FBI Say ISIS Is Going After US Vulnerabilities
ISIS hackers are attempting to penetrate the US energy grid to carry out cyberattacks and take down parts of the country's energy supply, CNN Money reports.
Law-enforcement officials shared the information about attempted cyberattacks at a conference on October 14 with American energy firms about potential national-security issues.
"Strong intent. Thankfully, low capability," John Riggi, a section chief in the FBI's cyber division, told CNN about ISIS' hacking attempts.
"But the concern is that they'll buy that capability."
That concern is warranted, the FBI told CNN. Highly capable hacking software is available for purchase on the black market and could be used to hack networks associated with energy companies, fuel refineries, or water-pumping stations.
Because of the size and complexity of America's utility grids, and a lack of due diligence, US infrastructure is vulnerable to advanced cyberattacks — from terrorists or, more likely, from rival governments that already have the necessary capabilities.
A survey in 2013 found more than 500,000 potential targets for cyberattacks against computers associated with power plants, water treatment centers, traffic control towers, and various portions of the electrical grid.
As worrying as that sounds, however, the likelihood that ISIS could carry out a catastrophic cyberattack against the US energy grid remains incredibly small.
This is in large part because of just how complicated and disconnected power grids are at the national level because of the large number of various providers and their own infrastructure and networks.
"Hackers can't take down the entire, or even a widespread portion of the US electric grid," Jonathan Pollet, an ethical hacker and a founder of Red Tiger Security, wrote for Business Insider. "From a logistical standpoint, this would be far too difficult to realistically pull off — and it's not what we should be devoting our attention to.
"What is more realistic is for a cyberattack to cripple an individual utility, causing a blackout or disruption of service at the local level."
The likeliest outcome of a cyberattack against US infrastructure, Pollet contends, is "localized disruptions in service — not a widespread outage."
"It would be extremely difficult for hackers, without an almost superhuman effort, to cause a power outage that stretched across the country," he writes.
And that is still assuming that ISIS hackers ultimately reach the level of being able to conduct a cyberattack in the first place. As of now, ISIS is lacking in the technological capabilities and know how to carry out even a localized disruption.
"They'd love to do damage, but they just don't have the capability," Mark Lemery, the critical infrastructure protection coordinator for Utah, told CNN. "Terrorists have not gotten to the point where they're causing physical damage."
BusinessInsider: http://bit.ly/1jQAbR3