Cyber warfare is rapidly becoming part of the modern military and political arsenal of many nations including the United States. US President Donald Trump wants to stop cyber attacks. He is bringing in top corporate experts as advisers and has asked former New York mayor Rudolph Giuliani to act as his eyes and ears.
There are many kinds of cyber attacks and perpetrators with various complex political, economic and military goals. But the most dangerous. assaults are those that would impact the balance of power by damaging a state’s critical infrastructure.
The US passed its first Computer Security Act in 1987 to address the vulnerability of the critical infrastructure – which includes government and military functions, defense industry, transportation, energy (power plants, oil refineries, transmission systems etc), emergency and medical services, water and food supply systems and banking and finance. Since that time, however, all of them have been attacked and the US has sustained substantial damage. Vital national security information has been compromised and defense secrets lost. American banking and credit institutions have successfully been attacked. Fears for the future include paralysis of America’s command and control systems, a foe taking control of its nuclear assets and isolating and shutting down crucial decision-making centers and related communication networks.
Hardening the infrastructure and creating a “US only” system – not purchasing foreign, mainly Chinese, systems and eliminating weak controllers that can be compromised would be good first steps.
The US does not lack cyber weapons or the will to use them. Plenty of America’s capacity for cyber warfare has been exposed by Edward Snowden, whose leaks gave the public unprecedented access to some of the National Security Agency’s deepest secrets. Much of what Snowden recorded has now been published, showing how a major part of the US intelligence system sucks up information and employs malicious tools against possible adversaries.
The most famous of all is the US-Israeli tool called Stuxnet. Stuxnet is, so far as is known, the most sophisticated single tool that was used against Iran’s centrifuge program to enrich uranium for a potential nuclear weapon. Stuxnet was based on excellent intelligence on Iran’s centrifuge system and the computer, SCADA controllers and frequency converters that ran them.
Stuxnet was able to take over Iran’s Siemens controllers, spinning many of the centrifuges at high speed and ruining them.
SCADA systems are used to manage operations at oil refineries, nuclear and conventional power plants, manufacturing systems and in classified control systems including the manufacture of nuclear weapons, as was the case in Iran.
The US is not the only country to carry out an attack on the critical infrastructure or to focus an attack on SCADA-operated systems. China and Russia also have done it, with China aiming most heavily at Taiwan (its practice target) and against the US critical infrastructure.
Russia, on the other hand, despite the most recent allegations of an attack on a Vermont-based power plant (now proven false) has focused on nearby neighbors including Estonia, Poland, Georgia, and Ukraine. They began in 2007 when the Estonians removed a war memorial and associated graves known as the Bronze Soldier of Tallinn – a salute to the Red Army soldiers who liberated Estonia from the Nazis. In response, the Russians demanded autonomy for the local Estonian Russian-speaking population and launched cyber attacks against sensitive banking and financial institutions, newspapers and supposedly secret telecommunications nodes that were part of Estonia’s national security apparatus.
By far the most sophisticated Russian attack was just before Christmas in 2015 against Ukrainian power stations and substations belonging to Prykarpattyaoblenergo servicing the Ivano-Frankivsk Oblast area in northwest Ukraine. (A related attack but not as severe took place one year later.)
Analysts agree that the perpetrator was a Russian-origin group known as Sandworm, a name taken from a 1984 American epic science fiction film. Sandworm’s mission is mainly to focus on the Ukraine and “outside” political and military actors supporting Ukraine (including NATO leaders, European politicians, and organizations etc). Sandworm distributed malware embedded in a PowerPoint presentation to NATO and specializes in attacking SCADA controllers, especially those manufactured by GE, Siemens, and Broadview Networks.
Its attack on the Ukrainian power station is regarded as perhaps the most sophisticated ever launched against a power station. The Ukrainian plant’s control systems and security were top notch. Nonetheless, using malware called the BlackEnergy Trojan the Sandworm hackers began to execute a series of moves based on six months of elaborate reconnaissance that paid off when they attacked.
The lessons are clear. An adversary today, whether a state actor, a criminal conspiracy or a terrorist organization, can attack any critical infrastructure in the US or abroad. In addition, it is likely that many already have carried out the necessary reconnaissance, set up detailed plans, and tested out the likelihood of success in anticipation of a full-blown attack. It is clear that even a critical infrastructure with current-day protection probably cannot survive a sophisticated operation.
The challenge to the new administration is how to better protect America’s systems. The first step must be to find ways to harden the SCADA systems substantially, meaning that commercially produced systems bought today on the global market are a bad solution. SCADA systems need multilevel security, two-step verification and compartmented access along with strong encryption and, even then, must be isolated from the Internet. A hardened new design produced under US government control that is distributed only to users approved by the government for enhanced protection will make it difficult if not impossible to successfully penetrate America’s vital systems. If the Trump administration moves in this direction we will be a lot safer in future.