Cyber Warfare (14 page)

The biggest threat: Collapse of the nation’s power grid

On July 8, 2015, Americans watched as trading was halted on the New York Stock Exchange (NYSE) floor. At the same time, computer reservation systems at United Airlines were down, and the Wall Street Journal newspaper computer networks crashed.

This was not a scene from your favorite author’s books of fiction; it was very real. According to reports, the interruption of the services mentioned was a mere
coincidence,
and the events were
unrelated
. These incidents and many more have raised public awareness of the vulnerability of our nation’s critical infrastructure.

At the time, White House spokesperson Josh Earnest asserted the incidents weren’t caused by cyber attacks, but were typical software issues that happened to coincide in time. However, he did admit the situation was severe enough that the President was briefed by the White House counterterrorism and Homeland Security advisor as well as Chief Of Staff Denis McDonough. Later that day, Department of Homeland Security Secretary Jeh Johnson issued a statement.

“It appears from what we know at this stage that the malfunctions at United Airlines and the (New York) stock exchange were not the result of any nefarious actor. We know less about the Wall Street Journal at this point except that their system is back up again as is the United Airlines system.”

As has been their M.O. for the last several years, the administration prefers to downplay the potential threats of cyber attacks on our nation’s power grid. If a cyber attack were to occur and severely damage our grid, would the government downplay that as well? Would they avoid urging American to prepare for such an event for fear of instilling panic in the streets? Is our critical infrastructure secure? Are the analysts overstating the vulnerability?

Chapter Fifteen
What could cause a Cyber War—
World War C
?

The speed and intensity of cyber intrusions are on the rise, increasing the chance that overuse by one or more rogue nations could escalate cyber vandalism or espionage into a devastating cyber war—
World War C
. There are several scenarios envisioned by our military and cyber analysts. Here are the most widely held theories.

Private sector cyber counter-attacks

As American corporations continue to suffer significant economic loss from accelerated intellectual property theft and disruptions to their operations from cyber attacks, private sector companies could initiate their own cyber counter-offensives. There are many options available to private sector victims of cyber intrusions. Tactics for retaliation could range from placing
honeypots
with deliberately falsified data on corporate networks (as was used in the Trans-Siberian Gas Pipeline explosion) to disrupting the networks of suspected attackers by returning the favor with their own team of cyber mercenaries.

However, this type of cyber vigilantism could quickly escalate by involving the government’s protection of their private sector participants. Acting against the perpetrators of the massive cyber espionage operation might necessarily mean attacking a nation-state’s military-industrial complex. Although the cyber mercenary’s goal may be to target an apparently private corporation, the cyber retaliation may be dangerous because of the close relationship between quasi-public companies and their national governments in countries like China and Russia. The country being targeted by a corporation’s private retaliation for cyber intrusions may also perceive the counter offensive as a proxy attack on the security or military services of the company’s home country, leading to a broader and more damaging spiral of escalation. Many wars have begun because different perceptions create different realities.

Out of control
patriotic hackers

One of the scenarios which would result in an escalation from cyber vandalism to an all-out cyber war begins with the so-called
patriotic hackers
—a term applied to computer hackers who are strident supporters of a country and whose goal is to initiate attacks upon their beloved nation’s adversaries. Because of their unpredictability and the lack of control that intelligence and military organization have over such groups,
patriotic hackers
may become over-enthusiastic, thus exceeding the policies of their governments. For example, politically motivated hackers might destroy data rather than merely conducting cyber vandalism through defacing a web site or by introducing malicious software that spreads throughout the target’s network.

Many
patriotic hacker
groups are loosely affiliated with, or sanctioned by, the governments they support. But even actions by independent hackers, completely unaffiliated with a government, could set off an escalation of tensions leading to an all-out cyber war. As has been discussed, attribution for cyber exploits is hard to identify using the best of cyber forensics, and a nation-states’ use of hacker proxy groups could lead some victims to see a pattern in the activity. Often, by overuse of a particular technique, a government’s cyber fingerprints behind an action can be determined, despite the hacker group’s lacking actual affiliation with an intelligence or military service. Assignment of attribution may get even more difficult as various proxy tools are increasingly available online which make it easier for private citizens, or for smaller and poorer states, to carry out fast, sophisticated, and untraceable cyber activity. One cyber security analyst provided two realistic examples; an attack on a Chinese organizations’ networks by hacktivists protesting the treatment of ethnic minorities, or on Russian oil companies’ IT systems protesting environmental issues. Either Russia or China could view these cyber attacks as undertaken by a proxy for a Western government that could quickly lead to a spiral of retaliation.

An escalation of cyber vandalism caused by a patriotic hacker group’s exploits to a perceived act of cyber warfare could occur with little or no warning. As in traditional warfare, one would hope that the most powerful nations on earth would open a dialogue, rather than react in kind, or worst.

