The year 2011 may have forever changed the way we think about the security of networks and systems. Following a year many are calling the “year of the hack,” security professionals have fundamentally changed their outlook when it comes to the threat of a network breach. Whereas previously, many considered a breach unlikely and more of an “if” scenario, many have shifted to a mindset of “when.”
Week after week one company after another was breached with high profile impact. Unfortunately public utilities were no different. In November 2011, the deputy assistant director of the FBI's Cyber Division, Michael Welch, told a London cyber security conference that hackers had recently accessed the critical infrastructure in three U.S. cities by compromising their Internet-based control systems.
Around that same time separate reports surfaced regarding hacks into water utilities in Illinois and Texas. These incidents likely led to a reissued warning in December by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the Department of Homeland Security (DHS). This warning was targeted to control system owners and operators addressing their potential vulnerability to cyber intrusion and attack on their industrial control systems and supervisory control and data acquisition (ICS-SCADA) systems mainly through their remote access and monitoring systems, which often have no firewall protection and weak authentication systems.
Public utilities provide critical infrastructure, and that makes them a target for cyber war, terrorism, crime, and hacktivism.
These recent incidents highlight concerns shared by many when it comes to cyber security practices and standards employed in the defense of critical infrastructure.
World Wide War
Since American Presidential Directive PDD-63 concerning critical infrastructure protection (CIP) was enacted in May of 1998, progress has been made. However, one has to question whether we’ve caught up or fallen further behind.
2011 was a defining year for the hacktivist, with many government and corporate networks targeted in support of various social causes.
The increasing connectedness of infrastructure not only makes us more vulnerable to cyber security attacks but increases the cascading effect an attack can have on other infrastructure sectors and capabilities. When PDD-63 was enacted, it’s likely those same hacked water utilities weren’t even accessible via the Internet. Today, much, if not most, of our critical infrastructure is either directly connected to the Internet or indirectly via corporate networks that are.
The critical infrastructures public utilities provide make them a target of interest for a variety of threats. The catalysts behind these threats fall into the following primary categories: cyber war, cyber terrorism, cyber crime, and hacktivism.
The United States is the superpower of cyber warfare, but we aren’t alone in possessing these capabilities. As other countries have evaluated their offensive and defensive warfare postures, cyber warfare has become a fundamental capability of many nation states. Cyber warfare is a unique and powerful weapon. It can provide a meaningful deterrence against countries with superior conventional forces. If a country were able to demonstrate the ability to bring down another’s countries energy grid, that countries military and diplomat options could be significant constrained and influenced.