The US Power Generation System Is Under Siege

Uploaded on 2017-08-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Being a detective means investigating and solving crimes. President Trump said about Russia’s cyber meddling in the US voting process, “No one can really know who’s doing it.”

It’s not unusual for someone not familiar with the computer industry to make such a statement. Chances are most adults would come to that conclusion, but they would be wrong. Cyber detectives within government security agencies have the tools to know whose meddling.

A cybercrime detective is no different than a burglary-crime detective; they consider motive, clues and evidence. The low-level, email-based cyber criminal tries to conceal themselves in the “From” line of an email. Those types are relatively easy to detect by looking at the hidden, detailed, return address information. However, when dealing with sophisticated cyber criminals, especially when they’re part of an elite group run by a foreign government, it requires the talents of cyber detectives.

It’s important to understand that computer code is just another language. How code is written is not that dissimilar from writing a letter. Each person has their own style: their use of certain words, where they’re placed in phrases; their use of punctuation; and their choice of verbs and pronouns. It’s their fingerprint. Further, people in different countries have distinct ways of expressing the same idea. In the United States, they say “Mom”; in the United Kingdom, it’s “Mum.” It’s tough to conceal who you are or where you’re from no matter how hard one tries; it’s part of their psychological makeup.

It’s unfortunate some people in the US government cannot grasp this concept or just don’t want to. As such, multifaceted, complex attacks by a foreign government will go completely over or blocked from entering their head, and that’s dangerous to our country.

Our society is run by computers and communication systems and, of course, requires power. An attack aimed at our power-generation infrastructure can be catastrophic. The Wall Street Journal reported that a federal analysis indicated that a coordinated terrorist strike on just nine key electric transmission substations could cause cascading power outages across the country in each of the nation’s three synchronised power networks. A loss would not only affect personal power use but also money, health and food supply, to mention just a few.

To acquire additional information a security expert working at a major power generating system in the United States was asked, “How often has your plant been probed by cyber attackers, have they been able to infiltrate your facility and who are the perpetrators?” He indicated that cyber non-web attacks occurred on average 17,000 times a day, representing 50 percent of all attacks. Add to that, 6,300, or 17 percent, blocked email web attacks, with the remaining 33 percent being crime-ware and insider or third-party misuse.

That’s a total of 34,000 attacks per day that a power system must deflect.

Surprisingly, most attacks are not through the Internet, since that path is reasonably well protected. Internet hackers must bypass multiple layers of firewalls, a difficult job. However, a remote substation working through a supervisory system not connected through the Internet may have less physical or software security, and is often an entry point. Whatever are the attacker’s intent, obviously, it was not to say hello, but rather to damage the network, to see if they could get in later or put in a “Trojan Horse” for future activation? 

Hackers used several different techniques to compromise plant computers, including fake email personnel resumes that contained malicious code. Fortunately, administrative/corporate computer systems are kept separate from operational ones.
On the more positive side, hacking in the United States is a more complex feat than in countries where their grid system is homogenous. Our power systems are diverse; no two substations are the same, and no two companies run their infrastructure the same. In countries where systems are “state run,” if a hacker finds a mistake in one place, they can probably find the same mistake somewhere else.

According to Marcus Sachs, CSO with the North American Electric Reliability Corporation, squirrels, birds and snakes may be a bigger threat to local power grids than cyber adversaries. So watch out, the little ones may inadvertently sacrifice themselves to kill your power!

Inside Sources

You Might Aldo Read: 

Russia Suspected As Hackers Breach Power Plant Systems:

Ageing Energy Systems Hold Huge Potential For Cyber Attack:

 

« Singapore’s Mounting Cyber Threats
Who Are The Shadow Brokers? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Blue Frost Security

Blue Frost Security

Blue Frost Security provides high-level IT security consulting, penetration testing services, ISO 27001 Solutions, PCI compliance solutions and training.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Security Brigade

Security Brigade

Security Brigade is an information security firm specializing in Penetration Testing, Vulnerability Assessment, Web-application Security and Source Code Security Audit.

Thinklogical

Thinklogical

Thinklogical manufactures secure, KVM, video, audio, and computer peripheral signal switching solutions for defence C4ISR applications.

CloudAlly

CloudAlly

CloudAlly provides online cloud to cloud backup and recovery solutions, which backs up daily changes in your SaaS to unlimited Amazon S3 storage and makes it available for restore or export.

CybernetIQ

CybernetIQ

CLAW by CybernetIQ is the industry's most advanced SOAR platform helping unify all cybersecurity tools under one umbrella and providing organizations faster, better and more accurate cybersecurity.

Brimondo

Brimondo

At Brimondo we help you to maximize and protect your brand value by being a proactive and strategic partner within brand protection with experts within intellectual property and digital assets.

CYSEC SA

CYSEC SA

Cysec is equipped to deliver agile security solutions for the most challenging IT infrastructures around the world.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Sprint Networks

Sprint Networks

Sprint Networks is a trusted compliance and risk program advisor which deliver cost-effective technology to reduce enterprise-wide risk.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

Winmill Software

Winmill Software

Winmill is a technology services company that provides expert consulting services in Application Development, Application Security and Cyber Security.

Securonix

Securonix

Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

ResilientX

ResilientX

ResilientX is an All-In-One Security Testing Platform designed to help MSPs and SMBs to perform their security testing and assessments without having to outsource IT.