World War C

In this final scenario, it is a very real possibility that cyber attacks can escalate into a cyber war as a tactical maneuver to supplement conventional military activity. The Russians are notorious for the use of cyber attacks to enhance its military capability, as apparently happened in the Russia-Georgia conflict, later in Estonia, and most recently in Ukraine. It is within the arsenal of the world’s major military powers to use cyber weapons against strategic targets instead of more conventional strikes. As Russia has proven, a military could use cyber weapons to disrupt the network systems that modern armed forces use for communications and logistical support.

But the most deadly scenario to a nation would be the use of cyber warfare to collapse their critical infrastructure. Not only would this disrupt traditional command and control systems, but it would also effectively distract a nation’s military defenses while it fills the requirement of tending to its population in need. The nature and extent of potential damage to vulnerable power grids would be hard to anticipate, and a spread of military malware beyond its intended targets—or its capture and re-use by other parties—could compound the collapse event.

The effective use of cyber warfare in this scenario would go beyond the disruption of internet or communication services. The goal of the aggressor would be to bring down the power grid, the lifeblood of any nation.

Chapter Sixteen
A Major Attack on America’s Critical Infrastructure

A cyber attack on America’s critical infrastructure would cause chaos in the country by interrupting vital utility services for the nation.

While the stock exchange, transportation, and media are critical to the normal operations of any country, the power grid and water plants are absolute necessities to prevent mass deaths. A failure of these systems as a result of a cyber attack would cause more than serious inconveniences to the nation; the deaths would be in the millions.

There has been a rapid increase in the number of cyber attacks directed at America’s power grid in recent years. They have avoided detection in many cases because of their increased complexity.

In February of 2015, the DHS Cyber Emergency Response Team issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. According to the report, the Industrial Control Systems Cyber Emergency Response Team received and responded to nearly three hundred incidents during the government’s Fiscal Year 2014, more than half of the incidents reported by asset owners and industry partners involved sophisticated cyber intrusions. The ICS/SCADA system, commonly used by major utilities, were targeted by various cyber threat actors, including criminals, rogue nations, and hacktivists.

Over fifty percent involved advanced persistent threats—APT, or sophisticated actors. In most cases, the threat actors were unknown due to a lack of attributional data. The report clearly illustrates that the nature and complexity of cyber intrusions are increasing, and the target of choice has shifted from stealing personal financial data to conducting penetration testing on major utilities.

The majority of the attacks involved entities in the energy sector followed by critical manufacturing—the manufacture of vehicles, aviation, and aerospace components. Typically, the hackers used zero-day vulnerabilities to compromise the utilities’ industrial control systems, such as SCADA.

The most common flaws exploited by attackers include authentication and distributed denial of service measures. The report confirmed that the attackers used a vast range of methods for attempting to compromise utility control systems infrastructure to avoid establishing a cyber fingerprint. The tools at their disposal included malicious code, spear phishing attacks, and SQL injection attacks.

The report points out the difficulty of attribution of an incident to a particular threat actor. In the majority of cases, these offensives have gone under the radar over the years due to the high level of sophistication of the tactics and cyber-techniques.

The victims are typically unable to identify the attackers, Therefore many more incidents occur in critical infrastructure that goes unreported. Often, the forensic evidence does not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network.

The DHS report concludes the U.S. power grid is highly vulnerable to cyber attacks.

The U.S. power grid is a considered a privileged target for all categories of terrorists, cyber criminals, and state-sponsored patriot hackers. Daily, they threaten the backbone of the American society. Security experts and U.S. politicians are aware that the national power grid is vulnerable to a terrorist attack.

Terrorists and rogue nations have several options to hit a power grid, from a cyber-attack on SCADA systems to an EMP attack, according to cyber security analysts. Former Secretary of Defense, William Cohen, in a 2015 interview, discussed the issue at length.

“You can do it through cyber-attacks, and that’s the real threat coming up as well. We have to look at cyber-attacks being able to shut down our power grid, which you have to remember is in the private sector’s hands, not the government’s. And we’re vulnerable,” Cohen added. “It’s possible and whether it’s likely to happen soon remains to be seen.”

“That’s because the technology continues to expand, and terrorism has become democratized. Many, many people across the globe now have access to information that allows them to be able to put together a very destructive means of carrying out their terrorist plans. We’re better at detecting than we were in the past. We’re much more focused on integrating and sharing the information that we have, but we’re still vulnerable and we’ll continue to be vulnerable as long as groups can operate either on the margins or covertly to build this kind of campaigns of terror.” said Cohen.

Former Department of Homeland Security Secretary Janet Napolitano echoed his sentiments. She caught everyone’s attention when she said, briefly after her departure from government, that a major cyber attack on the nation’s power grid
was not a matter of if, but when
.

While it is accepted in the intelligence community that state sponsored cyber-terrorists are the most likely threat actors, cyber criminals represent a serious menace as well.

Former senior CIA analyst and EMP Task Force On National Homeland Security Director, Dr. Peter Vincent Pry, confirmed in an interview with Newsmax TV that a cyber attack against the power grid could cause serious destruction and loss of life.

The British Parliament revealed that UK Power Grid is under cyber attack from foreign hackers daily, confirming the incessant attacks on Britain’s national critical infrastructure.