In their earliest incarnation, cyber attacks were relatively harmless. As NATO Review Magazine points out, one of the first worms to infect computers occurred in 1988. Called The Morris worm, the intrusion would slow down the computers it infected. The bug was a supreme nuisance, though its creator – Robert Tappan Morris – was hardly a criminal mastermind. At the time, Morris was a computer scientist whose motivation for developing the bug was to see for himself how large the Internet was. The U.S. Government didn’t consider that an acceptable answer, and ended up charging him in 1990 with a violation of the Computer Fraud and Abuse Act of 1986.
“Morris released into INTERNET, a national computer network, a computer program known as a ‘worm,'” stated the case against Morris. “We … find that there was sufficient evidence for the jury to conclude that Morris acted ‘without authorization.'”
Morris’ career hardly suffered as a result – today he’s a teacher at MIT. But that was the late 80’s, and it’s a massive understatement to say the times have changed. When it comes to cyber crime, it would be more apt to say that in the past 10 to 15 years, there has been a titanic shift. Hackers no longer meet the profile of Robert Morris – academics whose curiosity leads them to questionable tactics. Instead, the cyber criminal of today is a career criminal with the ability to do real harm. Twenty years ago, computer hacks slowed down computers. Today, they threaten to jeopardize the Western energy infrastructure.
Cyber crime as terror threat
The notion of advanced targeted attacks are something we’re going to have to get used to. In such a scenario, criminals hone in on a specific target, develop an attack strategy based on their target’s unique characteristics, and ultimately carry out a highly robust intrusion that’s exceedingly difficult to stop. The much-publicized Sony hack revealed to the world just how capable hackers are of toppling an otherwise well-guarded business. When hackers made their way into the movie studio’s network, they succeeded in grinding it to a complete halt, paralyzing the studio’s phones and email accounts and forcing staffers to resort to pens and paper. In an instant, a well-organized hacking collective had succeeded in sending a massive company back to the pre-computer age. It was a clear wake-up call for all businesses out there.
But if cyber security experts are right, then the Sony hack is only the tip of the iceberg as far as the growth of cyber threats is concerned. Recently, as The Telegraph reported, NSA veteran chief General Keith Alexander warned of a much scarier cyber attack prospect than the Sony intrusion: a terroristic attack on our energy supply.
“The greatest risk is a catastrophic attack on the energy infrastructure. We are not prepared for that,” Alexander said at a private dinner event in Texas.
Once an expert advances the idea that something as centrally important as our Western energy infrastructure is susceptible to attack, a flurry of questions arise. Chief among them: How would an attack like this happen? And what would the repercussions of such an incident be?
The first thing to understand about an attack on energy infrastructure is that it likely wouldn’t be the work of a single hacking group. Instead, it would probably be the undertaking of hackers backed by the states of various countries. In terms of hacking prowess, countries with advanced capabilities stand as formidable conductors of cyber crime at the highest level. What this means is that within these countries, the infrastructure, cyber criminal talent and resources exist to launch advanced attacks in the cyber realm. To a certain extent, this is already happening. As Alexander pointed out, there are efforts underway by various state-endorsed hacking collectives to make away with advanced technology. But a far more serious incident could be in store if, for instance, refineries and electric grids are attacked. And that possibility is far from being remote.
In August 2012, Iran cyber criminals carried out a targeted attack on a Saudi Arabian oil giant, Saudi Aramco. The attack left the company with many missing emails and documents, and succeeded in escalating tensions between countries. This kind of attack highlights the growing problem of country to country attacks. So is the United States prepared?
Looking at the state of critical infrastructure cyber security in the U.S.
Is our critical infrastructure critically secured? This is the question that needs to be asked in a time when attacks on it are becoming a real possibility. According to a Trend Micro report entitled “The State of Cybercrime in Critical Infrastructure in the Americas,” there were two critical infrastructure attacks in 2014 that affirmed the dangerous potential of such intrusions to lead to potentially catastrophic repercussions:
- In 2014, “Energetic Bear”, a collective of Russian hackers, decided to launch an attack against energy sector companies in the U.S. The way that the group evaded detection was by leveraging a new and previously unseen malicious strain called Havex. The virulence of this malware enabled the attackers to breach the control systems of their victims. Havex does efficient work of stealing sensitive information and efficiently sending it back to the criminals who want it.
- That same year, a group of cyber attackers scoped out and planned to attack a German steel plant. In order to get the initial foot in the door, the hackers carried out a spear-phishing campaign. This relatively simple tactic enabled them to gain access to the company’s network via individuals who opened the malicious messages. This entrance subsequently permitted them access to highly privileged systems like the company’s production network. The attack came with frightening consequences. First of all, various control components of the operation began failing. But that wasn’t the worst part. As a result of the hacker-induced equipment failures, operators of a blast furnace were temporarily unable to shut it down when they needed to. The fact that the power to shut off a blast furnace was out of their hands is terrifying. It shows that hackers can use cyber attacks to wield physical power over potentially dangerous machinery.
The networks comprising our critical infrastructure are channels that play a pivotal role in day-to-day life. After all, the dispersal of, for instance, natural gas across a specific area can be traced to a computer system. If that system is commandeered by hackers, the entire region being serviced will feel the impact of that. At this point, there needs to be a more focused effort on the part of nations to guard their critical infrastructures virtually.
A significant part of preparedness for this will involve information sharing. When it comes to critical infrastructure security, there needs to be a shared knowledge pool that different officials and countries can draw from in order to combat threats. With hackers working collectively to develop new and more refined malicious strains, the need is greater than ever for countries to adopt a meaningfully collaborative approach to critical infrastructure protection. Without such an approach in place, cyber criminals are guaranteed to take advantage of this in order to carry out the same attacks on many different targets.