According to Bloomberg News and Smart Grid News, yet another cyber attack occurred on the digital infrastructure of the US and Europe this month. This time the attack was no small intrusion, but a massive systems breach of thousands of power plants across the U.S. and Western Europe. According to reports, the hackers were traced back to a group of Russian hackers operating with the code names ‘Dragonfly’ and ‘Energetic Bear’. Reports indicate that the hackers “…used malware to gain remote access.” So far, they have only used the malware to spy, but they could have used its remote-access functionality to “wreak considerably more havoc had they decided to”.
Only a few weeks ago the Department of Homeland Security (DHS) announced that hackers had gained access to unnamed power plants in the U.S. and had actually gained control of a ‘mechanical device’ in one of the plants. In what may be a related incident, in June hackers from what is believed to be a group operating under the name ‘UglyGorilla’ in China breached security at several US plants and collected data on numerous systems including mechanical ones. They collected data from operating manuals, sought passwords, tried to gain access to manipulate valves, and most importantly gained access to the SCADA system that controls much of plant operations.
So far it is believed that these state sponsored hackers have only been spying on operations. In military parlance this is called ‘prepping the battlefield’, or gaining as much information as possible prior to an attack on an adversary. By prepping or mapping our digital systems foreign powers will know where our greatest vulnerabilities lay, and how to access and control them should they desire to do so. It is unknown if they have left behind malware that would permit future access should a crisis occur.
Intrusions by individuals, groups, or nation states with malicious intent has been an ongoing concern in the cyber community. Cyber criminals cost the global economy $1 trillion dollars by some accounts, prey on individual computers, hack into retailers to gain credit card information, steal sensitive information from defense contractors, gain privileged information on future products from industries and now, nation states seem bent on obtaining information that some claim could lead to a future cyber ‘Pearl Harbor”.
To defend our cyber systems we need to take multiple measures that effectively deal with intrusions. Cutting edge hard and software is part of a layered defense, as is an isolation and hardening of ‘priority’ systems. We also need to train and educate the tens of thousands of cyber security people that are desperately needed…right now…and in the decade ahead. What we cannot do is continue to turn a blind eye towards hackers and consider them as just a nuisance we have to live with as part of our modern world.
Read more thoughts by Dr. LeClair at the National Cybersecurity Institute blog.