In a recent article about the opioid crisis I pointed out all homeland defenses rely on two key elements—risk assessment and risk planning. Our nation’s security is about calculating risks and formulation plans to reduce, respond, and recover from those risks. So why are we doing nothing about the weaknesses in our critical infrastructure? Let’s examine our power grid.
Losing power is more than just an inconvenience. Sure, we get a little upset about the lights not working and the Internet going down. But if history has proven anything, it is that the loss of power, and all the wonderful amenities it gives us, can lead to extraordinary civil unrest.
The worst example of this civil unrest and the chaos it can bring happened way back in 1977 in New York. In short, a series of lightning strikes caused multiple failures of the power grid, blowing out multiple circuit breakers which in turn caused the power lines to overload with electricity. It brought down the whole system.
This loss of power resulted in riots and looting in almost every of the five boroughs (counties) comprising New York. More than 3,700 people were arrested, over 1,600 stores were looted, and 550 police officers were injured.
More recently was the 2003 blackout that ripped across most of the Northeastern United States and parts of Canada. The Fire Department of New York (FDNY) answered more than 7,500 calls and responded to more than 4,000 alarms…and that’s just New York.
Now these were just natural disasters. What would happen if there was a coordinated attack? Don’t think it’s possible? Consider this.
Attacks on our infrastructure and power grids are far more common than you think. They are also a hell of a lot more effective than you can imagine. A quick Internet search will show you that our grid is under constant siege from all types of attackers. From government foreign agencies to sophisticated cyber criminals, right on down to a disgruntled employee. While their means and their methods may differ, they have one singular common goal: To wreak havoc.
US Power Grid Suffers Some Sort of Attack Every Four Days
As reported in the Daily Coin, such attacks can occur in conjunction with civil unrest or they might be carried out with the intention of triggering civil unrest. One reason why the saboteurs go after the grid is that it is highly vulnerable to attack. Such assaults are likely to cause a major electrical outage in the future because the grid is under constant attack.
A March 2015 investigation by reporters from USA Today and 10 other Gannett media outlets revealed that attacks occur both in cyberspace and in the real world, with a major attempt to breach computer security at an electrical facility occurring about once a week.
The Gannett media outlet joint investigation showed that there were more than 300 physical attacks on electrical infrastructure between 2011 and 2015 and that authorities have not been able to identify suspects or make arrests in most of those attacks.
But what about “cyberattacks.” They almost always go unsolved. In fact, according to Newsweek, Russia’s greatest weapon may just be its hackers. So just how effective are they? In 2015, the Ukraine power grid was attacked and it was a sobering wake-up call of the extent of what is possible. In that event, which some security experts have called cunning and brilliant, the hackers planned the attack by infiltrating the power utility systems over a period of months.
According to the New York Times, the hackers were not even that sophisticated. Using some old-school exploits like Microsoft Word file attachments with an infected macro that downloaded malware, and careful infiltration of the network stealing remote login credentials over time, the hackers were able to get control of the system to ultimately shut off power to 230,000 people in a cold winter.
Per the New York Times, Russia is suspected to be behind that attack, given the tensions in the region, but the cyber-warfare world has both state and non-state actors. Russia, China, Israel, Iran, North Korea, and the US all have cyber units, and terrorist groups like ISIS and many other lesser known groups have engaged in cyberattacks for coercive, monetary, or political motives.
In short: “U.S. military, government and commercial IT networks face constant cyberattack from both criminal and state-sponsored adversaries,” according to Defense Advanced Research Projects Agency (DARPA).
That is why we need to implement a nationwide program of “Active Cyber Defense” or ACD as proposed by DARPA. In short, ACD is a “proactive” approach to cyber security. It is a computer network strategy that acts to defend internal systems and data before a cyber-attack is even launched…and I should know. My experience is derived from my role as a Navy Information Systems Technician Chief Petty Officer for almost two decades. This technique of cyber security is referred to as “hacking back” and it underscores that proactive is always better than reactive.
