“To me, the most terrifying form of warfare would be if there was some simultaneous cyber attack on our grid, on the banking system, and on our transportation system. That would be quite a devastating thing, and yet in theory, absent some real protective measures, that could happen.” – Wilbur Ross , U.S. Secretary of Commerce, Senate Commerce, Science and Transportation Committee, Confirmation Hearings, 1/17/2017Unfortunately, the prescient warning by U.S. Secretary of Commerce Wilbur Ross has only become more serious since 2017.
To bone up on cybersecurity and other natural and manmade disasters, search 65 years of the Journal of Civil Defense by The American Civil Defense Association (TACDA.ORG).
I am the volunteer vice president and can vouch for TACDA's deep experience in civil defense protecting American families since 1962.
Recently, much of our work, of necessity, has been learning about and presenting cybersecurity hardening options.
Two Tools to Mitigate Cyber Threats
One of the greatest myths about cyber attacks is that they only strike big companies.
That is false because big companies employ hundreds of information technology (IT) and defensive cyber operations (DCO) professionals.
Result?
They suffer business losses due to cybersecurity attacks far less frequently than smaller and mid-size enterprises.
The situation changed recently with the creation of Adlumin.
Their platforms offer tools smaller and mid-sized enterprises can employ to detect and countermand cybersecurity attacks.
If you are a larger company, possibly the best cybersecurity firm currently is Dragos.
If you have cybersecurity issues, in addition to the help those listed in the table below. be sure to contact Dragos for assistance.
There are overseas criminal organizations that work 24/7/365 to take down your business for profit.
The biggest criminal organization is the Communist Chinese Party (CCP).
The CCP uses "Unrestricted Warfare" (war by hundreds of means instead of kinetic warfare) to take down non-CCP businesses in the West.
They view it as a zero-sum game: They win if you lose.
Cybersecurity SITRP
The
question is no longer IF hackers will take aim at the power grid.
They
already have.
As one example, stories of hackers penetrating our energy sector regularly appear
in the news.
See,
for example, “Dragonfly: Western energy sector targeted by sophisticated attack
group...Resurgence in energy sector attacks, with
the potential for sabotage, linked to re-emergence of Dragonfly cyber espionage
group.” (https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group).
Or, from the New York Times: “Since
May [2017], hackers have been penetrating the computer networks of companies
that operate nuclear power stations and other energy facilities, as well as
manufacturing plants in the United States and other countries."
Among the
companies targeted was the Wolf Creek Nuclear Operating Corporation, which runs
a nuclear power plant near Burlington, Kansas ((July 6, 2017 https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html).
Enter “hacker’s + power grid” in a search engine and see just how this prior
abstract danger has become a clear and present one.Recently, U.S. prosecutors have charged three Chinese "citizens" from Guangzhou with hacking into various businesses (Siemans, Moody's, etc.) to steal their secrets. The indictments were handed down in Federal court in Pittsburgh regarding attacks for the past six years. (Click here for details.)
Given the ease with which such foreign actors prey on our systems, there is every reason to believe they can, do, and will undertake the same attacks on our power grid.
Unfortunately, the most common image of a hacker is the one created by Hollywood...usually a smart, gifted if lonely teen in his bedroom with a hankering to explore the deep recesses of the Web. (Think of Matthew Broderick in the movie WarGames.)
Unfortunately, the most common image of a hacker is the one created by Hollywood...usually a smart, gifted if lonely teen in his bedroom with a hankering to explore the deep recesses of the Web. (Think of Matthew Broderick in the movie WarGames.)
The real world of real hackers is
very different.
For
example, the Communist Chinese Party (CCP) has entire divisions in their military
devoted to hacking, discovering and exploiting American infrastructure vulnerabilities. They have a 10,000 year history of conquest using stealth and deception to exploit their enemies weakness to their benefit, and they are following this strategy to conquer the world via hacking operations carried out 24/7/365.
Their
genius is that they pair a hacker criminal, say from Hong Kong, with a
disciplined lieutenant colonel from the Red Chinese People’s Liberation Army
(PLA).
It is a variation on the old option judges would give teens in this
country: jail time or join the U.S. Marines.
The
Red Chinese version is they give the Chinese national hackers they arrest the
option of jail time or — use your hacking skills to advance the superpower
ambitions of the Communist Chinese Party.
The
Red Chinese learned decades ago it was easier to steal American technology
advances to accelerate their economic development in a spectacularly rapid
pace. They have continued this strategy in the cyberwar sphere. Their command
strategy has as its first tenant the taking down of digital capabilities in the
US.
Taking out our power grid is a primary tenant of that strategy. They prefer to take our systems down in a
digital manner without dropping one bomb or firing one bullet.
And
they are succeeding in their probing until they decide to launch the apocalyptic
cyber-attack on our energy grid.
They
are not alone. North Korea, Russia, Iran and other nations have the same plans.
“Incidents
of foreign network penetration and espionage …conducted by the Chinese
government have recently become both more frequent and more clearly
attributable to the People’s Liberation Army (PLA) rather than independent
nationalist hackers, and 33% of all cyberattacks in the third quarter of 2012
seemingly originated from China.”
This
PLA attack on our critical infrastructure was identified over five years ago
and has only increased in the intervening years.
Unfortunately,
they are not alone. There are many other nations (Russia, North Korea, Iran,
etc.) that have realized the same strategy. And they are probing and
penetrating our systems daily.
Cybersecurity — the ability to protect or defend
the use of cyberspace from cyberattacks — is a goal that requires many layers,
much creativity, and eternal vigilance.
