What Does a Windstorm in Wyoming Have to Do with Cyber Security?

Natural disasters serve as excellent examples of the unforeseen consequences that a cyber-attack against infrastructure will have. Take for example a strong windstorm in Wyoming in February 2017. The storm knocked down power lines, forcing water and sewage treatment plants to operate on backup generators, which weren’t available to some of the pumps that moved sewage from low-lying areas to higher ground. As a result, the sewers backed up after the weather continued to prolonged the outage. While government officials tasked with disaster planning have long focused on the cascading effects of power outages from natural disasters, only recently have they realized the effects of cyber warfare could be quite similar.

Cascading Effects

Earlier this year, the U.S. Naval War College held a war game to examine the effects of cyberattacks on critical infrastructure. The result was that “cross-sector dependencies on electricity, transportation, and wastewater systems made significant attacks on these sectors exponentially more deleterious.”

A review of disaster planning research can give examples of the way prolonged power outages could drive consequences few would consider.

Imagine a hypothetical DDoS attack shuts down a major urban water system. Many of the controls used to cool various systems rely on water. If water cannot be pumped, these systems might turn to backups, which might be limited. That could lead to both a power outage, and a telecommunications outage. That, in turn, would lead to diminished cell phone and internet traffic.

[You might also like: Cyber Security Predictions]

Nearly 70 percent of the food Americans eat passes through a vast network of refrigerated warehouses. With no power and no communications, the logistics teams would have no way to keep their products cool and no way to coordinate delivery to other warehouses.

Attacks on infrastructure aren’t just a mere hypothetical. Just last year, dozens of U.S. utility companies were compromised to such an extent that the hackers could have shut them down. In the Ukraine, hackers disrupted the power grid two years in a row, causing hundreds of thousands to lose power.

Who Would Do Such a Thing?

Infrastructure operators can be victims of hackers facing any number of motivations, including money, politics or vandalism. The biggest motive for cyberattacks over the past few years has been financial gain – with profit in mind, companies that most likely have the cash to pay ransoms are typically the target. However, there are strong indications that bigger and more organized actors have probed U.S. nuclear power plants, a dam in New York and a network that sits at the center of the global banking system.

[You might also like: Pandora’s Box: Auditing for DDoS Vulnerabilities, Part I]

Fear of retaliation is likely the best explanation for why a major attack hasn’t occurred. Attackers might want to shut down a major power grid in a target country, but the possibility that the same attack or worse could be perpetrated against them acts as a deterrent. Even more concerning is the threat that cyber-sniping could lead to conventional warfare.

A Stronger Defense

Modern society is built around connected infrastructure services. At the end of the day, the complexity and security of our infrastructure, and its interdependence with other systems, requires close attention — more than it has gotten until now.

The demands of business have translated to infrastructure networks that are no longer closed loops, as they were a decade ago. Companies can now gain access to data analytics to constantly measure and optimize machinery performance, saving time and money. And while these advances have certainly resulted in clear gains, they have opened up new attack vectors for malicious attackers.

Just as we’ve seen with countless examples of consumer IoT devices being hacked, when connected technology is introduced to devices and security is left out of the equation, the consequences can be harsh. We must ask ourselves whether we are truly able to protect transportation systems, our financial sector and other critical infrastructure from cyber threats.

Read “2017-2018 Global Application & Network Security Report” to learn more.

Download Now

Related:

A New Cyber-Attack Against the Power Grid Concerns the FEDS

According to CBS News a well known cyber security firm is reporting a new wave of cyber-attacks against the American energy sector. Hackers … code-named DRAGONFLY … first surfaced in 2011 … then went underground. NOW…THEY ARE BACK.

Cyber-attacks against the American energy sector and American infrastructure in general are nothing new. There has been growing concern over the past 10-15 years by government officials about this type of attack and a number of attempts have been made. Even the popular movie “Live Free or Die Hard” focuses on the idea of a “fire sale” – which is an all-out cyberwarfare attack on computer infrastructure, named such as “everything must go”.

What’s the difference between this new wave of cyber-attacks and the original round in 2011?

The original attacks, called “Dragonfly” where originally exposed by a number of researchers in 2011 and 2012 and created a quiet period following attempts to compromise the U.S. Power Grid and other vital infrastructure.

While the new group, called “Dragonfly 2.0” uses many of the means of the original it appears that they are having more success with newer tools to breech computer networks. In fact, disruptions to the Ukraine’s power system in 2016 were attributed to cyber-attack causing power outages that effected hundreds of thousands of people.

Other reports show of compromise by hackers of the companies that manage nuclear facilities in the U.S. including an attempt on Wolf Creek Nuclear Operating Corporation just 2 months ago.

What would be the consequences of a successful cyber-attack against energy infrastructure?

In a very basic sense an attack could result in outages like what happened in the Ukraine creating blackouts in American cities. As we have seen in the past 10-20 years major blackouts cause a lot of disruption disabling traffic control systems, airports, businesses and other infrastructure. A prolonged blackout can disable water and sewage infrastructure, cause problems in the availability of food due to lack of refrigeration and transportation. This is only the start.

If a hacker was able to breach systems in a nuclear facility there is a potential to trigger a meltdown and other catastrophic failures within the power plant.

Why is it so difficult to secure the power grid against cyber-attack?

The power grid in the United States is a compiled set of systems using different types of computers. Various times of implementation, different operating systems and hardware has been made to work together. The issue is that what would secure one system may not work for another and the weakest “link” in this chain can compromise everything else. Add to this that many facilities, generators, delivery systems and other components are run by different companies each with its own approach to cyber-security and you have a system that requires many different approaches to secure.

William (Bill) Sikkens has been a technology expert for KXL on the Morning Show with Steve and Rebecca since 2014. With an expertise in I.T., cyber security and software design he has had more than 20 years’ experience with advanced technology. Sikkens conceptualizes and designs custom applications for many professional industries from health care to banking and has the ability to explain the details in a way all can understand.

Got a technology question or comment for Bill? Follow him on Twitter @sikkensw

Related:

The UPS service is about to perform final shut down.

Details
Product: Windows Operating System
Event ID: 5153
Source: System
Version: 5.0
Symbolic Name: APE2_UPS_POWER_SHUTDOWN_FINAL
Message: The UPS service is about to perform final shut down.
   
Explanation

The UPS battery is low, probably because of an extended power outage.

   
User Action

No action is needed. The system will start automatically when the power is restored.

Related: