by Bobby Akart
Use of the cyber arena to spread propaganda to gain economic or military advantage
The Russians established a sophisticated propaganda machine under the supervision of its Internet Research Agency that waged a massive disinformation campaign in support for its annexation of Crimea and its invasion of Ukraine. These hired guns work hard, each one pumping out hundreds of comments and blog posts per shift. In addition, each hacktivist troll is reportedly required to post 50 news articles a day while maintaining half a dozen Facebook and more than ten Twitter accounts. It is not unusual for this machine to be used to gain a militaristic advantage as the Russians spread incorrect information throughout the online media.
Use of cyber attacks to conduct industrial espionage
While the Russians are notorious for gaining a military advantage through the use of cyber tactics, the Chinese are a determined bunch when comes to stealing valuable public and private sector trade secrets. The vast majority of America’s intellectual property theft is believed to originate from China. The Chinese employ elite hackers housed by the government throughout the world to mask their real affiliations. China’s goal has been to catch up with the U.S. in direct military strength. Washington already outspends China more than 4-to-1 in growing its military that makes achieving military parity very difficult. Rather than attempting to outspend the U.S., Beijing’s answer has been to focus instead on commercial and government espionage. The Chinese computer spies employed by the PLA have attempted raids on the networks of almost every major U.S. defense contractor and have stolen some of our nation’s most closely guarded technological secrets.
The biggest threat: Collapse of the nation’s power grid
On July 8, 2015, Americans watched as trading was halted on the New York Stock Exchange (NYSE) floor. At the same time, computer reservation systems at United Airlines were down, and the Wall Street Journal newspaper computer networks crashed.
This was not a scene from your favorite author’s books of fiction; it was very real. According to reports, the interruption of the services mentioned was a mere coincidence, and the events were unrelated. These incidents and many more have raised public awareness of the vulnerability of our nation’s critical infrastructure.
At the time, White House spokesperson Josh Earnest asserted the incidents weren’t caused by cyber attacks, but were typical software issues that happened to coincide in time. However, he did admit the situation was severe enough that the President was briefed by the White House counterterrorism and Homeland Security advisor as well as Chief Of Staff Denis McDonough. Later that day, Department of Homeland Security Secretary Jeh Johnson issued a statement.
“It appears from what we know at this stage that the malfunctions at United Airlines and the (New York) stock exchange were not the result of any nefarious actor. We know less about the Wall Street Journal at this point except that their system is back up again as is the United Airlines system.”
As has been their M.O. for the last several years, the administration prefers to downplay the potential threats of cyber attacks on our nation’s power grid. If a cyber attack were to occur and severely damage our grid, would the government downplay that as well? Would they avoid urging American to prepare for such an event for fear of instilling panic in the streets? Is our critical infrastructure secure? Are the analysts overstating the vulnerability?
Chapter Fifteen
What could cause a Cyber War—World War C?
The speed and intensity of cyber intrusions are on the rise, increasing the chance that overuse by one or more rogue nations could escalate cyber vandalism or espionage into a devastating cyber war—World War C. There are several scenarios envisioned by our military and cyber analysts. Here are the most widely held theories.
Private sector cyber counter-attacks
As American corporations continue to suffer significant economic loss from accelerated intellectual property theft and disruptions to their operations from cyber attacks, private sector companies could initiate their own cyber counter-offensives. There are many options available to private sector victims of cyber intrusions. Tactics for retaliation could range from placing honeypots with deliberately falsified data on corporate networks (as was used in the Trans-Siberian Gas Pipeline explosion) to disrupting the networks of suspected attackers by returning the favor with their own team of cyber mercenaries.
However, this type of cyber vigilantism could quickly escalate by involving the government’s protection of their private sector participants. Acting against the perpetrators of the massive cyber espionage operation might necessarily mean attacking a nation-state’s military-industrial complex. Although the cyber mercenary’s goal may be to target an apparently private corporation, the cyber retaliation may be dangerous because of the close relationship between quasi-public companies and their national governments in countries like China and Russia. The country being targeted by a corporation’s private retaliation for cyber intrusions may also perceive the counter offensive as a proxy attack on the security or military services of the company’s home country, leading to a broader and more damaging spiral of escalation. Many wars have begun because different perceptions create different realities.
Out of control patriotic hackers
One of the scenarios which would result in an escalation from cyber vandalism to an all-out cyber war begins with the so-called patriotic hackers—a term applied to computer hackers who are strident supporters of a country and whose goal is to initiate attacks upon their beloved nation’s adversaries. Because of their unpredictability and the lack of control that intelligence and military organization have over such groups, patriotic hackers may become over-enthusiastic, thus exceeding the policies of their governments. For example, politically motivated hackers might destroy data rather than merely conducting cyber vandalism through defacing a web site or by introducing malicious software that spreads throughout the target’s network.
