The US Power Generation System Is Under Siege

Being a detective means investigating and solving crimes. President Trump said about Russia’s cyber meddling in the US voting process, “No one can really know who’s doing it.”

It’s not unusual for someone not familiar with the computer industry to make such a statement. Chances are most adults would come to that conclusion, but they would be wrong. Cyber detectives within government security agencies have the tools to know whose meddling.

A cybercrime detective is no different than a burglary-crime detective; they consider motive, clues and evidence. The low-level, email-based cyber criminal tries to conceal themselves in the “From” line of an email. Those types are relatively easy to detect by looking at the hidden, detailed, return address information. However, when dealing with sophisticated cyber criminals, especially when they’re part of an elite group run by a foreign government, it requires the talents of cyber detectives.

It’s important to understand that computer code is just another language. How code is written is not that dissimilar from writing a letter. Each person has their own style: their use of certain words, where they’re placed in phrases; their use of punctuation; and their choice of verbs and pronouns. It’s their fingerprint. Further, people in different countries have distinct ways of expressing the same idea. In the United States, they say “Mom”; in the United Kingdom, it’s “Mum.” It’s tough to conceal who you are or where you’re from no matter how hard one tries; it’s part of their psychological makeup.

It’s unfortunate some people in the US government cannot grasp this concept or just don’t want to. As such, multifaceted, complex attacks by a foreign government will go completely over or blocked from entering their head, and that’s dangerous to our country.

Our society is run by computers and communication systems and, of course, requires power. An attack aimed at our power-generation infrastructure can be catastrophic. The Wall Street Journal reported that a federal analysis indicated that a coordinated terrorist strike on just nine key electric transmission substations could cause cascading power outages across the country in each of the nation’s three synchronised power networks. A loss would not only affect personal power use but also money, health and food supply, to mention just a few.

To acquire additional information a security expert working at a major power generating system in the United States was asked, “How often has your plant been probed by cyber attackers, have they been able to infiltrate your facility and who are the perpetrators?” He indicated that cyber non-web attacks occurred on average 17,000 times a day, representing 50 percent of all attacks. Add to that, 6,300, or 17 percent, blocked email web attacks, with the remaining 33 percent being crime-ware and insider or third-party misuse.

That’s a total of 34,000 attacks per day that a power system must deflect.

Surprisingly, most attacks are not through the Internet, since that path is reasonably well protected. Internet hackers must bypass multiple layers of firewalls, a difficult job. However, a remote substation working through a supervisory system not connected through the Internet may have less physical or software security, and is often an entry point. Whatever are the attacker’s intent, obviously, it was not to say hello, but rather to damage the network, to see if they could get in later or put in a “Trojan Horse” for future activation? 

Hackers used several different techniques to compromise plant computers, including fake email personnel resumes that contained malicious code. Fortunately, administrative/corporate computer systems are kept separate from operational ones.
On the more positive side, hacking in the United States is a more complex feat than in countries where their grid system is homogenous. Our power systems are diverse; no two substations are the same, and no two companies run their infrastructure the same. In countries where systems are “state run,” if a hacker finds a mistake in one place, they can probably find the same mistake somewhere else.

According to Marcus Sachs, CSO with the North American Electric Reliability Corporation, squirrels, birds and snakes may be a bigger threat to local power grids than cyber adversaries. So watch out, the little ones may inadvertently sacrifice themselves to kill your power!

Inside Sources

You Might Aldo Read: 

Russia Suspected As Hackers Breach Power Plant Systems:

Ageing Energy Systems Hold Huge Potential For Cyber Attack:

 

« Singapore’s Mounting Cyber Threats
Who Are The Shadow Brokers? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC is a cyber security research and development and training centre

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

Oak Ridge National Laboratory (ORNL)

Oak Ridge National Laboratory (ORNL)

ORNL conducts basic and applied research and development in key areas of science for energy, advanced materials, supercomputing and national security including cybersecurity.

Safe Security

Safe Security

Safe Security (formerly Lucideus) provides Cyber risk assessment services and platforms to multiple Fortune 500 companies and governments across the globe.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

Pentesec

Pentesec

Pentesec is a security specialist offering professional services, managed security services and expertise within an extensive range of security technologies.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

Cornami

Cornami

Cornami delivers real-time computing on encrypted data sets, which is vital for data privacy and cloud security.

Detego Global

Detego Global

Detego Global are the creators of the Detego® Unified Digital Forensics Platform, a suite of modular tools used globally by military, law enforcement and intelligence agencies, and enterprises.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Oleria Security

Oleria Security

Oleria is the only adaptive and autonomous security solution that helps organizations accelerate at the pace of change, trusting that data is protected.

Iron Mountain

Iron Mountain

Iron Mountain Incorporated is a global business dedicated to storing, protecting and managing, information and assets.

Sage IT

Sage IT

Sage IT offer a wide range of professional and consulting services to help organizations overcome the challenges of today's ever-changing business environment.