11 July 2017

Preparing The Cyber Space Battlefield? Suspected Russian Hackers Have Been Targeting U.S. Nuclear Facilities


WIRED.com’s senior technology writer Andy Greenberg had an article on the technology publication’s website on July 6, 2017, discussing the worrisome development that a number of U.S. nuclear facilities have recently been victimized by suspected Russian hackers. Mr, Greenberg writes that “as the world watched highly skilled hackers take down the power grid in Ukraine twice in two years, cyber security analysts reached the growing consensus that Russian hackers may be using Ukraine as a testing ground for attacks they’ll someday try [or could use] on the United States.” Reports from numerous media outlets this week have revealed that hackers have been targeting America’s electrical grid — including a Kansas City nuclear facility. But, Mr. Greenberg argues that these activities, while concerning, are nothing to panic over — “noting there’s a big difference between infecting a few machines in an energy company’s Windows machines with malware — and, grabbing the controls of a nuclear power plant.”

The Hack

“The FBI and the Department of Homeland Security (DHS) have been scrambling to help multiple U.S. energy firms and manufacturing plants, fight off intrusions from hackers,” according to reports yesterday (July 6, 2017) from the New York Times and Bloomberg News. “Most worrying,” Mr. Greenberg wrote, “the targets of those attacks have included the Wolf Creek nuclear power plant near Burlington Kansas, raising fears that the attack [hack] could not only cause widespread electrical outages; but potentially, disable nuclear safety systems.”

“But, as disturbing as the words “hack,” and “nuclear” appearing in the same sentence may be,it is important to step back,” and take a deep breath Mr. Greenberg wrote. “The severity of any industrial control system attack, depends on whether hackers managed to breach not only its traditional computer systems; but, also the far more obscure, less Internet-connected systems that actually manipulate the physical control systems. So far,” he notes, “it’s not clear how many of the hackers’ targets have been breached at all, not to mention any evidence that the attackers managed to access the targets’ actual control system networks.”

“These were business networks, not computer control systems anywhere [the] operational control systems,” said Robert M. Lee, the Founder of the critical infrastructure cyber security firm, Dragos, who told Mr. Greenberg that he had indirect knowledge of the incidents. “On the one hand, it’s concerning. On the other, it’s really far from anything near the [critical] industrial control systems.”

Who’s Behind It?

“Despite immediate suspicions that Russia may be laying the groundwork for Ukraine-style power grid attacks in the U.S., no digital fingerprints have yet tied the attacks to any specific group,” or nation-state, Mr. Greenberg wrote. But Russia, and/or Russian-linked hacking groups have certainly been causing havoc in Ukraine; and, in 2014, the cyber security firm, FireEye, a cyber-forensic company based here in the U.S., linked the malware known as Black Energy, to multiple hacks of U.S. electric utilities. FireEye ultimately linked Black Energy to a hacking group known as, Sandworm, which Mr. Greenberg wrote “is believed to be Russian, based on clues like an openly accessible server and Russian-language documents.” Mr. Greenberg added that “Sandworm would later go on to use Black Energy in intrusions against a variety of Ukrainian targets, including hacking three Ukrainian energy companies — which caused the first [known] hacker-induced blackouts.” Thus far however, these digital malcontents must have covered their digital tracks pretty well, because a definitive public determination remains elusive.

How Serious Is This?

“Any hacker probe of critical national infrastructure is troubling,” Mr. Greenberg wrote. And, “attempts to breach a target with as much potential for catastrophe as a nuclear power plant are even more serious,” he added. More worrisome, “the attacks could be another sign that Russia, or some other nation is developing the tools, and the access to hold America’s most basic [critical] infrastructure in peril,” Mr. Greenberg warned. 

