Ultra Intelligence & Communications

In Light of the Recent Russian ICS Attack

October 2nd, 2015 / By

Most people understand that countries like Russia and China are capable of more sophisticated cyber-attacks. And others like Iran and North Korea may not be as sophisticated now, but certainly could be in the future. None of these countries are timid about displaying any differences they have with the US, or for that matter even exploiting our country’s political actions for their own gain. It also isn’t just nation states who turn to cyber as a means to further strategic interests, the Islamic State (ISIS), uses the Internet for their own gain and propaganda, the Iranian ‘Cutting Sword of Justice’ group crippled over 30,000 computers and the operations of Saudi Aramco with destructive malware, and a German steel mill suffered “massive damage” from a cyber-attack.

If you follow world events, you perhaps know that in recent days, James Clapper, the Director of National Intelligence, reported that the Russians had been able to infiltrate US industrial control networks. What does that mean for our nation’s security when they decide to initiate a full blown cyber-attack? Imagine if Russia, or another country or entity, decided to cripple our nation’s electrical grid, or even just part of it? What about our oil refineries, pipelines, damns, water treatment facilities, or military bases? We could see economic and/or physical devastation and panic in a manner not seen since 9/11.

What Mr. Clapper did not mention was how long the Russians had been in the grid before they were discovered, or how that discovery was made. We have heard all too often the mantra of improving the air-gap and building bigger walls to keep attackers out, and we have personally seen how those walls are breached every time by determined and persistent attackers. This is why the U.S. DoD has changed its approach to cyber-security from a pure preventative play to one that tries to keep attackers out but also assumes they’re already inside and tries to find them. If you assume your defenses have been breached you will find and remediate a problem quicker than if you assume your defenses are strong and wait to be proved wrong in an embarrassing fashion.

To use an analogy that US citizens will understand, “the electrical grid powers everything and is our light switch to the US economy”. If someone turns off that light switch, it would have rippling effects on the US economy – financially, politically, and physically. Further, we cannot, and should not, assume hackers are not already within our industrial control networks when they are. Preventing attacks on the industrial control networks that manage our nations critical infrastructure is a matter of keeping hackers out as well as both finding and mitigating those already obscured or hidden within our systems. Let’s follow the military’s example and ensure that the lifelines to our economy, and our national security, have both “protection and detection”.

Ultimately the grid and many other integrated critical infrastructures are fragile. New denial of service vulnerabilities are discovered each day against commonly used PLCs, RTUs, and other sensors. Simple commands or disrupted communications can cause outsized impacts and damage. We have all experienced the warning of the control system operator who sternly forbids anyone from touching or modifying their system in case of disruption. What we need is resilience, our industrial control systems should be able to withstand the pokes and prods of everyday use. If our system is resilient, then when an attacker gains access (as they will) they won’t be able to do anything damaging. Resilience equals lower risk.

In closing, the US electrical grid and other critical infrastructures like it are fragile and vulnerable to cyber-attacks. The structures need more resilience, which lessen the impact of a potential threat. Government has known this for years, but given the world’s current climate, it’s become increasingly important to protect our US industrial control systems. And in connection to the recent revelation about Russian hackers, is it really a surprise Moscow has a cyber-military command unit or a specialized branch for computer network operations now? These attacks are the future warfare of our nation, and the world we live in.

Find more specifics on this article here.