The threat of a devastating cyber attack against critical U.S. infrastructures is increasing as nation states and non-state hackers target this key U.S. strategic vulnerability.
That is one of the key findings contained in the Department of Homeland Security’s four-year Quadrennial Homeland Security Review made public this week.
The vulnerability of the electrical grid, specifically, is growing. Blackouts and other electrical disruptions increased by more than 140 percent since 2007, most from weather-related outages. Many other outages were the result of “system operations failures, and reliability issues are emerging due to the complex issues of retiring older infrastructure,” the report said.
“Critical infrastructure owners and operators also continue to experience increasingly sophisticated cyber intrusions, which provide malicious actors the ability to disrupt the delivery of essential services, cause physical damage to critical infrastructure assets, and potentially produce severe cascading effects,” the report states.
Additionally, the dangers to critical infrastructure – including the electrical grid, transportation, finance, and other critical networks – are increasingly vulnerable to cyber attack due to the increasing digitization that has blurred the lines between cyber and physical infrastructure components. Infrastructures also have become more reliant on each other, increasing their vulnerabilities to cyber attack.
The electric grid and related infrastructure is often viewed by specialists as the most important of the critical infrastructures because all others are dependent on it.
An Energy Department-sponsored report published in the fall of 2013 warned that the U.S. power grid is vulnerable to catastrophic disruption by nation states like China and North Korea, terrorist groups like al Qaeda, and non-state criminals.
A cyber attack on the U.S. power grid’s Distributed Energy Resource Management System (DERMS), which manages requests and commands for the power system, would damage transformers that are costly and difficult to replace, the report, “Electric Sector Failure Scenarios and Impact Analyses” said.
In 2009, U.S. intelligence agencies detected cyber intrusions by sophisticated states, including state-linked hackers from China and Russia.
Critical infrastructures in the United States also are in urgent need of modernization. DHS estimates the funding gap for electrical infrastructure improvements alone will reach $100 billion by 2019.
The congressionally mandated, 104-page quadrennial review is vague and short on specific examples of cyber threat actors. It makes no mention of the aggressive cyber operations of China, Russia, and Iran – key cyber threats that have conduct severe and costly cyber intrusions for more than a decade. Other known cyber attackers, such as the anarchist group Anonymous and terrorist hackers like the Syrian Electronic Army also get no mention.
The lack of specific threats and examples in the report comports with the Obama administration’s reluctance to highlight cyber and other threats as part of its policies that critics say is focused on ignoring dangers while pretending globalization is creating a more benign global geopolitical environment.
Cyber threats come second in the security review to the evolving threat of terrorism and the danger that terrorist groups will bring international jihad directly inside the United States, with bombings and other attacks.
“Growing cyber threats are significantly increasing risk to critical infrastructure and to the greater U.S. economy,” the report said.
Biological and nuclear terrorism, pandemics, transnational crime, and natural hazards are lesser potential threats.
On cyber threats, the report notes that 2 billion people currently operate at least 12 billion computers and other electronically linked devices from phones to data routers to industrial control systems that create new dangers and vulnerabilities along with their benefits.
Malicious cyber actors are increasing in both numbers and sophistication in seeking to utilize these vulnerabilities and that has boosted the threat to critical infrastructures. Targets of cyber theft include financial information, intellectual property, trade secrets, and other sensitive information.
“Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services,” the report said.
Cyber crime also is increasing. It includes production and distribution of child pornography and child exploitation conspiracies, banking and financial fraud, intellectual property violations, and other crimes that produce substantial negative consequences.
Defending against these threats is difficult because of the ease of conducting attacks globally, and the growing links between digital and physical networks, along with the complexity of the networks.
Critical infrastructure “is increasingly subject to sophisticated cyber intrusions that pose new risks,” the DHS report says.
“As information technology becomes increasingly integrated with physical infrastructure operations, there is increased risk for wide scale or high-consequence events that could cause harm or disrupt services upon which our economy and the daily lives of millions of Americans depend,” the report says.
DHS, the lead agency for domestic infrastructure cyber protection, has been trying to work with private sector infrastructure owners to deal with the threats.
Critics say the agency, while authorized, lacks the resources and expertise in the area of cyber security in a field dominated by the National Security Agency and increasingly the U.S. military, which is responsible for dealing with cyberwarfare attacks – something yet to be clearly defined.
The Justice Department investigates cyber crimes and conducts cyber counterintelligence through the FBI and is the lead agency for collecting, analyzing and disseminating cyber threat information – something that continues to remain a major problem as the FBI for decades has remained a secrecy-obsessed organization that has failed to properly share its data with both the government and private sector.
According to the report, DHS is working on a real-time threat awareness system that is described as similar to producing regular “weather maps” for the cyberspace threat environment.
“These situational awareness capabilities will support cyber infrastructure that — much like the human immune system — will be smart enough to detect, adapt to, and defend against new threats with sufficient resilience to continue operating while under attack,” the report says. “Further, this situational awareness will support a common operating picture for cybersecurity that will provide cyber event information, and serve as a resource for all of government and industry.”
The objective will be to provide data at “machine speed” that will block threats in milliseconds rather than hours or days.
DHS also plans to bolster the cyber security of current aging and failing infrastructure as new digitized and networked equipment replaces outdated gear.
— Bill Gertz
June 21, 2014