Posted on | April 9, 2009 | 4 comments
The Wall Street Journal’s scoop that Chinese and Russian cyberspies have established deep footholds inside the networks that control the U.S. electrical grid ties directly into the 60-day review of U.S. cybersecurity policy due to be delivered any day to the White House.
Proving investigative journalism is still viable, WSJ reporter Siobahn Gorman cajoled unnamed U.S. intelligence officials to describe how cyberspies have mapped the on-off controls for major sections of the U.S. power grid, and downloaded backdoors enabling them to gain remote control, as needed. Gorman reports that thisÃ‚Â puts the Russians and Chinese in position toÃ‚Â manipulate — or even destroy — U.S. electrical infrastucture, if and when it fits their respective strategic needs.
Intelligence officials told Gorman there is no indication the Russians or Chinese would want to so disrupt the USA — just yet. But if this doesn’t make it clear to the general public thatÃ‚Â our rival superpowers are off and running hard in the cyberarms race, nothing will. Meanwhile the U.S. is still in the lockerroom.Ã‚Â At this point in time, cyberwarfare for all intents and purposed continues to be waged “asymetrically” — one way — against the U.S.
Mounting infiltrations since 2003
Gorman’s story follows on the heels of this Feb. 12 Associated Press report about 67 computers going missing from the Los Alamos Nuclear Weapons Lab. Other recent stories tell how hackers broke into the Federal Aviation Administration, the Department of Defense and NASA.
TheseÃ‚Â developments in 2009 come off a foundation of strategic, asymetrical attacks launched at the USA since 2003. That’sÃ‚Â when the Chinese were caught executingÃ‚Â Titan Rain, a slick, extensive wave of infiltrations of networks at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal and NASA. AsymetricalÃ‚Â attacks continued in 2006-2007 with infiltrations ofÃ‚Â the Department of Commerce, the Pentagon and the Navy War College.
Meanwhile, the Bush Administration focused on waging troops-and-armaments ground wars in Iran and Afghanistan. This led Gen. James Cartwright, commander of the Strategic Command, to warn in a February 2007 speech at the Air Warfare Symposium in Florida, thatÃ‚Â U.S. cyberwarfare strategy was disjointed;Ã‚Â with few links between key agencies, such as the National Security Agency and the Naval Network Warfare Command.
In March 2007, President Bush finallyÃ‚Â announced a $7.3 billion plan, the first installment of a multi-year, $30 billion initiative to harden federal government networks, the details of which were classified Top Secret.
And yet, upon listening to testimony at a Sept. 2008 Congressional hearing,Ã‚Â Rep. Bill Pascrell, (D-NJ) described the Bush administration as being “a disaster when it comes to cyber security.Ã¢â‚¬Â
An assessment about this recent history — and go-forward recommendations — areÃ‚Â expected to be part of the 60-day review, the results of which Pres. Obama should receive this month.
Thus, revelation of the electrical grid infiltrations couldn’t be more timely. They add to theÃ‚Â urgency highlightedÃ‚Â in USA TODAY’s Feb. 18 story about how raids on federal computer data continued to surge all throughout 2008, as well as by Florida Sen. Bill Nelson just a couple of weeks ago (Mar. 20)Ã‚Â Ã‚Â expressing his outrage that workstations in Congressional offices, including his own, remain under seige.
LastWatchdog conducted a Q&A of several notable experts about the wider implications of the electrical grid infiltrations :
LWD: Why have our electrical companies been so easy to infiltrate?
Paula Bruening, Deputy Executive Director of The Centre for Information Policy Leadership, Hunton & Williams LLP
The network supporting the electrical grid can be attacked directly. It also can be infiltrated by someone who has made their way in through an unsecured site and found their way along the network to the electrical grid. The networks are often thought of as hard on the outside and soft in the middle. It may take some work to get in, but once in, an attacker can make their way to where they want to go.
Barmak Meftah, Sr. Vice President of Products & Technology, Fortify Software
Built long before the internet, utility systems were never ready for a world full of hackers conducting a full-scale cyberwar. In this case, poorly built software opened a backdoor for America’s adversaries to paralyze national infrastructure. Utility companies need to understand the inherent risk posed by their software assets-and they don’t.”
Jay Chaudhry, Chief Executive Officer, Zscaler
The computers that run the energy grid may not be directly connected to the Internet, but the laptops of people working on the energy grid are likely to have been accessing the Internet. Once the user’s computer is infected with bots or spies, it can infect other computers directly or via a USB key. Conficker is a good example of a recent large botnet that infected over 12 million computers in this fashion.
This is much easier than spending millions of dollars doing spying with human beings.
LWD: What other critical infrastructures are likely to have been similarly penetrated, and why?
Alexander H. Southwell, Of Counsel, Gibson, Dunn & Crutcher LLP
Water systems, sewage treatment systems, and power generating systems, such as nuclear plants, are also vulnerable to attacks like those experienced by the electrical utilities. Financial health, and transportation systems generally work in different ways and are less coordinated, so while certainly the target of cyber-criminals, they would not be vulnerable to the same types of risk.
Jeff Nigriny, Program Manager, TSCP; President, CertiPath
Increased exposure arises from the fact that networks are interconnected and interdependent. An operator opening an email will enable these networks to be subject to the same attacks we read about every day, whether they are coming from state sponsored or individual hackers. The US, other governments and critical infrastructure providers have been struggling to adapt and improve under increasing demands for higher returns on invested capital.
LWD: Where does the USA stand today in the cyberwarfare arms race?
Fred Langston, Global Product Manager for Global Security Consulting, VeriSign.
The bad guys are allegedly State sponsored and supported espionage and cyber warfare experts with clear objectives and goals. In other words, the toughest, most advanced threats you can be faced with.
Make no mistake, the major risk here is not about compromised identities or credit cards or any of the problems we read about daily. The activities reported on this week would indicate two unsettling activities are occurring: 1) a massive reconnaissance effort of US critical infrastructure as well as US technology companies has been underway for a long time and continues to be operating at a high level, and 2) state sponsored actors, using industry-focused, ultimately successful attacks have staged offensive cyber weapons within the Electrical System and most likely other US critical infrastructure.
The one comforting fact is that we don’t foresee that type of large scale conflict breaking out soon with these national adversaries. The major remaining risk is the currently ongoing and continual theft of intellectual property, trade secrets, scientific breakthroughs, and other information that has provided the US with a competitive advantage for over a hundred years and is slowly being stolen under our noses.
LWD: How urgent is it for President Obama to address this?
Patrick Peterson, Chief Security Researcher, Cisco Systems.
The report Securing Cyberspace for the 44th Presidency states clearly, Ã¢â‚¬Ëœcybersecurity is now a major national security problem for the United States.’Ã‚Â New capabilities from nuclear power to the automobile all come with risks. The use of off-the-shelf technology and networked systems provides an avenue of attack. This story and others like it are invaluable in providing the visibility and attention to catalyze necessary security improvements.
The truth is slowly coming out. I for one am hopeful that the truth will set us free. Recent federal activities are promising. President Obama’s comprehensive 60-day review of federal cybersecurity initiatives is due any day now. Senate legislation would create a White House National Cybersecurity Advisor in charge of coordinating cyber efforts within the intelligence community and within civilian agencies, as well as coordinating the public sector’s cooperation with the private sector.”
Power line photos courtesy freefoto.com