When State Actors Take Aim at the Power Grid
“To me, the most terrifying form of warfare would be if there was some simultaneous cyber attack on our grid, on the banking system, and on our transportation system. That would be quite a devastating thing, and yet in theory, absent some real protective measures, that could happen.” – Wilbur Ross , U.S. Secretary of Commerce, Senate Commerce, Science and Transportation Committee, Confirmation Hearings, 1/17/2017
Unfortunately, the prescient warning by U.S. Secretary of Commerce Wilbur Ross has only become more serious since 2017.
To bone up on cybersecurity and other natural and manmade disasters, search 65 years of the Journal of Civil Defense by The American Civil Defense Association. I am the volunteer vice president.
Possibly the best cybersecurity firm currently is Dragos. If you have cybersecurity issues, in addition to the help those listed in the table below. be sure to contact Dragos for assistance.
The Communist Chinese Party (CCP) engages criminal actors on the Dark Web to take down the West. They implement their "Unrestricted Warfare" (war by hundreds of means in addition to kinetic) using cryptocurrency. Here is an excellent documentary that details this operation.
The question is no longer IF hackers will take aim at the power grid.
They already have.
As one example, stories of hackers penetrating our energy sector regularly appear in the news.
See, for example, “Dragonfly: Western energy sector targeted by sophisticated attack group...Resurgence in energy sector attacks, with the potential for sabotage, linked to re-emergence of Dragonfly cyber espionage group.” (https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group).
Or, from the New York Times: “Since May [2017], hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants in the United States and other countries."
Among the companies targeted was the Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant near Burlington, Kansas ((July 6, 2017 https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html).
Enter “hacker’s + power grid” in a search engine and see just how this prior abstract danger has become a clear and present one.
Recently, U.S. prosecutors have charged three Chinese "citizens" from Guangzhou with hacking into various businesses (Siemans, Moody's, etc.) to steal their secrets. The indictments were handed down in Federal court in Pittsburgh regarding attacks for the past six years. (Click here for details.)
Given the ease with which such foreign actors prey on our systems, there is every reason to believe they can, do, and will undertake the same attacks on our power grid.
Unfortunately, the most common image of a hacker is the one created by Hollywood...usually a smart, gifted if lonely teen in his bedroom with a hankering to explore the deep recesses of the Web. (Think of Matthew Broderick in the movie WarGames.)
The real world of real hackers is very different.
For example, the Communist Chinese Party (CCP) has entire divisions in their military devoted to hacking, discovering and exploiting American infrastructure vulnerabilities.
They have a 10,000 year history of conquest using stealth and deception to exploit their enemies weakness to their benefit, and they are following this strategy to conquer the world via hacking operations carried out 24/7/365.
Their genius is that they pair a hacker criminal, say from Hong Kong, with a disciplined lieutenant colonel from the Red Chinese People’s Liberation Army (PLA).
It is a variation on the old option judges would give teens in this country: jail time or join the U.S. Marines.
The Red Chinese version is they give the Chinese national hackers they arrest the option of jail time or — use your hacking skills to advance the superpower ambitions of the Communist Chinese Party.
The Red Chinese learned decades ago it was easier to steal American technology advances to accelerate their economic development in a spectacularly rapid pace.
They have continued this strategy in the cyberwar sphere. Their command strategy has as its first tenant the taking down of digital capabilities in the US.
Taking out our power grid is a primary tenant of that strategy. They prefer to take our systems down in a digital manner without dropping one bomb or firing one bullet.
And they are succeeding in their probing until they decide to launch the apocalyptic cyber-attack on our energy grid.
They are not alone. North Korea, Russia, Iran and other nations have the same plans.
“Incidents of foreign network penetration and espionage …conducted by the Chinese government have recently become both more frequent and more clearly attributable to the People’s Liberation Army (PLA) rather than independent nationalist hackers, and 33% of all cyberattacks in the third quarter of 2012 seemingly originated from China.”
This PLA attack on our critical infrastructure was identified over five years ago and has only increased in the intervening years.
Unfortunately, they are not alone. There are many other nations (Russia, North Korea, Iran, etc.) that have realized the same strategy. And they are probing and penetrating our systems daily.
Cybersecurity — the ability to protect or defend the use of cyberspace from cyberattacks — is a goal that requires many layers, much creativity, and eternal vigilance.
Below I list organizations that exercise those skills daily.
What is to be Done
In the world of cybersecurity, given the potential harm that can be done immediately to our entire way of life, the old reactive strategy (Think —Decide—ACT) has been replaced by a proactive strategy (Decide—Act—Think).
The Websites below act as the cybersecurity canary in the dark Web mine.
To be proactive, you need a proactive toolset.
Signs of an impending cyberattack may be identified by such entities before the actual attack starts. The organizations below will be among those who are the first line of defense to that attack.
The good news is we have quiet professionals, cybersecurity experts, who daily countermand the cyber hackers.
