Infrastructure Cyber Attack: 'We Don’t Know How Many Other Utilities Are Compromised'
We’ve written extensively about the threat within the utility infrastructure of the United States for quite some time. In April of 2011 we noted that staggering security holes exist in our power, water, and oil grid infrastructure and two months ago commander of U.S. cyber command General Keith Alexander warned that strikes designed to disrupt computer operations and “lethal attacks that destroy entire systems and physical equipment” would specifically target not just our utility grids, but commerce and transportation systems.
For many, these scenarios are hypothetical science fiction.
The latest incident in Illinois proves this is no longer the case, as security experts have determined that foreign hackers, likely originating from Russia, have compromised our water utility grid and figured out a way to shut down water pump systems in a manner similar to that in which the Stuxnet worm destroyed Iranian centrifuges last year. The threat is now reality:
Foreign hackers broke into a water plant control system in Illinois last week and damaged a water pump in what appears to be the first reported case of a malicious cyber attack damaging a critical computer system in the United States, according to an industry expert.
Dave Marcus, director of security research for McAfee Labs, said that the computers that control critical systems in the United States are vulnerable to attacks that come through the Internet, and few operators of these systems know how to detect them. “So many are ill-prepared for cyber attacks,” Marcus said.
Problems with the system in Springfield had been observed for two to three months and recently the system “would power on and off, resulting in the burnout of a water pump,” the Nov. 10 report from the statewide terrorism and intelligence center stated, according to Weiss, who read the report to The Washington Post.
According to the report, hackers apparently broke into a software company’s database and retrieved user names and passwords of various control systems that run water plant computer equipment. Using that data, they were able to hack into the plant in Illinois, Weiss said.
“It was tracked to Russia. It has been in the system for at least two to three months. It has caused damage. We don’t know how many other utilities are currently compromised.”
Senior U.S. officials, including Alexander, have recently raised warnings about the risk of cyber attacks on critical infrastructure. Questions persist about the readiness and capabilities of DHS to respond to a major attack, and the scope of authority of the U.S. military, which has the greatest cyber operational capabilities, to respond.
Our readers may recall that the Duqu worm, which was identified by cyber security firms last month, has been deployed throughout the network infrastructure of the U.S. grid and is scarily similar to that of Stuxnet. It is believed that Duqu is currently active in the United States, sniffing and looking for potential security holes, and may be capable of disrupting computers controlling power plants, oil refineries and other critical infrastructure networks.
While the attack in Illinois is isolated to a single utility and plant, and apparently just one water pump, it may be a precursor of things to come. The fact that hackers gained access to an essential component of the grid can only mean that the rest of the nation’s command and control systems are equally as vulnerable.
One is no big deal and plant personnel can recover fairly quickly. But what happens if a foreign power or a rogue shadow terror group decides to launch a coordinated, multi-node, multi-regional attack that not only attacks pump systems, but perhaps the chemical treatment systems that keep our water supplies clean? It is conceivable that, since these cyber worms are capable of controlling hardware and software, city water supplies could essentially be poisoned before monitoring systems are able to determine that they have become dangerous for human consumption. And this is just one of many potential attacks that can be initiated on our grid. Everything from water supplies and electric power, to oil refining and digital commerce (i.e. bank ATMs, stock exchanges, etc.) could be a target.
Realistically speaking and considering that hackers managed to take-down what should be a highly secured water processing system, a coordinated attack could yield significant damage that includes the deaths of thousands of people.
This latest example of the cyber vulnerabilities in critical nationwide infrastructure systems should be enough to convince anyone that preparing a reserve supply of clean water, food and other supplies is a necessity in today’s world.