General Keith Alexander, the former director of the National Security Agency (NSA), told attendees at a private dinner held by HIS CERAWeek in Texas that the West is unprepared for cyber attacks on critical infrastructure and that the “doomsday” scenario was a “a hi-tech blitz on refineries, power stations, and the electric grid, perhaps accompanied by a paralyzing blow to the payments nexus of the major banks”, according to the Daily Telegraph.
“The greatest risk is a catastrophic attack on the energy infrastructure. We are not prepared for that,” Gen. Alexander said. “We need something like an integrated air-defense system for the whole energy sector.”
Attacks are increasing across all industries in the US, and weaknesses are being exploited by criminals with increasing frequency. Vulnerabilities have recently been identified in air traffic control systems and airplanes’ on-board electronic systems, many banks have been found to exercise inadequate control over their security and have suffered massive data breaches as a result of hacking and phishing campaigns, and even the White House has seen its network infiltrated by foreign cyber criminals.
A successful attack on the nation’s critical infrastructure might not be far away.
Last year, a report from the German Federal Office for Information Security (Die Lage der IT-Sicherheit in Deutschland 2014) described an incident at an unnamed steel plant in Germany that resulted in catastrophic damage. Using a spear phishing email to install malware on the plant’s computers, hackers stole login credentials, which enabled them to access the production computer networks and gain control of systems that controlled the plant’s manufacturing equipment. They then caused system failures that meant the plant was unable to properly shut down a blast furnace, which was damaged beyond use.
Although rare for an email-based malware campaign to cause massive physical damage, it is feared that such attacks will become increasingly common.
Although the Department of Defense is creating 3,000 more cybersecurity jobs, the Obama administration is supporting increased cooperation between the public and private sectors to combat cyber threats, and new legislation to improve the nation’s security is making its way through the legislative process, cybercrime remains one of the biggest threats that the United States faces.
If you’re concerned about your organization’s susceptibility to attack, you’ll be interested in IT Governance’s penetration testing packages. Designed to identify vulnerabilities and provide remedial measures that you can take to secure your systems, they provide a complete solution for the routine security testing of your websites and IT systems to ensure that your networks and applications remain secure against cyber attacks.