Many patriotic hacker groups are loosely affiliated with, or sanctioned by, the governments they support. But even actions by independent hackers, completely unaffiliated with a government, could set off an escalation of tensions leading to an all-out cyber war. As has been discussed, attribution for cyber exploits is hard to identify using the best of cyber forensics, and a nation-states’ use of hacker proxy groups could lead some victims to see a pattern in the activity. Often, by overuse of a particular technique, a government’s cyber fingerprints behind an action can be determined, despite the hacker group’s lacking actual affiliation with an intelligence or military service. Assignment of attribution may get even more difficult as various proxy tools are increasingly available online which make it easier for private citizens, or for smaller and poorer states, to carry out fast, sophisticated, and untraceable cyber activity. One cyber security analyst provided two realistic examples; an attack on a Chinese organizations’ networks by hacktivists protesting the treatment of ethnic minorities, or on Russian oil companies’ IT systems protesting environmental issues. Either Russia or China could view these cyber attacks as undertaken by a proxy for a Western government that could quickly lead to a spiral of retaliation.
An escalation of cyber vandalism caused by a patriotic hacker group’s exploits to a perceived act of cyber warfare could occur with little or no warning. As in traditional warfare, one would hope that the most powerful nations on earth would open a dialogue, rather than react in kind, or worst.
World War C
In this final scenario, it is a very real possibility that cyber attacks can escalate into a cyber war as a tactical maneuver to supplement conventional military activity. The Russians are notorious for the use of cyber attacks to enhance its military capability, as apparently happened in the Russia-Georgia conflict, later in Estonia, and most recently in Ukraine. It is within the arsenal of the world’s major military powers to use cyber weapons against strategic targets instead of more conventional strikes. As Russia has proven, a military could use cyber weapons to disrup
t the network systems that modern armed forces use for communications and logistical support.
But the most deadly scenario to a nation would be the use of cyber warfare to collapse their critical infrastructure. Not only would this disrupt traditional command and control systems, but it would also effectively distract a nation’s military defenses while it fills the requirement of tending to its population in need. The nature and extent of potential damage to vulnerable power grids would be hard to anticipate, and a spread of military malware beyond its intended targets—or its capture and re-use by other parties—could compound the collapse event.
The effective use of cyber warfare in this scenario would go beyond the disruption of internet or communication services. The goal of the aggressor would be to bring down the power grid, the lifeblood of any nation.
Chapter Sixteen
A Major Attack on America’s Critical Infrastructure
A cyber attack on America’s critical infrastructure would cause chaos in the country by interrupting vital utility services for the nation.
While the stock exchange, transportation, and media are critical to the normal operations of any country, the power grid and water plants are absolute necessities to prevent mass deaths. A failure of these systems as a result of a cyber attack would cause more than serious inconveniences to the nation; the deaths would be in the millions.
There has been a rapid increase in the number of cyber attacks directed at America’s power grid in recent years. They have avoided detection in many cases because of their increased complexity.
In February of 2015, the DHS Cyber Emergency Response Team issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. According to the report, the Industrial Control Systems Cyber Emergency Response Team received and responded to nearly three hundred incidents during the government’s Fiscal Year 2014, more than half of the incidents reported by asset owners and industry partners involved sophisticated cyber intrusions. The ICS/SCADA system, commonly used by major utilities, were targeted by various cyber threat actors, including criminals, rogue nations, and hacktivists.
Over fifty percent involved advanced persistent threats—APT, or sophisticated actors. In most cases, the threat actors were unknown due to a lack of attributional data. The report clearly illustrates that the nature and complexity of cyber intrusions are increasing, and the target of choice has shifted from stealing personal financial data to conducting penetration testing on major utilities.
The majority of the attacks involved entities in the energy sector followed by critical manufacturing—the manufacture of vehicles, aviation, and aerospace components. Typically, the hackers used zero-day vulnerabilities to compromise the utilities’ industrial control systems, such as SCADA.
The most common flaws exploited by attackers include authentication and distributed denial of service measures. The report confirmed that the attackers used a vast range of methods for attempting to compromise utility control systems infrastructure to avoid establishing a cyber fingerprint. The tools at their disposal included malicious code, spear phishing attacks, and SQL injection attacks.
The report points out the difficulty of attribution of an incident to a particular threat actor. In the majority of cases, these offensives have gone under the radar over the years due to the high level of sophistication of the tactics and cyber-techniques.
The victims are typically unable to identify the attackers, Therefore many more incidents occur in critical infrastructure that goes unreported. Often, the forensic evidence does not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network.
The DHS report concludes the U.S. power grid is highly vulnerable to cyber attacks.
