Blake
Sobczak of E&E News struck again
yesterday, with another great article that points to the heart of the biggest cybersecurity
threat faced by the power industry today: namely, the ongoing Russian campaign
to penetrate the grid and plant malware in it. And as usual, he didn’t have to
jump up and down to make his point – he merely quoted from an important
government official.
This article
unfortunately isn’t available outside of the paywall, but I’m of course free to
excerpt from it. Here is essentially the first half of the article (which is
quite short – something that’s unusual for Blake’s articles, as well as my
posts. Both of us understand the importance of not letting a foolish concern
with conciseness get in the way of saying what needs to be said!):
Russian hackers pose a greater threat
to U.S. critical infrastructure than their Chinese counterparts, a former
intelligence official warned water utility executives in Washington yesterday.
"When I think about the Chinese
and the Russians, they're both dangerous: Both of those are in conflict with
us," said Chris Inglis, former deputy director of the National Security
Agency. "But the Russians are far more dangerous because they mean to do
us harm. Only by doing us harm can they achieve their end purposes."
Beijing poses a major cyberespionage
threat to U.S. companies but, in contrast to Russia's government, can be more
effectively deterred based on its close ties to the American economy, Inglis
said at a cybersecurity symposium hosted by the National Association of Water
Companies.
"Why are the Russians, as we
speak, managing 200,000 implants in U.S. critical infrastructure — malware,
which has no purpose to be there for any legitimate intelligence reason?"
asked Inglis, now managing director at Paladin Capital Group and a visiting
professor at the U.S. Naval Academy. "Probably as a signal to us to say:
We can affect you as much as your sanctions can affect us."
I was
actually surprised to see this, since everything else I’ve seen or heard from
the Federal government recently seems to downplay a) the threat posed by Russia’s
ongoing attacks
on the US grid and especially b) the success the Russians have had so far (of
course, it’s probably significant that Mr. Inglis isn’t currently part of the
government. The article mentions that he may lead the NSA in the near future,
and if he does, I hope he doesn’t catch the strange bug that seems to have
infested a lot of his former colleagues on the cyber ramparts of the US economy, which causes sudden muteness when asked about Russian attacks on the grid. I believe the medical community is racing to find the cause of this syndrome). He
says two important things:
- The Russians’ purpose is clearly malign – to have the
capability to cause significant disruption to our society (to say nothing
of disabling US military bases - as described in a January article in the Wall Street Journal), and perhaps even to
cause a cascading power outage that could immobilize a lot of the country;
and
- They have already had a significant amount of success,
evidenced by the fact that they are currently managing
(i.e. the devices are already in place and connected to C&C servers)
200,000 “implants in U.S. critical infrastructure”, which presumably includes
other CI industries like oil and natural gas pipelines, water treatment
plants, oil refineries, and petrochemical plants, besides power facilities.
I’m also
very impressed with the fact that Mr. Inglis gives short shrift to the popular
(again, in current Federal government circles) idea that the Chinese and
Russian attacks on US critical infrastructure are essentially two peas in one
pod. Here’s the quote again: "But the Russians are far more dangerous
because they mean to do us harm. Only by doing us harm can they achieve their
end purposes." Amen, brother. And he’s not the only person saying this:
the Russians
themselves are!
A paragraph
after the above section, the article says “Energy and water utilities' interest
in Chinese and Russian cyberwarfare capabilities has spiked since January, when
U.S. intelligence director Dan Coats assessed that either country could disrupt
U.S. critical infrastructure by cutting off a gas pipeline or temporarily
disabling part of the power grid.”
You know, I’d
almost forgotten about that! The Director of National Intelligence, as well as
the heads of the FBI and CIA, went
before the Senate Intelligence Committee in January to discuss their Worldwide Threat Assessment for 2019,
which said “Moscow is now staging cyberattack assets to allow it to disrupt or
damage U.S. civilian and military infrastructure during a crisis.”
In normal
times, one would have expected this story to set off a frenzy of activity in the
Federal government and the power industry to investigate what actually
happened, so that the malware could be identified and rooted out, and so that
defenses could be beefed up to prevent further penetration. But these are
evidently not normal times, since despite my complaints
(or perhaps because of them), there is no visible movement on the part of
anybody with responsibility for grid security to investigate what the report
says. This is in stark contrast to the Ukrainian attacks in 2015, which set off a
firestorm of investigations, reports, classified and unclassified briefings,
etc. Why am I concerned about this, you ask? After all, why would I expect the
US government to treat the US and Ukrainian grids equally? I didn’t expect
that, of course. But I kinda thought...you know…that they would be more concerned with the US grid than the Ukrainian one. Silly me.
So now we
have Mr. Inglis putting a number on the problem, saying there are 200,000
implants already in place. This is about a thousand times more than I would
have suspected. This will set off a real investigation, right?...Ya gotta’ be
kidding.
To quote the
ancient Greeks, “Those whom the gods wish to destroy, they first make mad.”
Any opinions expressed in this blog post are strictly mine
and are not necessarily shared by any of the clients of Tom Alrich LLC.
If you would like to comment on what you have read here, I
would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that
if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or
challenges like what is discussed in this post – especially on compliance with
CIP-013. To discuss this, you can email me at the same address.
No comments:
Post a Comment