 tweets
25 Jun
It’s Friday afternoon and I’m thinking a lot about our upcoming fundraising round.

Surprisingly enough, my mind keeps returning to a lesson I learned the first time (of three) I almost got myself killed.

A short thread…
I was on a three month @NOLSedu desert survival course; one month of backpacking, one month of open-water sailing, then finally one month of sea kayaking down the West coast of the Sea of Cortez.

Ten students. Two instructors.

We were about two weeks from course end.
The an old soldier’s tale = you make a big mistake after ~200 hrs of practice. You’re getting comfortable, think you have the hang of it, and drop your guard.

So it makes perfect sense that after three weeks of sea kayaking for 8-10 hours a day, I was due for a royal f-up.
Read 21 tweets
4 Jun
1/ The West is at a disadvantage in 4th Generation Warfare (“4GW”).

We see the world through the lens of category, for example, “friend” and “enemy.”

“War” is a state. It must be declared. Mutually agreed upon. Understood by all.

But others think differently…
2/ The legacy of Aristotle exhorts us to use words to describe reality.

Other cultural forms teach other things, like “use words to deceive.”
3/ In 4GW one must be able to ignoring the words, and look at intent, action, and result.

Ask: what actually happened, then search for facts.
Think: what will result from this.

Then: keep in your mind the range of possibilities. Because we may never know the truth.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!