The U.S. power grid is a considered a privileged target for all categories of terrorists, cyber criminals, and state-sponsored patriot hackers. Daily, they threaten the backbone of the American society. Security experts and U.S. politicians are aware that the national power grid is vulnerable to a terrorist attack.
Terrorists and rogue nations have several options to hit a power grid, from a cyber-attack on SCADA systems to an EMP attack, according to cyber security analysts. Former Secretary of Defense, William Cohen, in a 2015 interview, discussed the issue at length.
“You can do it through cyber-attacks, and that’s the real threat coming up as well. We have to look at cyber-attacks being able to shut down our power grid, which you have to remember is in the private sector’s hands, not the government’s. And we’re vulnerable,” Cohen added. “It’s possible and whether it’s likely to happen soon remains to be seen.”
“That’s because the technology continues to expand, and terrorism has become democratized. Many, many people across the globe now have access to information that allows them to be able to put together a very destructive means of carrying out their terrorist plans. We’re better at detecting than we were in the past. We’re much more focused on integrating and sharing the information that we have, but we’re still vulnerable and we’ll continue to be vulnerable as long as groups can operate either on the margins or covertly to build this kind of campaigns of terror.” said Cohen.
Former Department of Homeland Security Secretary Janet Napolitano echoed his sentiments. She caught everyone’s attention when she said, briefly after her departure from government, that a major cyber attack on the nation’s power grid was not a matter of if, but when.
While it is accepted in the intelligence community that state sponsored cyber-terrorists are the most likely threat actors, cyber criminals represent a serious menace as well.
Former senior CIA analyst and EMP Task Force On National Homeland Security Director, Dr. Peter Vincent Pry, confirmed in an interview with Newsmax TV that a cyber attack against the power grid could cause serious destruction and loss of life.
The British Parliament revealed that UK Power Grid is under cyber attack from foreign hackers daily, confirming the incessant attacks on Britain’s national critical infrastructure.
“Our National Grid is coming under cyber-attack not just day-by-day but minute-by-minute,” said James Arbuthnot, a member of the British Parliament whose committee scrutinized the country’s security policy. “There are, at the National Grid, people of very high quality who recognize the risks that these attacks pose, and who are fighting them off, but we can’t expect them to fend them off forever.”
The power grid is a vital system for our society, and the cyber strategy of every government must consider its protection a high priority, a terror attack would leave entire countries sitting in the dark. Several high profile cyber security firms have issued a hypothetical attack scenario and estimation of the losses—both of loss of life and economically.
What will happen in the case of a cyber-attack on a critical infrastructure in the US? What is the economic impact of a cyber-attack against America’s power grid?
According to a poll of 2,173 registered voters by researchers at the Morning Consult firm, cyber attacks rank a close second to a terrorist attack on the list of biggest threats to the United States. The research showed that cyber security experts estimate the insurance industry could face losses of over twenty billion dollars.
Specifically, thirty-six percent of voters consider acts of terrorism at the top of a list of major security threats, followed by cyber attacks at thirty-two percent.
Lloyd’s of London conducted a very in-depth study in 2015, Business Blackout that describes the impacts of a possible cyber attack on the nation’s critical infrastructure. It is the first time that the insurance industry has elaborated on a similar report. According to the report prepared by Lloyd’s in a joint effort with the University of Cambridge’s Centre for Risk Studies, a devastating cyber attack on America’s power grid would have a catastrophic impact on multiple types of insurance.
The attack scenario described by Business Blackout illustrates the effects of a hypothetical malware-based a
ttack on systems that controls the U.S. power grid. In their hypothetical scenario, the attack causes an electrical blackout that plunges fifteen U.S. states and highly populated cities, including New York and Washington, into darkness. Nearly 93 million people will be affected without power in the hypothetical.
According to the researchers, the attack will cause health and safety systems to fail, disrupting water supplies as electric pumps fail. The chaos will reign causing the failure of central services, including transportation. Because the malware can infect the Internet, thereby allowing it to search and compromise fifty generators that it will destroy, there would be lengthy power outages in the region.
The total of claims paid by the insurance industry has been estimated to be included in the interval comprised between twenty and seventy billion dollars depending on the length of time necessary to remedy the scenarios designed by the researchers.
The researchers involved in the simulation have calculated the economic losses could approach $1 trillion, depending on the number of components in the power grid compromised by the attack.
Economic impacts included in the report were direct damage to assets and infrastructure, the decline in sales revenue to electricity supply companies, loss of sales revenue to business and disruption to the supply chain. In order to form their hypothesis, the experts analyzed the historical outages, estimating that currently the power interruptions, the vast majority of which last five minutes or less, already cost the US about $96 billion.The business and industrial sectors are the sectors most impacted by the attack on the power grid due to their dependency on electricity.
