Cyberwar is Real: US Electrical Grid Attacked and Compromised

The Wall Street Journal has reported what many of those of us on the inside of the cyber security world already knew, namely that their is a very serious warfare going on today between Russia and China, and the US. Read the report here:

http://online.wsj.com/article/SB123914805204099085.html?mod=googlenews_wsj

We could call this a "cold war" on the network/computer ("cyber") battlefield in the sense that damaging actions are not yet being taken. Instead, "footholds" are being created from which highly effective attacks can be mounted. In this case, it's footholds in the heart of a critical area of infrastructure, our power systems.

The report speaks to the North American Electrical Reliability Corp. being responsible for oversight of the security of our electrical systems, and setting standards for firewalls between administrative and actual control systems.

Sorry to be overly colloquial but, "well duh!".

In general, control systems shouldn't have any connections to the internet, period. Interconnects between "administrative" systems that are internet connect and the control systems should not exist, or utilize proprietary and highly secured lines and technologies. Obviously this isn't the case. It's a safe assumption that a casual attitude in the evolution of the internal systems in the power industry, combined with a real lack of understanding of the ability of hackers to thread malware through a wide variety of industry standard communications interfaces, has lead to a high degree of interconnection and thereby to an easy to penetrate set of control systems.

Unfortunately the problem certainly isn't limited to power systems. Is the situation likely to be any different in our telecommunications infrastructure? Our water management infrastructure? Our police and civil defense infrastructure? Our hospital and emergency response infrastures? If our power control systems can be subverted, is there much of anything in the civil arena that isn't in all likelihood subject to successful intrusion and subversion?

One area of real concern I have is the lack of computing security expertise that your typical power systems organization, and all other civil infrastructure computing systems, are going to have. Simply put, they don't have the right soldiers in the field to fight the type of war being waged.

It's no wonder that Obama's administration is issuing a call to action in the general area of "cyber security". While we are busy designing and building jet fighters that can take out anything China might produce by the year 2100, China and Russia are thinking and operating strategically.

We in the US (and other western nations) must think and act strategically too. The plane of combat has expanded in new dimensions, with the network being the enabler, and the computer control system being the field of battle. Of course we shouldn't forget that there may very well be offensive actions well under way by the US Department of Defense. However, that doesn't address our own weaknesses. If we were thinking and acting strategically and comprehensively, wouldn't there already be clear efforts underway to secure our infrastructure from cyber attack? Unfortunately this line of thinking, combined with the evidence at hand, is not comforting.

Let's go back to Conficker for a moment (see previous blogs); if I was the "owner" of that worm, my perspective would be that I have a pretty darn powerful "bomb" available, potentially an ability to bring down certainly selected targets that operate on or via the internet, and potentially even wide swathes internet based economic activity, through leveraging the power the +/- 5 million computers under my control. Personally I know what I would do with this capability; I auction it off to the highest bidder, and I'd go to Russia and China first and formost to start the bidding process. (Then I'd go retire to a life of surfing, pool and internet poker in the Maldives.)

It's a strange new world in all respects, and this strange new world includes a new Cyber Cold War. We'll acronymize it and call it CCW (you heard it here first!). It's real, it's serious, and it is a threat to our economy and even our daily creature comforts of power, phone and internet. Obviously Arxan Technologies, Inc. is in the the business of helping, both "confidentially" through our Defense Systems organization, and more openly and publically on the commercial side through commercial products and technologies. What's needed is an active and investing government, stepping up to the plate to enable the investments by our infrastructure organizations to devise and deploy the necessary re-architecting and defensing of our infrastructure computing systems.