US Secretary of Defense Leon Panetta has warned of cyber attacks that target critical infrastructure since October 2012.
The country is vulnerable to foreign computer hackers who are capable of dismantling a power grid, transport system, financial and government networks.
He spoke on the imminent dangers of a “digital Pearl Harbor” involving cyber attacks that can cause massive physical damage to the real world.
In 2007, the US government demonstrated how hackers could take down an entire power grid with just 21 malicious code lines in cyber attacks that remotely physically destroyed a generator.
Many dismissed the technique as far-fetched, but believe it or not, hackers don’t need to do much to sink any area they want into darkness. All that’s required is the deployment of malware.
Stuxnet: The First True Cyberweapon
The 1945 atomic bomb detonated by the United States changed the world forever.
It wasn’t until 2009 when a completely new kind of weapon was launched in the form of malware.
Stuxnet was the first ever malware to remotely attack the real world and cause physical damage, particularly to the computers that controlled Iran’s Natanz nuclear facility that led to massive outages and power disruptions.
The Blackout: Ukraine’s Power Plant Hack
The Ukraine blackout is partly attributed to the BlackEnergy malware, which led to the takedown of at least two Ukrainian power companies.
Prykarpattyaoblenergo and Kyivoblenergo power plants fell victim to cyber attacks and telephone denial-of-service or TDoS attacks against the electric utilities’ call centers were executed to prevent customers from reporting the issue consequently prolonging the outages.
Other than the Stuxnet attack and Ukraine incident, there are very few incidents of cyber attacks that have caused havoc beyond the digital world.
Security experts and researchers acknowledge the reality of the threat, but it is clearly something that many have not come to fully understand.
These cyber attacks are generally under the radar, since they don’t really involve stealing personal data unlike breaches.
Despite this fact, critical systems remain highly vulnerable.
Critical infrastructure attacks don’t happen very often, but the possibility of being hit is not something to be taken lightly.
Importance of Critical Infrastructure Protection
The critical infrastructure systems we rely on include the power grid, oil and gas facilities, water utilities, including the manufacturing sector, which are altogether faced by cybersecurity threats.
Cyber attacks on these vital assets have a serious debilitating impact on national public health or safety and economic security.
Reminiscent of the 2003 Northeast blackout in America, a massive power outage could put the lives of entire populations in danger.
The Stuxnet case demonstrated the efficiency of modern cyber attacks, utilizing a malicious code as a weapon which was designed to spread in a virtual environment.
The blackout was enough to refocus attention on critical infrastructure security worldwide, as it became known that any nation’s most sensitive infrastructures could be the next target at any given time.
Threat actors include cybercriminals, nation-state hackers, cyber terrorists, and hacktivists who target critical infrastructure that are mostly directed at the core of civil nuclear facilities.
Thus, it’s essential for companies to review their IT systems in its entirety from top to bottom to make certain that all points of access are secured leaving no unprotected entryway.
Information security expert Meredith Patterson stated that messing with the temperature somewhere in a natural gas plant to set a plant on fire becomes remarkably easy.
Panetta stresses how improved defenses alone won’t suffice, but the state must take pre-emptive action to counteract cyber attacks.
This sounded the alarm for critical infrastructure protection, which serves as a pillar of cyber strategy within any government.
Cyberspace has been declared a warfare domain, recognized as the fifth domain so that the military alliance can respond with conventional weapons if cyber attacks arise for optimal protection of cyber assets.