In an age of cyber warfare around the world, the requirement for protection of our critical systems has never been more important. Most of the United States is served by antiquated and obsolete systems that send electricity, water and infrastructure control systems, typically decades old. The age of these systems makes them prime targets for hackers as they’re often not updated or modernized, usually classified as “legacy” systems. These legacy systems are often not replaceable or their original programmers are retired or deceased as was the case with the COBOL programs still in use around the Y2K fiasco. With an increasing reliance on mobile computing, all it takes is a lazy administrator to remote into a gapped system out of convenience to provide an entry point for a hacker into a legacy system.
A joint report issued by the Department of Homeland Security and the FBI confirmed that security specialists have been responding to cyber attacks on nuclear infrastructure since May 2016. The report carried with it an urgent Amber warning giving it the second-highest rating for the threat. The nature of the attacks and what they were designed to do is currently unknown until the method of attack is analyzed. Both agencies confirmed that they are still unaware of how many facilities were breached or the extent of infiltration other than saying that it appears no “operations systems” were affected.
The attacks targeted people, control engineers who have direct access to systems that could cause explosions, fires or spills of dangerous material if damaged. The report indicated the use of an “advanced persistent threat” actor which often describes hackers backed by governments. Techniques used in the attack mimicked those used by a group called “Energetic Bear”, a hacking group with ties to the Russian government that have deployed attacks on the energy sector since 2012. These attacks since May used Microsoft Word documents laced with malicious code disguised inside fake resumes for control engineering jobs. Once opened, the hackers were able to obtain credentials for the facilities internal network for purposes still to be determined.
Organizations that run our energy, nuclear and critical manufacturing have been common targets for cyber attacks for the last several years. These attacks are the most serious challenges to our national security currently. An enemy crippled from the inside is an enemy unable to fight on the outside. President Trump signed an executive order on May 11 that directed the United States to strengthen its cybersecurity defenses of federal networks and critical infrastructure. Government agencies were directed to work with public companies to mitigate risks and help defend our infrastructure.
The order specifically addressed the threats from “electricity disruptions and prolonged power outages resulting from cybersecurity incidents.”
Since the hacking tools stolen from the National Security Agency leaked onto the Internet, the United States has faced an increasing wave of advanced hacking attacks targeting critical infrastructure control systems. Since the United States and Israel created Stuxnet in 2008 that targeted Iran’s nuclear enrichment facilities, the precedent was set for more advanced attacks to take place. The United States should have prepared for what was inevitable in 2008, but didn’t and is now playing catch up against a threat that is light years ahead. Our reliance on Scada (supervisory control and data acquisition systems) has created a gold-plated attack surface that hackers are taking advantage of now. It seems that the years of security specialists warning us that hackers could use remote access to Scada systems to cause physical destruction are now coming true.
Lets hope that it’s not already too late.