US Electrical Grid hack highlights WAN vulnerability
5 February 2019
Earlier this month, the Wall Street Journal reconstructed what it called the “worst known hack into the United States national power system”.
This hack is interesting on several levels. First, it was a rare example of where the US Government was prepared to call out the russian Government and pin the blame for the cyberattack on it directly. Second, it was the highest profile instance of what is becoming a modern battleground for cyberwarfare; an attack on a country’s critical infrastructure. Third, it was a warning to larger, more security aware organizations that their extended supply chain represents an additional point of weakness in their cybersecurity landscape.
The hack, in summary;
In the summer of 2016, US intelligence agencies became aware of a sophisticated campaign, designed to hack the country’s utilities network. By targeting small, independent firms within the utility supply chain, and trade publications servicing the engineering community, hackers were able to slowly gain access to increasingly sensitive systems.
Companies as diverse as engineering contractors and professional services companies were targeted with sophisticated phishing attacks, bogus emails, forged log-in pages and more. These gateway organizations were used to gain access to systems owned by national utilities and even the US Army Corps of Engineers, which operates several federally-owned hydro-electric facilities.
Over a period of months, the hackers gained access to a myriad of systems. Sometimes creating false accounts with admin access; other times using access for research or to infiltrate connected systems.
The sustained attacks continued throughout 2017, with hackers targeting renewable energy companies, independent energy producers and regional utility companies. The scope of the attack also broadened to include three UK organizations that service the UK National Grid.
By the winter of 2017 the hackers, having established a toe-hold in various systems, were attempting to jump the gap between corporate networks (connected to the internet) and critical systems, such as SCADA networks (typically isolated from the internet for security purposes). Access to these systems would have given the hackers the ability to disable power systems in the US electricity network.
The total number of companies affected by this operation is not known, but evidence suggests more than 60 utilities were targeted; more than a third of which were successfully breached. In a small number of instances, the hackers penetrated far enough into the networks to gain access to the industrial control systems.
Protection versus prevention
The methods employed by the cyber-criminals in this attack highlight the changing threat landscape for all types of organization. As businesses become increasingly connected, they are exposing their systems to potential threats. Connecting critical systems to the internet may offer advantages in terms of productivity and accessibility; but mobile computing, the IOT and borderless infrastructure also create greater risk.
A robust cyber-security strategy needs to include elements of both breach prevention and protection. firewalls, sandboxing, virus-scanning and anti-spam systems are constantly evolving, but so are the hackers. In the event of a breach, the best, last line of defense is to ensure your data is protected with encryption.
Choosing the right encryption solution
The choice of encryption solution will depend upon your individual needs and preferences. For high-speed links supporting big data and critical business applications, certified high-assurance encryption offers the best combination of security and performance.