Typically, holidays are a hot time for a serious cyberattack because offices are quiet and no one is around to monitor things. At the end of this year, however, my email account was not flooded with notifications with breaking security stories.
That’s not to say nothing was reported. A few hours after I shut off my computer for 2015 (but technically not the holiday week), I heard about the discovery of the cyberattack on a New York state dam. The attack happened two years ago, and while considered a breach by Iranian hackers, no serious damage was done, as eSecurity Planet reported:https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
The hackers are believed to have breached the dam's control system via a cellular modem. They probed the system, but didn't take control of it.
As Chris Petersen, CTO and co-founder of LogRhythm, told me in an email:
The reported breach is likely just the tip of the iceberg in terms of risk to U.S. critical infrastructure. Entities such as Iran have incredible motivation to test our defenses and prove their offensive cyber capabilities. A demonstrated ability to damage water supply systems, the energy grid, or trading floors can change the balance of influence and power. Countries and terrorist organizations do not need to possess nuclear weapons or U.S. equivalent conventional forces if they can instead disrupt the very fabric of our economy and society through cyber warfare.
Petersen is clearly on to something. Today I saw a report that a power company in western Ukraine reported a suspected cyberattack on its grid, and officials are blaming the Russians. In this case, there was a loss of power, and as Reuters reported:
If the SBU's accusations are validated by the probe, it would be the first time a specific power outage has been credibly linked to a cyberattack, said Robert Lee, a former U.S. Air Force cyber warfare operations officer.
The story highlights the very real concerns about the critical infrastructure and the level of cybersecurity protecting it. The report on the New York dam showed us there are nation-state players out there testing the water, so to speak. The story from the Ukraine reminded us just how vulnerable we all are.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba