It’s been a while since I’ve talked about the security risks to the critical infrastructure that keeps our country (and the world) operating. However, a recently discovered malware threat could crash that infrastructure, and it is believed this malware is what took down Ukraine’s power grid late last year. As The Hill reported:
Security firms ESET and Dragos revealed the malware, dubbed “Crash Override” or “Industroyer,” this week. According to the researchers, the malware is only the second to be tailored to industrial control systems and developed and deployed to be disruptive — the first was the Stuxnet virus that ravaged Iran’s nuclear program years ago.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
What makes this malware so dangerous, ESET senior malware researcher Anton Cherepanov was quoted saying in eSecurity Planet, is its ability to control substations on the electrical grid. And the protocols used for that infrastructure carry over to other vital utilities.
Part of the problem is that security was never baked into the networks that run the power grid and other utilities, and many of those industrial systems are also outdated, adding another layer of risk, as CNET reported:
The issue with the computers running our critical infrastructure is that they're easy to hijack if you can break into the network they're on, experts said. With a lifespan of 25 to 35 years, they're not updated often and don't get replaced for decades, said Galina Antova, co-founder of industrial security company Claroty.
We know that cybercriminals are targeting old, outdated systems and software. We know that they have the ability to take down chunks of the internet with DDoS and malware attacks. Hacks into the election system show that cybercrime isn’t all about financial gain, but about gaining control and manipulation. It’s about power, and I don’t mean the utility kind.
I agree with what Michael Shalyt, CEO with industrial cybersecurity startup APERIO Systems, said in an email comment:
Make no mistake. Attacks on the digital systems that control physical critical infrastructure systems are dangerous. But existing failsafe mechanisms can mitigate damage from these hacks. What worries me is what happens when hackers directly attack physical systems themselves? What happens when attackers figure out that manipulating data crucial to decision-making can result in catastrophic damage – not just turning off the lights for a few hours? The seeds of the threat are sown and the price of failure is clear. The question is: What will we see first, a massive outage that endangers millions, or a massive effort by government and industry to counter these threats?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba