Gas Lines, Power Companies Targeted by Cyberattacks
One of the cyber doomsday scenarios often painted by security advocates is an attack on the U.S. energy grid. Mechanized farms would be frozen, communication and innovation gone, and the U.S. economy brought to a standstill. A coordinated cyberattack using existing technology could bring the country to its knees.
After surveying more than 100 energy companies in May, Representatives Edward Markey and Henry Waxman said more than a dozen of the companies reported “daily,” “constant,” or “frequent” attempts of people trying to hack their networks. One utility reported it faced close to 10,000 attacks each month.
During his 2013 State of the Union Address, President Barack Obama warned of the growing threats in cyberspace, saying “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems.”
The threat is what led Obama to sign an executive order in February on “Improving Critical Infrastructure Cybersecurity,” which established information sharing programs and directed government resources towards securing critical systems necessary to keep the nation running. It states, “cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront.”
Critical infrastructures include the financial sector, transit systems, the energy grid, and water purification facilities, among others. The White House executive order on cybersecurity classifies them as systems “so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
“Risks to critical infrastructure are real,” said Tiffany Rad, a senior researcher at Kaspersky Lab, in an email interview.
She cited several examples, including a study by security company Trend Micro where researchers set up 12 fake systems meant to mimic remote control systems of American municipal water plants. They watched as the fake systems were hacked more than 70 times, and noted that China and Russia were the most aggressive. The study was taken as proof that state actors are actively trying to exploit security holes in critical systems.
“If those research results are combined with a DHS report in 2012, which listed a significant increase in attacks on the U.S. critical infrastructure, it suggests that this is a threat to be taken seriously,” Rad said.
The current state of cybersecurity for the energy grid, in particular, is two-pronged. On one side, the rate of attacks is growing and becoming more sophisticated. On the other side, security systems are at a level beyond the reach of the common hacker.
James Clapper, director of National Intelligence, dispelled some concern in a March 12 statement before the Senate. He said while there may be minor attacks, there is a “remote chance” of a major cyberattack on U.S. critical infrastructures over the next two years “that would result in long-term, wide-scale disruption of services, such as a regional power outage.”
He said, however, the level of skill required for such an attack is beyond that of almost anyone other than state actors. And countries with these capabilities, including Russia and China, “are unlikely to launch such a devastating attack against the United States outside of a military conflict or crisis that they believe threatens their vital interests.”
Photo of moving grate incinerator for municipal solid waste. By Steag, Germany (Steag, Germany) [GFDL (http://www.gnu.org/copyleft/fdl.html) or CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0/)], via Wikimedia Commons