UPDATED 23:03 EDT / JULY 24 2018

INFRA

Report: Russian hackers have gained access to utility company control rooms

Russian hackers have gained access to control rooms in U.S. utility companies where they could have caused blackouts, according to a report from the Wall Street Journal.

Citing sources from the U.S. Department of Homeland Security, the Journal claimed Russian hackers, who allegedly work for a state-sponsored group identified as both Dragonfly and Energetic Bear, broke into supposedly secure “air-gapped” isolated networks owned by utilities by hacking third-party providers that had relationships with the utility companies.

Although the hackers apparently did nothing untoward with their access, Ofer Moar, director of security strategy at Synopsys Inc., told SiliconANGLE that it’s clear the ability to shut down a country’s electricity can be a useful weapon during conflicts.

“There are two parallel drivers which accelerate these attacks,” he explained. “The first one is the advancement in technology of industrial control systems. Older systems tend to be simpler and offer less (if any) remote control over them. The new industrial control systems are all designed to be networked and controlled remotely, which of course opens them up to attackers.”

The second one is more skilled and motivated hackers, whether they’re nations or organized crime. “Imagining an attack that causes blackout is simple, but imagine a case where a vulnerability in a power plant control system can be used to bypass load limitations, driving the power plant to overutilization leading to an explosion, or reversing a sewer pump to overflow sewers across an entire city,” he said.

Steve Durbin, managing director of the Information Security Forum, shared similar concerns, saying that the potential impact of inadequately securing industrial control systems can be catastrophic, with lives at stake, costs extensive and corporate reputation on the line. “As a result, senior business managers and boards are encountering growing pressure to improve and maintain the security of their organization’s ICS environments,” he said.

Many ICSs are now interconnected with enterprise IT or external networks and are becoming increasingly attractive targets for attackers,” he explained. “Physically, ICS need protection from unauthorized access, interference and damage. But ICS-related information (e.g. commands to control machinery, critical monitoring data and user access credentials) also requires protection as it is key to their operation.”

Phil Neray, vice president of industrial cybersecurity at CyberX Inc., said there’s a lesson from the story: “It’s dangerous and reckless to assume that Russian cyberreconnaissance can be discounted because no one has actually turned off the power yet,” he said. “It’s clear that our adversaries now have direct access to hundreds or potentially thousands of systems that monitor and control our electrical grid, and they’ve vacuumed up all kinds of sensitive information to help them plan their attacks.”

So now, he said, “it’s only a matter of political will — and desire to test our red lines — that’s holding them back from throwing the switch. The potential consequences would be dramatic, ranging from human safety issues to a temporary shutdown of our entire economy.”

Chris Morales, head of security analytics at Vectra Networks Inc., told SiliconANGLE that it’s time for ICS operators to act on security.

“Security teams need full knowledge of connected and interconnected assets, configurations, and the integrity of communications to successfully protect critical infrastructure,” Morales said. “Manually monitoring network devices and system administrators presents a challenge to resource-constrained organizations who cannot hire a large security team. Large teams of security analysts must perform the manual analysis required to identify attacks or unapproved behaviors within an ICS-regulated environment.”

But Morales added that automation will be ever more important. “It is crucial to have visibility inside the network that can adapt to the dynamics of growth and change,” he said. “Organizations also need technology that automates the real-time analysis of communication, devices, administrators, and human behaviors on a converged network to detect intentional attacks or unintentional consequences.”

Photo: Libreshot

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU