The US Power Generation System Is Under Siege

Being a detective means investigating and solving crimes. President Trump said about Russia’s cyber meddling in the US voting process, “No one can really know who’s doing it.”

It’s not unusual for someone not familiar with the computer industry to make such a statement. Chances are most adults would come to that conclusion, but they would be wrong. Cyber detectives within government security agencies have the tools to know whose meddling.

A cybercrime detective is no different than a burglary-crime detective; they consider motive, clues and evidence. The low-level, email-based cyber criminal tries to conceal themselves in the “From” line of an email. Those types are relatively easy to detect by looking at the hidden, detailed, return address information. However, when dealing with sophisticated cyber criminals, especially when they’re part of an elite group run by a foreign government, it requires the talents of cyber detectives.

It’s important to understand that computer code is just another language. How code is written is not that dissimilar from writing a letter. Each person has their own style: their use of certain words, where they’re placed in phrases; their use of punctuation; and their choice of verbs and pronouns. It’s their fingerprint. Further, people in different countries have distinct ways of expressing the same idea. In the United States, they say “Mom”; in the United Kingdom, it’s “Mum.” It’s tough to conceal who you are or where you’re from no matter how hard one tries; it’s part of their psychological makeup.

It’s unfortunate some people in the US government cannot grasp this concept or just don’t want to. As such, multifaceted, complex attacks by a foreign government will go completely over or blocked from entering their head, and that’s dangerous to our country.

Our society is run by computers and communication systems and, of course, requires power. An attack aimed at our power-generation infrastructure can be catastrophic. The Wall Street Journal reported that a federal analysis indicated that a coordinated terrorist strike on just nine key electric transmission substations could cause cascading power outages across the country in each of the nation’s three synchronised power networks. A loss would not only affect personal power use but also money, health and food supply, to mention just a few.

To acquire additional information a security expert working at a major power generating system in the United States was asked, “How often has your plant been probed by cyber attackers, have they been able to infiltrate your facility and who are the perpetrators?” He indicated that cyber non-web attacks occurred on average 17,000 times a day, representing 50 percent of all attacks. Add to that, 6,300, or 17 percent, blocked email web attacks, with the remaining 33 percent being crime-ware and insider or third-party misuse.

That’s a total of 34,000 attacks per day that a power system must deflect.

Surprisingly, most attacks are not through the Internet, since that path is reasonably well protected. Internet hackers must bypass multiple layers of firewalls, a difficult job. However, a remote substation working through a supervisory system not connected through the Internet may have less physical or software security, and is often an entry point. Whatever are the attacker’s intent, obviously, it was not to say hello, but rather to damage the network, to see if they could get in later or put in a “Trojan Horse” for future activation? 

Hackers used several different techniques to compromise plant computers, including fake email personnel resumes that contained malicious code. Fortunately, administrative/corporate computer systems are kept separate from operational ones.
On the more positive side, hacking in the United States is a more complex feat than in countries where their grid system is homogenous. Our power systems are diverse; no two substations are the same, and no two companies run their infrastructure the same. In countries where systems are “state run,” if a hacker finds a mistake in one place, they can probably find the same mistake somewhere else.

According to Marcus Sachs, CSO with the North American Electric Reliability Corporation, squirrels, birds and snakes may be a bigger threat to local power grids than cyber adversaries. So watch out, the little ones may inadvertently sacrifice themselves to kill your power!

Inside Sources

You Might Aldo Read: 

Russia Suspected As Hackers Breach Power Plant Systems:

Ageing Energy Systems Hold Huge Potential For Cyber Attack:

 

« Singapore’s Mounting Cyber Threats
Who Are The Shadow Brokers? »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

Data Recovery Services (DRS)

Data Recovery Services (DRS)

DRS provides data recovery services from media including hard disk drives, RAID, solid state disks SSD, memory sticks, USB drives, SD cards, tapes and mobile phones.

CloudMask

CloudMask

CloudMask patent technology provides Dynamic Data Masking (DDM) that masks sensitive data, structured or non-structured, in real-time.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

Quantifind

Quantifind

Quantifind enables financial crimes/fraud analysts and investigators to make better decisions, faster, with intelligent automation.

CyberUK

CyberUK

CYBERUK is the UK government’s flagship cyber security event and the authoritative event for the UK’s cyber security community.

Advantio

Advantio

Advantio offers a unique combination of technologies and managed, advisory and testing services to increase your cyber resilience and compliance.

Mode Solutions

Mode Solutions

Mode guarantee IT performance where you need it most, creating seamless and secure solutions that will alleviate pressure from your business.

Womble Bond Dickinson

Womble Bond Dickinson

Womble Bond Dickinson is a transatlantic law firm, providing high-quality legal experience and outstanding personal service from key locations across the United Kingdom and United States.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

Radix Technologies

Radix Technologies

Radix offer end-to-end device management solutions, consolidating all the organization devices, processes and stakeholders into one easy-to-use management platform.

EPAM Systems

EPAM Systems

Since 1993, EPAM Systems has leveraged its advanced software engineering heritage to become a leading global digital transformation services provider.

Linx Security

Linx Security

The Linx Identity Security platform enables identity, security, and IT ops teams to finally control the whole identity lifecycle.

ThingsRecon

ThingsRecon

ThingsRecon empowers organisations to continuously map and manage their attack surface, uncover hidden vulnerabilities, and assess supplier cyber hygiene.