Stealthcare Analyzes the Cyber Risks to Energy Systems and Critical Infrastructure


Critical infrastructure may be the next big target for hackers. Evidence has shown hacking attempts and an evolution of sophistication of methods. Energy is critical to our society, and it’s our duty to examine that the subject in detail. We’ll look at the attacks that have already happened, the methods, the motivations of the actors, the trends of we’re seeing, and what’s being done about it.

There are many factors at play interacting with each other: nation-states, hackers looking for profit, our increasingly technology-dependent world, and government efforts at protection. Of all the cyber threats we face, this is likely the biggest.

The bottom line up front, is that our way of life relies on critical infrastructure. The power grid gives life to so many industries upon which we are reliant. The banking industry, from powering ATMs to the computer processing power behind the millions of electronic transactions that occur every day. The healthcare industry, from powering the x-ray and body scan machines to the life support devices which keep a human being alive. The travel industry, from producing cars and airplanes to powering trains. All of these industries rely on critical infrastructure.

Why Does All This Matter?

Everything is connected. So many industries are reliant on critical infrastructure and the power grid. For example, the healthcare industry. Hospitals provide care for patients, some of which are on life-support systems. If critical infrastructure goes down, so do the life support systems, followed by the potential death of a patient. Another example is the federal government, which provides our nation’s military and defenses. If critical infrastructure goes down, so does the communications between branches, along with weapons systems. Without weapons, our nation is defenseless. This is a cascading domino effect.

According to former news anchor Ted Koppel, we’ve never experienced a cyberattack that amounts to a weapon of mass destruction. The effects of losing one power grid would be devastating, akin to a “cyber Pearl Harbor” attack, states former Secretary of Defense, Leon Panetta. According to former Secretary of Homeland Security, Janet Napolitano, there’s an 80-90% likelihood of such a cyberattack actually happening.

Koppel speculates that countries capable of carrying out such a cyberattack on US power grids are the Russians, Chinese, and maybe the Iranians and North Koreans. He also suggests that having a contingency plan in the event of a cyberattack on our power grids is a federal responsibility.

Koppel concludes that anyone with enough skill and a laptop could infiltrate a power grid network and take it down. In theory, terrorist groups could buy the needed expertise to bring down a power grid.

A Brief History

A recent series of cyberattacks on an energy system involved three energy production facilities in Ukraine. The initial cause of the hacked power grid came down to the human factor: spear-phishing (email designated for specific execs) and social engineering. The cybercriminals exploited the fact that the energy production equipment was attached to a regular IT network.

One of the most recent cyberattacks involved Russian military networks and critical infrastructure getting infected with tailor-made malware. The Russian Federal Security Service (FSB) postulates the attack was driven by cyberespionage, based off the types of organizations infected.

Malware: The Cybercriminal’s Weapon

Malware has a number of uses by cybercriminals. Recently, malware has been seen targeting the banking and healthcare industries. Malware used on the energy production industry is more likely used for gaining unauthorized access into a network. Once the network has been breached, cybercriminals can then commit more damage.

How Physical Security is Part of Cybersecurity

Even with the best cyber security, infiltrators can walk right in in some cases. Whether the technology is old, new, vulnerable or secure, this is a threat that must be addressed.

Cybersecurity protects against digital assets. Good cybersecurity starts with good physical security. This includes good door locks, biometrics, common access cards (CACs), air-gapping, right down to written visitor documentation in a logbook. However, good physical security has weaknesses such as social engineering and the insider threat.

It’s believed that ICS and SCADA systems are air-gapped; completely disconnected from the Internet and corporate network and thus protected from any perceived threat, cyber or otherwise. Even with an air-gap, ICS and SCADA systems are still at risk. To mitigate the risk, new monitoring technologies need to be developed specifically for ICS and SCADA networks.

The Larger Threat to Infrastructure

As our world becomes increasingly connected and reliant on the Internet of Things (IoT), the most vital parts of our survival will be at stake: our water supply, our medical devices, our cars, and more.

A big problem not just with energy systems, is that much of the world’s equipment is Internet-enabled, making it part of the IoT. With IoT devices, many vulnerabilities are “baked into” the devices themselves. Their embedded software (called firmware) unfortunately wasn’t designed to be upgraded, so the vulnerabilities have no fix.

What’s Being Done?

To help mitigate the risks to energy systems, local IT departments need to work with the engineers to lock down ICS and SCADA networks and equipment. When two entities collaborate to achieve a common goal, in this case, securing access to Internet-facing energy systems, cybercriminals will have a much more difficult time infiltrating and manipulating our energy systems.

The bulk of the nation’s critical infrastructure is controlled primarily by private owners and operators, who are also the first line of defense should an attack threaten the energy sector. As such, the National Guard has been implemented to work closely with the private owners and operators of the nation’s critical infrastructure to secure such networks.

Where This Is Headed

There is no reason in particular why a major cyber breach on US critical infrastructure hasn’t occurred yet. However, security experts suspect that hackers and nation-states want to monitor technological developments on the energy grid.

While a complete shutdown of the US power grid has yet to occur, there have been attempts at doing so. In March of 2016, hackers tied to the Islamic Revolutionary Guard Corps attempted to shut down numerous financial organizations and a small dam outside New York City.

According to a 2014 report from the ICS-CERT, there’ve been at least 245 attempted cyberattacks on US critical infrastructure over a 12-month time span. With the sheer number of cyberattacks that’ve been attempted thus far, it’s only a matter of time before US critical infrastructure actually experiences a major cyberattack.

Conclusion

Humanity’s reliance on the power grid makes it such a vulnerable attack. As a species, humans would survive in the event of a cyberattack on critical infrastructure. It’s human nature to survive. However, our way of life would be greatly affected. Without an active power grid, lifestyles would change greatly, something to the effect of reverting to the industrial age of the later 1800s and early 1900s.

With all the cyberattacks against the Middle East and Eastern European infrastructure, and the attempted cyberattacks against the US infrastructure, it’s clearly evident that cooperation and collaboration is necessary. Working collectively to achieve the same goals, securing the networks which operate critical infrastructure, should be the ultimate mission.