If the New York Times' reporting is accurate ...Just wait until they figure out how to hit our power grid.
Power grids have been a low-intensity battleground for years.
Since at least 2012, current and former officials say, the United States has put reconnaissance probes into the control systems of the Russian electric grid.
But now the American strategy has shifted more toward offense, officials say, with the placement of potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before. It is intended partly as a warning, and partly to be poised to conduct cyberstrikes if a major conflict broke out between Washington and Moscow.
The commander of United States Cyber Command, Gen. Paul M. Nakasone, has been outspoken about the need to “defend forward” deep in an adversary’s networks to demonstrate that the United States will respond to the barrage of online attacks aimed at it.
“They don’t fear us,” he told the Senate a year ago during his confirmation hearings.
But finding ways to calibrate those responses so that they deter attacks without inciting a dangerous escalation has been the source of constant debate.
In a 2012 report, the National Academy of Sciences called for more research to make the grid more resilient to attack and for utilities to modernize their systems to make them safer. Indeed, as society becomes increasingly reliant on the power grid and an array of devices are connected to the internet, security and protection must be a high priority.
Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign. https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group
This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks, referred to as “staging targets” throughout this alert. The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. NCCIC and FBI judge the ultimate objective of the actors is to compromise organizational networks, also referred to as the “intended target.”
That was my first question. I assumed someone hacked the control system of the pipeline and caused a possibly hazardous condition.Why is the pipeline hooked up to the internet? There was a time before the internet when the pipelines ran without the internet.
That brings to mind a thing heard/read a while back, it went something like;I imagine any scenario that anyone could come up with would be able to be defeated if there was a $10billion dollar budget for defeating it. . .
Heh. . .hits close to home. . .That brings to mind a thing heard/read a while back, it went something like;
"If getting money to defend the power grid depends on the voting public you are doomed unless you have the vote on about the third day of a power outage in January in the North and August in the South."
(yeah, that's cynical to the max, but is it wrong?)
Read the book. "One Second After" where they shoot off missiles located on cargo ships and explode EMP (Electro Magnetic Pulse) over us and kill everything with an electronic circuit in it. NO gas pumping, no cars running, no refrigeration, A/C, heat, lighting, cell phones , no way to contact family members . It would be the worst thing that could happen to us as we would end up starving and/or getting killed by other members of society. An Atomic Bomb would at least be instant.It may not get worse, but it definitely will not get better. Just wait until they figure out how to hit our power grid.
I said this tongue and cheek, but I do see this as an act of war. People will be hurt by this act.
In the mid 90's I was injured at work and lost use of my left arm for some time. Not foreseeing a future of continuing my ability to build heavy aircraft components I utilized company money to take several computer forensics courses. These courses were for law enforcement and corporate IT."Computers are cool, when they work right."
‘I agree. That fails the common sense test.Saw one lady on ABC news last night saying she drove a hundred miles looking for gas ? Duh now you have to drive a hundred miles back home so what did you accomplish?
Now the other stuff where the hell is the NSA, FBI, CIA, and all the other groups that are suppose to be watching over this stuff. (They are really great at spying on us) We've got thousands and thousands of kids sitting on their butts playing video games and doing all kinds of crap with cell phones and we can't put a hacker force together that can outwit the Russians, Chinese, and the Ukrainians. But hey we got a Space Force Wow
This.Reminder: it is not the FBI's job to prevent you from:
Most of the 'hacks' we read about are pretty much exactly this: poorly configured, unpatched systems attached directly both to the public internet as well as critical infrastructure.
- leaving all your doors wide open when you go on vacation
- keeping gold bars in plain sight in your passenger seat
- storing your cash in a barrel on the lawn
Umm...sorry, but computers were not "designed to be nothing more than a toy." They were designed to do serious work. Read about the history of Bletchley Park, ENIAC, EDSAC, etc. If your instructor actually said this, it was gross hyperbole and highly inaccurate.In the mid 90's I was injured at work and lost use of my left arm for some time. Not foreseeing a future of continuing my ability to build heavy aircraft components I utilized company money to take several computer forensics courses. These courses were for law enforcement and corporate IT.
The very first thing that was said to the class: "Remember; we are running the world with a device that was designed to be nothing more than a toy."
Cool, yes, over dependent on, yes.
SecurID. I have a token that does that. Changes a 8 digit code every 60 seconds. If the device is opened, the device self-destructs. I've run the servers that run the SecurID system and boy....that's not fun.As an engineer, I have wondered for years why vital and important systems like this were not air-gapped or at least super difficult to tap. My brother did IT for Republic steel and back in the early 90's he carried a digital "business card" that generated numbers. If he needed to access Republic's system remotely, he had toacces the computer over the internet, log on to his unique account using his username and password, and THEN when prompted, enter the number that was, at that moment, displayed on the "business card" (which changed every 30 -90 seconds or something). So even if hackers had stolen information that allowed them to pretend to be him, they still couldn't access Republic's sensitive information unless they physically had one of those business card number generators in their possession.
And that was thirty years ago. I'm sure that the crypto-security folks haven't been sleeping for three decades. There really isn't any excuse for infrastructure companies to be more than thirty years behind.