Monday, August 06, 2018

Wall Street Journal reports administration scurrying now over cyber threats to power grids, which could involve home or small business users as honeypots

In early July, I happened to log on to my Dominion Power account to try to pay a bill, and got a bizarre error from the website.  The next day it worked, but maybe that’s a preview to the substance of this Wall Street Journal article by Rebecca Smith, “U.S.Steps Up Grid Defense: To fight cyberattacks on critical utilities, officials push for stronger penalties,” Online, the article is quite high profile (though with a subscription paywall) and illustrated.

The main threat seems to be that foreign hackers (Russia, China, Iran, North Korea, possibly radical Islam) get access through suppliers or small utilities, who then trade software across “air gaps” with thumb drives.  Despite the air gap from the public Internet, the security environment for major electric utilities and for grid companies (for the three major grids) is very complicated and could be breached. Small utilities and suppliers don’t have the advanced security to protect themselves from state hackers.

Another threat seems to be corporate and even home routers, which seem to be a set of “mouseholes” for malware to hide. 

The article suggests that malware (like Dragon Fly or Energetic Bear) could be hiding in utility control systems called SCADA (which, to be emphasized, aren’t directly accessible from your computer or phone). There are reports that this malware has lived on some utilities' systems since 2012. 

The article suggests that Spear-phishing, watering hole attacks on trade websites, or airgap crossing are the main methods.

The article even goes so far to as to suggest that the government is concerned about mass internal migrations should a protracted regional power failure occur (the August 2003 failure in the northeast lasted about a day).

Do ordinary users at home add to the risk?  Possibly, through home routers (which should be turned off and back on occasionally so the security updates take hold, although large cable companies probably do this anyway).  Another possibility that got mentioned shortly after 9/11 and forgotten was steganography, where instructions for terror attacks or malware are placed on innocuous amateur sites. Another possibility would be to place criminal malware like child pornography on sites to try to fame ordinary civilians, as an intimidation tactic from foreign enemies.  So far the closest that has happened has been occasional defacing of a few websites (like random restaurants) or Sony.  (There had been scattered reports (as far back of 2013) of ransomware that threatened to load c.p. on a user's computer (at one time possession would have been a strict liability offense)).  A few politically-oriented sites (in the eyes of the beholder) may have been targeted. Recently (in May and June) a major Wordpress blog (which admittedly had used an old insecure template theme) set up to advise asylum seekers was hacked, but finally secured properly and is back up. (Fortunately it had good backups  -- and backup technology would be worth another big blog post.) 

Ted Koppel (video above) wrote a book called “Lights Out” about all of this (reviewed on Books, Nov. 15, 2015).

This article doesn’t even consider EMP and solar storms, which I’ve discussed elsewhere.
As someone who dealt with the draft a half century ago, foreign enemies pose novel moral dilemmas for how individuals can be expected to behave.

No comments: