Q&A on U.S. electrical grid infiltrated by Chinese, Russian cyberspies

April 9th, 2009

London to Brighton Veteran Car RunThe Wall Street Journal’s scoop that Chinese and Russian cyberspies have established deep footholds inside the networks that control the U.S. electrical grid ties directly into the 60-day review of U.S. cybersecurity policy due to be delivered any day to the White House.

Proving investigative journalism is still viable, WSJ reporter Siobahn Gorman cajoled unnamed U.S. intelligence officials to describe how cyberspies have mapped the on-off controls for major sections of the U.S. power grid, and downloaded backdoors enabling them to gain remote control, as needed. Gorman reports that this  puts the Russians and Chinese in position to  manipulate — or even destroy — U.S. electrical infrastucture, if and when it fits their respective strategic needs.

Intelligence officials told Gorman there is no indication the Russians or Chinese would want to so disrupt the USA — just yet. But if this doesn’t make it clear to the general public that  our rival superpowers are off and running hard in the cyberarms race, nothing will. Meanwhile the U.S. is still in the lockerroom.  At this point in time, cyberwarfare for all intents and purposed continues to be waged “asymetrically” — one way — against the U.S.

Mounting infiltrations since 2003

Gorman’s story follows on the heels of this Feb. 12 Associated Press report about 67 computers going missing from the Los Alamos Nuclear Weapons Lab. Other recent stories tell how hackers broke into the Federal Aviation Administration, the Department of Defense and NASA.

These  developments in 2009 come off a foundation of strategic, asymetrical attacks launched at the USA since 2003. That’s  when the Chinese were caught executing  Titan Rain, a slick, extensive wave of infiltrations of networks at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal and NASA. Asymetrical  attacks continued in 2006-2007 with infiltrations of  the Department of Commerce, the Pentagon and the Navy War College.

Meanwhile, the Bush Administration focused on waging troops-and-armaments ground wars in Iran and Afghanistan. This led Gen. James Cartwright, commander of the Strategic Command, to warn in a February 2007 speech at the Air Warfare Symposium in Florida, that  U.S. cyberwarfare strategy was disjointed;  with few links between key agencies, such as the National Security Agency and the Naval Network Warfare Command.

In March 2007, President Bush finally  announced a $7.3 billion plan, the first installment of a multi-year, $30 billion initiative to harden federal government networks, the details of which were classified Top Secret.

And yet, upon listening to testimony at a Sept. 2008 Congressional hearing,  Rep. Bill Pascrell, (D-NJ) described the Bush administration as being “a disaster when it comes to cyber security.”

An assessment about this recent history — and go-forward recommendations — are  expected to be part of the 60-day review, the results of which Pres. Obama should receive this month.

Thus, revelation of the electrical grid infiltrations couldn’t be more timely. They add to the  urgency highlighted  in USA TODAY’s Feb. 18 story about how raids on federal computer data continued to surge all throughout 2008, as well as by Florida Sen. Bill Nelson just a couple of weeks ago (Mar. 20)   expressing his outrage that workstations in Congressional offices, including his own, remain under seige.

Wider implications

LastWatchdog conducted a Q&A of several notable experts about the wider implications of the electrical grid infiltrations :

LWD: Why have our electrical companies been so easy to infiltrate?

paulabruening_cropPaula Bruening, Deputy Executive Director of The Centre for Information Policy Leadership, Hunton & Williams LLP

The network supporting the electrical grid can be attacked directly. It also can be infiltrated by someone who has made their way in through an unsecured site and found their way along the network to the electrical grid. The networks are often thought of as hard on the outside and soft in the middle. It may take some work to get in, but once in, an attacker can make their way to where they want to go.

barmak-meftah_cropBarmak Meftah, Sr. Vice President of Products & Technology, Fortify Software

Built long before the internet, utility systems were never ready for a world full of hackers conducting a full-scale cyberwar. In this case, poorly built software opened a backdoor for America’s adversaries to paralyze national infrastructure. Utility companies need to understand the inherent risk posed by their software assets-and they don’t.”

jaychaudhry1_cropJay Chaudhry, Chief Executive Officer, Zscaler

The computers that run the energy grid may not be directly connected to the Internet, but the laptops of people working on the energy grid are likely to have been accessing the Internet. Once the user’s computer is infected with bots or spies, it can infect other computers directly or via a USB key. Conficker is a good example of a recent large botnet that infected over 12 million computers in this fashion.

All of us go to the Internet to access active, Web 2.0  content, delivered to us by Javascript,  ActiveX,  Flash, etc. The bad guys can plant malicious active content on even reputable sites.  Users get tricked into clicking on a link which downloads malicious code onto user’s computer.  The malicious code talks to its master  somewhere on the Internet and does whatever the master tells it to do.  Frequently, it downloads additional software targeted at a specific organization, such as a power company.

This is much easier than spending millions of dollars doing spying with human beings.

LWD: What other critical infrastructures are likely to have been similarly penetrated, and why?

alex-southwell_cropAlexander H. Southwell, Of Counsel, Gibson, Dunn & Crutcher LLP

Water systems, sewage treatment systems, and power generating systems, such as nuclear plants, are also vulnerable to attacks like those experienced by the electrical utilities. Financial health, and transportation systems generally work in different ways and are less coordinated, so while certainly the target of cyber-criminals, they would not be vulnerable to the same types of risk.

jeff-nigriny_cropJeff Nigriny, Program Manager, TSCP; President, CertiPath

Increased exposure arises from the fact that networks are interconnected and interdependent. An operator opening an email will enable these networks to be subject to the same attacks we read about every day, whether they are coming from state sponsored or individual hackers. The US, other governments and critical infrastructure providers have been struggling to adapt and improve under increasing demands for higher returns on invested capital.

LWD: Where does the USA stand today in the cyberwarfare arms race?

fred-langston_cropFred Langston, Global Product Manager for Global Security Consulting, VeriSign.

The bad guys are allegedly State sponsored and supported espionage and cyber warfare experts with clear objectives and goals. In other words, the toughest, most advanced threats you can be faced with.

Make no mistake, the major risk here is not about compromised identities or credit cards or any of the problems we read about daily. The activities reported on this week would indicate two unsettling activities are occurring: 1) a massive reconnaissance effort of US critical infrastructure as well as US technology companies has been underway for a long time and continues to be operating at a high level, and 2) state sponsored actors, using industry-focused, ultimately successful attacks have staged offensive cyber weapons within the Electrical System and most likely other US critical infrastructure.

The one comforting fact is that we don’t foresee that type of large scale conflict breaking out soon with these national adversaries. The major remaining risk is the currently ongoing and continual theft of intellectual property, trade secrets, scientific breakthroughs, and other information that has provided the US with a competitive advantage for over a hundred years and is slowly being stolen under our noses.

LWD: How urgent is it for President Obama to address this?

patrickpeterson_crop1Patrick Peterson, Chief Security Researcher, Cisco Systems.

The report Securing Cyberspace for the 44th Presidency states clearly, ‘cybersecurity is now a major national security problem for the United States.’  New capabilities from nuclear power to the automobile all come with risks. The use of off-the-shelf technology and networked systems provides an avenue of attack. This story and others like it are invaluable in providing the visibility and attention to catalyze necessary security improvements.

The truth is slowly coming out. I for one am hopeful that the truth will set us free. Recent federal activities are promising. President Obama’s comprehensive 60-day review of federal cybersecurity initiatives is due any day now. Senate legislation would create a White House National Cybersecurity Advisor in charge of coordinating cyber efforts within the intelligence community and within civilian agencies, as well as coordinating the public sector’s cooperation with the private sector.”

–Byron Acohido

Power line photos courtesy freefoto.com