Below I list organizations that
exercise those skills daily.
What is to be Done
In
the world of cybersecurity, given the potential harm that can be done immediately
to our entire way of life, the old reactive strategy (Think —Decide—ACT) has
been replaced by a proactive strategy (Decide—Act—Think).
The Websites below
act as the cybersecurity canary in the dark Web mine.
To be proactive, you need
a proactive toolset.
Signs of an impending cyberattack may be identified by
such entities before the actual attack starts. The organizations below will be
among those who are the first line of defense to that attack.
The good news is we have quiet professionals, cybersecurity experts, who daily countermand the cyber hackers.
The good news is we have quiet professionals, cybersecurity experts, who daily countermand the cyber hackers. They would be the first line of defense were the current probes turn into a complete attack on the power grid.
I highlight some of our canaries below.
Who Handles the Hackers — Private Sector
There
are numerous private sector companies that handle the day-to-day threat of
hacker probes and penetrations of our critical infrastructure.
Were there to be a hacker attack on the power
grid, they are the first line of defense. A few are listed below.
Organizations
|
Description
|
CyberSecure IPS
|
Provides protection against
critical infrastructure intrusion attempts and dispatches first response
teams in real-time.
|
Palo Alto Software
|
Software prevention to reduce cybersecurity risk to a
manageable degree.
|
Advanced Persistent Threat (APT) Groups and
Operations
|
The sheet is maintained by a select group of editors
and includes data of APT activity (by China, Russia, Iran, North Korea, etc.),
their tools, operations, and targets.
|
FireHOL IP Lists
|
Analyzes security IP feeds to identify cybercrime and
malware trends and data analytic tools to track unique IPs.
|
IBM X-Force Exchange
|
Exchange threat platform (malicious IP addresses, botnet
distributions) with a security intelligence blog and forum for responders to
post information on common vulnerabilities.
|
Malware Check
|
Monitors URLs for suspicious malware, virus, worm,
phishing and other activity by a search engine.
|
MalwareTech Botnet Tracker
|
Tracks active botnets by looking at their type,
geographic distribution, and unique IPs on a live map that displays every
incident and type that has occurred in the past 5 minutes.
|
Phishtank
|
Current, community based tracking of domains
connected to phishing attacks along with downloadable databases.
|
SysAdmin, Audit, Network and Security (SANS) Institute Internet Storm Center
|
Offers data and analysis on future threat hunting trends and malware threats
|
Who Handles the Hackers - Government
Just
as the private sector has organizations that will be the first line of defense
against an attack on the power grid, there are numerous government organizations
that handle the day-to-day threat of hacker probes and penetrations of our critical
infrastructure. A few are listed below.
Organization
|
Description
|
Electricity Subsector
Coordinating Council
(ESCC)
|
The ESCC serves as the principal liaison between the
federal government and the electric power sector, with the mission of
coordinating efforts to prepare for national-level incidents or threats to
critical infrastructure.
|
The National Cybersecurity and
Communications Integration Center
(NCCIC)
|
Part of the Department of Homeland Security that
would act as the central command point where the government collects and
analyzes data on the impact of any hacker attack on the power grid.
|
Department of Homeland Security (DHS) AIS (Automated
Indicator Sharing)
|
Automated indicator sharing to help government and
private sector entities exchange info on threat indicators.
|
Supervisory Control and Data
Acquisition Systems
(SCADA)
|
Software used by manufacturers, nuclear plant
operators and pipeline operators to monitor variables to monitor and diagnose
unexpected problems, such as a hacker attack.
|
The United States House
Permanent Select Committee
on Intelligence (HPSCI)
https://intelligence.house.
gov/cyber/
|
Cyber criminals, often supported by hostile
governments, are increasing their attacks on U.S. networks and American
businesses. The HPSCI acts to mitigate this growing problem.
|
The National Security
Agency (NSA)
|
Part of the
U.S, DOD, under the authority of the Director of National Intelligence, that
protect U.S. Communications networks and IT systems.
|
The North American
Electric Reliability Corporation (NERC) https://www.ferc.gov/industries/ electric/indus-act/reliability/cybersecurity.asp
|
Regulatory authority that assures the reliability and
security of the bulk power system in North America.
|
U.S. Security and
Exchanges Commission (SEC)
|
Identifies and manages cybersecurity risks and ensures
that market participants — including issuers, intermediaries, investors and
government authorities.
|
National Institute of
Science and Technology (NIST)
|
Practical, innovative security technologies and
methodologies that enhance the country’s ability to address current and
future computer and information security.
|
Fortunately, everyday there are highly gifted, very creative, and extremely skilled American cybersecurity and engineering experts manning the protective firewalls of the cloud and network-based data systems in this nation.
I know because I’ve
worked with them.
They
are well aware of the challenge. They know their duty. They are quiet
professionals as important in the cyber world as the Special Forces quiet professionals we depend
on every day are in the physical world,.
And
they deserve the same level of respect, resources and support.
#James
Dohnert, ‘Akamai study finds a third of all cyber-attacks originate from
China’, V3.co.uk, 25 January 2013,
http://www.v3.co.uk/v3-uk/news/2238996/akamai-studyfinds-a-third-of-all-cyber-attacks-originate-from-china.
For more information, see https://www.washingtontimes.com/news/2017/dec/28/electric-power-research-institute-wrong-about-powe/
And here.
For more information, see https://www.washingtontimes.com/news/2017/dec/28/electric-power-research-institute-wrong-about-powe/
And here.
The CCP is the greatest threat to our national cybersecurity. For more detail, click here.
