Friday, March 16, 2018

Russia hacks into critical infrastructure - Is America asleep at the wheel?

Here’s my nomination for the scariest new report of today (published yesterday, March 15th).

The NY Times, among other sources, reports that Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says

The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.

… new computer screenshots released by the Department of Homeland Security on Thursday made clear that Russian state hackers had the foothold they would have needed to manipulate or shut down power plants.

“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” said Eric Chien, a security technology director at Symantec, a digital security firm.

“From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation,” Mr. Chien said.

More broadly, during the 2016 election and after:

… at least three separate Russian cyberoperations were underway simultaneously. One focused on stealing documents from the Democratic National Committee and other political groups. Another, by a St. Petersburg “troll farm” known as the Internet Research Agency, used social media to sow discord and division. A third effort sought to burrow into the infrastructure of American and European nations.

This is not hypothetical. The hacks by Russia present a clear and present danger to our critical infrastructure. Russian attacks in the Ukraine were real and devastating.

In an updated warning to utility companies on Thursday, Homeland Security officials included a screenshot taken by Russian operatives that proved they could now gain access to their victims’ critical controls.

American officials and security firms, including Symantec and CrowdStrike, believe that Russian attacks on the Ukrainian power grid in 2015 and 2016 that left more than 200,000 citizens there in the dark are an ominous sign of what the Russian cyberstrikes may portend in the United States and Europe in the event of escalating hostilities.

What is not included in the Times’ report is the state of readiness (or absence thereof) by America’s power plants and other utilities. A complicating factor, noted yesterday evening on the Rachel Maddow show, is that our critical infrastructure is largely private and held by thousands of independent companies. What defensive response, if any, at the federal level was not clear in the Time’s report. My sense is that so far Trump has not made such a response a national priority. Protecting against a cyber attack, no matter how necessary in the long run, does not add to shareholders’ dividends.

Maybe the best we can hope for is a standoff between super-powers - that we have powerful offensive cyber weapons too thus creating a new version of mutually assured destruction.

The Texas swing band Asleep at the Wheel recorded an album titled Comin’ Right at Ya. Thats’s a succinct way of thinking about what’s in our future.

No comments:

Post a Comment