“But, the attacks are a long way from the ones actually used to turn out the lights in Ukraine,” Dragos’s Mr. Lee told WIRED. “The New York Times and Bloomberg go so far as to consider the possibility that heat-dispersing nuclear safety equipment could be disabled, or that [critical] equipment could be permanently destroyed,” Mr. Greenberg wrote. “But the threat of a nuclear disaster caused by hackers shouldn’t be overblown,” Mr. Lee told WIRED. “Based on years of security assessments of critical infrastructure utilities, he admits that the notion of an “air gap” — a [digital/Internet/network, physical] separation between sensitive systems, and Internet-connected ones — is often illusory,” Mr. Greenberg wrote.”In nuclear plants by contrast , he says, that disconnection is far stricter. “In nuclear environments, they have an air gap,” Mr. Lee said. “That means that to jump from the corporate network, which these hackers reportedly probed, to the critical control systems — would be far more difficult than in other industrial facilities.”

Having said that, “none of that [what Mr. Lee said on air-gapped systems], changes the fact that attacks on U.S. power facilities represent a dangerous harbinger,” Mr. Greenberg warns. “But, Lee argues the recent incidents are still too far from actual harm to infrastructure to warrant panic, or overreaction. The hacker [induced] blackouts in Ukraine may show what’s on the horizon for the U.S. But, the future hasn’t arrived yet.”

Several things strike me about this article. For one, I could take a much more gloomier view of these hacks against our critical infrastructure, and especially our electrical grid and our nuclear facilities. As to the fact that we aren’t sure who is behind these attacks. Well, my guess is that we do know, at least beyond a reasonable doubt; but, to publicly expose our evidence would betray what few sources and methods we have left in the digital arena that haven’t already been recklessly leaked. If in fact we really don’t know, that would not be all that surprising; and, would certainly lend credence to the belief that this kind of digital hack that doesn’t leave behind any digital bread-crumbs, was likely carried out by a Tier 1 nation-state with a sophisticated offensive cyber weapons program. Having said that, we are quickly approaching a point where cyber militia and cyber patriot groups, cyber mafia’s, terrorists, and a “Dr. No’ in the cyber arena can — or soon will have the means and methods to conduct such hacks. Especially since many of the NSA’s most sensitive cyber hacking sources and methods were leaked and put up for sale online by the Shadow Brokers.

As for Mr. Lee’s assessment that air-gapped systems are harder to breach — well, that’s true; but, air-gapped, stand-alone machines, aren’t as safe as they used to be. New methods and new ways to compromise and hack into these kind of systems has undergone disruptive change — and, not for the better necessarily. Air-gapped systems just aren’t as ‘safe’ as they once were.

As to whether or not Russia is behind these hacks, well — Moscow gets my vote. Vladimir Putin is conducting an all-out assault on America and the West, as he attempts to fracture NATO, enhance and strengthen Russia’s presence in Ukraine and along NATO’s border, build military bases in the Arctic — as a potential Northwest Passage becomes a real possibility in the not too distant future — and, side with China and Iran to check U.S. influence and stature in the Middle East, Eastern Europe, and elsewhere. Vladimir Putin isn’t our friend. The caution of course of fingering Russia too quickly for these hacks — is the fact that the offensive cyber domain is full of denial and deception, false flags and false trails, and truly is — a digital wilderness of mirrors.

Finally, to the point that we shouldn’t panic because these hacks appear on the surface to be limited — well, if I were really sick and twisted, and devious — that is exactly what I would want you to think. While I have your attention with these relatively limited intrusions, I am digitally mapping the cyber landscape and completing a holistic diagram of the U.S.’s national critical infrastructure ecosystem — so that when push comes to shove — and, I need to cripple a U.S. economy and military that is network dependent to a large degree, as opposed to network enabled…..then I have the cyber offensive game-plan, on what, who, where, and how, to bring down America’s network. Of course, there are many other ways to cause such digital havoc, with the vulnerability of our undersea cables, and/or, our overhead satellite constellation. And then, there is the potential to detonate a nuclear weapon in space and cause an electro-magnetic pulse (EMP) blackout across the U.S. The bottom line to all this is — it is very difficult to play cyber defense; and, anything connected to the Internet-of-Things, — even air-gapped systems — aren’t safe. Remember, the best cyber hackers and thieves, spies, etc., haven’t been caught yet. And, it is the second digital mouse that ‘always’ gets the digital cheese.

No comments: