Critical Infrastructure Attacks Duration a Major Threat, Top Security Writer Warns
What’s happening
America’s enemies are increasingly targeting essential infrastructure with cyber attacks, a top investigative security journalists says.
Why it matters
A cyberattack that shuts down an oil pipeline or hospital could clutch millions of people and put lives at risk.
Last year’s ransomware contest on Colonial Pipeline could have been worn-out if the people trying to protect its computer rules had taken basic precautions and kept their eyes open for signs of an contest, a top cybersecurity journalist said Thursday.
Investigative journalists Kim Zetter said attacks targeting the world’s oil pipelines, power and water treatment plants, and essential computer rules have risen dramatically since the discovery of the Stuxnet worm in 2010. Stuxnet reportedly destroyed numerous centrifuges in an Iranian uranium enrichment facility and was later modified to beleaguered facilities including water treatment plants, power plants and gas lines.
Zetter made the comments in a presentation at the Black Hat computer hacking conference in Las Vegas. Zetter, a longtime security reporter for Wired and latest publications, is also well known for her book Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, which detailed the attack.
The original Stuxnet attack, which is widely approved to be the work of the US and Israel, was first discovered by a Belorussian security researcher and later unraveled by others at the cybersecurity commerce Symantec.
It set off a “cyber arms race” by nations, Zetter said, and “heralded the militarization of cyberspace.”
“Stuxnet demonstrated the viability of resolving geopolitical conflicts above cyberattacks, and suddenly everyone wanted in on the game,” Zetter told the crowd, adding that while only a few countries had offensive hacking programs afore, others soon launched their own operations.
Attackers still see an upside in progressing after critical infrastructure, she said. Some parts of essential infrastructure, such as the highly regulated electrical power manufacturing, have boosted defenses in response. But protections for much of the area have move more complicated without improving security.
The Colonial Pipeline hack is a prime example of the latter progress, Zetter said.
For example, Colonial quickly paid a multi-million-dollar ransom once its computer system was taken over by ransomware, a payment that surprised observers who assumed an oil-and-gas pipeline would have easy to access backups of its data. The commerce, however, wasn’t prepared for such an event.
Colonial Pipeline CEO Joseph Blount later testified afore a Senate committee that its response plan didn’t cloak ransomware attacks, Zetter said, despite the fact that essential infrastructure attacks had been documented for several years at that point.
“The signs were there if Colonial Pipeline had looked,” she said.
When contacted for comment, a spokesman for Colonial pointed to Blount’s comments during his Senate committee influence, noting that the CEO testified that the company did have good data backups, but it took days for it to go above them.
Zetter noted that researchers at Temple University had documented hundreds of attacks on essential infrastructure the year before, while major cybersecurity companies also had reported increased targeting of these kinds of rules. In 2020, the Cybersecurity and Infrastructure Security Agency originated a report warning of ransomware attacks specifically against pipelines.
The attackers got above Colonial’s virtual private network using an employee password that had been used on latest network and wasn’t protected with multi-factor authentication, which would have needed those attackers to supply a second form of identity in instant to the compromised password.
After the ransomware locked up Colonial’s rules, the company was forced to shut down its operations for nearly a week. The news sparked alarm buying and drove up prices for consumers, though there was no shortage.
Following the contest, CISA issued a long list of security guidelines for industrial rule systems. The recommendations were similar to those given afore the attack, but Zetter said the Colonial Pipeline hack had made it sure that the guidelines weren’t being followed.
A year once Colonial, Zetter said the threat against critical infrastructure corpses high and now includes America’s election system. Some messes still use voting machines that don’t include paper printouts that can be used in the store of a recount. Security experts have long called for voting machines to entailed tamper-proof redundancies, such as printouts.