According to DARPA, and my own personal experience, computer network operators and cyber security specialists have only been reactive in response to cyber-attacks. Standard operating procedure is a four-step process:
- Find the invading code
- Unplug the affected systems
- Create security patches to thwart particular attacks
- Apply those patches network-wide
According to Time Magazine, DARPA believes it is time for a fundamental change in our attitude toward cyber security because the problem is a lot worse than we thought. In an article from Extreme Tech, part of the risk in cyber intrusions on infrastructure is the connection of these systems to the Internet. Many ICS/SCADA (Industrial Control Systems/Supervisory Control and Data Acquisition) systems are based on older technology. The grafting of Internet and networking capabilities to these systems enables remote monitoring and control, and sometimes end-customer access to utility usage and billing data. Sometimes, these newer forms of access are not adequately shielded from systems that control vital aspects of the utilities.
Case in point: In his article “Cyberattack Shows Vulnerability of Gas Pipeline Network” Clifford Krauss reported that a cyberattack on a shared data network forced four of the nation’s natural-gas pipeline operators to temporarily shut down computer communications with their customers over the last week.
“The attack highlighted the potential vulnerability of the nation’s energy system, cyber experts say. Beyond consumer and business data—energy companies possess much proprietary information about their holdings, trading strategies and exploration and production technologies—the increasing dependence of pipeline infrastructure on digital systems makes them a particularly ripe target. Control valves, pressure monitors and other equipment connected to wireless networks are vital to daily functions of everything from refineries to oil wells,” wrote Mr. Krauss.
According to the aforementioned Time Magazine article, DARPA believes that, “To stay ahead of increasingly sophisticated, stealthy and dangerous threats, defenders must move beyond traditional static defenses to exploit the natural advantages of their IT systems and expertise.”
At this point, to understand what proactive cybersecurity really looks like, we have to get a bit technical. ACD is not one activity, but a host of techniques that may include one or any of the following:
- Beaconing technology to determine the location of a hacker
- Honeypots that appear both important and vulnerable, to fool adversaries into “taking the bait” to trap them
- Leaving the home network to track down stolen data
There is even talk about creating a trojan horse inside of a trojan horse. In short, using the Honeypot you get a hacker to steal your “trojan horse” of data. Once he opens the file, another hidden “trojan horse” runs an IP trace program and sends the information back to you, giving you the precise location of the perpetrator.
Prior data breaches, like the one perpetrated on Equifax users in 2017, proved how costly and time-consuming recovering from an incursion can be. So DARPA’s belief is that stopping the attack before it happens is faster, easier, and far more cost-effective.
I am reminded of a quote from Sun Tzu, arguably the greatest military strategist of all times. He wrote “The Art of War” and in it he says: “Hence to fight and conquer in all your battles is not supreme excellence; supreme excellence consists in breaking the enemy’s resistance without fighting.”
In short, it is far better to prevent an attack than fight and win it—or fight and lose it. And this is the basis for DARPA’s ACD program and a proactive cyber defense strategy that employ’s “white hats” or “grey hats.” In the military parlance, white hats and grey hats are the good guys and “red hats” are the bad guys.
Having won the approval of the state legislature, Governor Nathan Deal is poised to sign a new law, Senate Bill 315, that will create a state-level exemption for those who deploy “cybersecurity active defense measures that are designed to prevent or detect unauthorized computer access.”
An article from The Hill explains that “these methods would help companies protect their networks from attacks and identify hackers who have breached their systems to steal information or conduct other nefarious activity.”
But again, there is a problem. The Computer Fraud and Abuse Act passed by Congress in 1986 prohibits anyone from “knowingly hacking into other networks without authorization.” But no one is talking about the fact that state laws like Georgia’s SB 315 violate this federal law. This is just another example of what happens when non-technical “politicians” try to solve very complex technical issues.
Bottom Line: We don’t have an answer. And until we do, we are subject to the whims and machinations of “red hat” attacks. Until we figure this out, I would recommend preparing—yes, be a “dooms day prepper”—and have at least a month’s worth of food, water, and other necessary provisions to ride out the storm…because it is brewing.