They would be the first line of defense were the current probes turn into a complete attack on the power grid.
I highlight some of our canaries below.
Who Handles the Hackers — Private Sector
There are numerous private sector companies that handle the day-to-day threat of hacker probes and penetrations of our critical infrastructure.
Were there to be a hacker attack on the power grid, they are the first line of defense. A few are listed below.
Organizations
Description
CyberSecure IPS
https://www.cybersecureips.
Provides protection against critical infrastructure intrusion attempts and dispatches first response teams in real-time.
Palo Alto Software
https://www.paloaltonetworks.com/
Software prevention to reduce cybersecurity risk to a manageable degree.
Advanced Persistent Threat (APT) Groups and Operations
The sheet is maintained by a select group of editors and includes data of APT activity (by China, Russia, Iran, North Korea, etc.), their tools, operations, and targets.
FireHOL IP Lists
http://iplists.firehol.org/
Analyzes security IP feeds to identify cybercrime and malware trends and data analytic tools to track unique IPs.
IBM X-Force Exchange
https://exchange.xforce.ibmcloud.com/
Exchange threat platform (malicious IP addresses, botnet distributions) with a security intelligence blog and forum for responders to post information on common vulnerabilities.
Malware Check
http://malwarecheck.org/
Monitors URLs for suspicious malware, virus, worm, phishing and other activity by a search engine.
MalwareTech Botnet Tracker
http://www.malwaretech.com/
Tracks active botnets by looking at their type, geographic distribution, and unique IPs on a live map that displays every incident and type that has occurred in the past 5 minutes.
Phishtank
https://www.phishtank.com/
Current, community based tracking of domains connected to phishing attacks along with downloadable databases.
SysAdmin, Audit, Network and Security (SANS) Institute Internet Storm Center
https://www.sans.org/
Offers data and analysis on future threat hunting trends and malware threats
Who Handles the Hackers - Government
Just as the private sector has organizations that will be the first line of defense against an attack on the power grid, there are numerous government organizations that handle the day-to-day threat of hacker probes and penetrations of our critical infrastructure. A few are listed below.
Organization
Description
Electricity Subsector
Coordinating Council
(ESCC)
https://www.energy.gov/oe/ activities/cybersecurity
-critical-energy-infrastructure
The ESCC serves as the principal liaison between the federal government and the electric power sector, with the mission of coordinating efforts to prepare for national-level incidents or threats to critical infrastructure.
The National Cybersecurity and
Communications Integration Center
(NCCIC)
Part of the Department of Homeland Security that would act as the central command point where the government collects and analyzes data on the impact of any hacker attack on the power grid.
Department of Homeland Security (DHS) AIS (Automated Indicator Sharing)
Automated indicator sharing to help government and private sector entities exchange info on threat indicators.
Supervisory Control and Data
Acquisition Systems
(SCADA)
https://energy.gov/oe/downloads/21-steps-improve-cyber-security-scada-networks
Software used by manufacturers, nuclear plant operators and pipeline operators to monitor variables to monitor and diagnose unexpected problems, such as a hacker attack.
The United States House
Permanent Select Committee
on Intelligence (HPSCI)
https://intelligence.house. gov/cyber/
Cyber criminals, often supported by hostile governments, are increasing their attacks on U.S. networks and American businesses. The HPSCI acts to mitigate this growing problem.
The National Security
Agency (NSA)
https://www.nsa.gov/what-we-do/cybersecurity/index.shtml
Part of the U.S, DOD, under the authority of the Director of National Intelligence, that protect U.S. Communications networks and IT systems.
The North American Electric Reliability Corporation (NERC) https://www.ferc.gov/industries/ electric/indus-act/reliability/cybersecurity.asp
Regulatory authority that assures the reliability and security of the bulk power system in North America.
U.S. Security and
Exchanges Commission (SEC)
https://www.sec.gov/ spotlight/cybersecurity
Identifies and manages cybersecurity risks and ensures that market participants — including issuers, intermediaries, investors and government authorities.
National Institute of
Science and Technology (NIST)
https://www.nist.gov/ topics/cybersecurity
Practical, innovative security technologies and methodologies that enhance the country’s ability to address current and future computer and information security.
Fortunately, everyday there are highly gifted, very creative, and extremely skilled American cybersecurity and engineering experts manning the protective firewalls of the cloud and network-based data systems in this nation.
I know because I’ve worked with them.
They are well aware of the challenge. They know their duty. They are quiet professionals as important in the cyber world as the Special Forces quiet professionals we depend on every day are in the physical world,.
And they deserve the same level of respect, resources and support.
#James Dohnert, ‘Akamai study finds a third of all cyber-attacks originate from China’, V3.co.uk, 25 January 2013, http://www.v3.co.uk/v3-uk/news/2238996/akamai-studyfinds-a-third-of-all-cyber-attacks-originate-from-china.
For more information, see https://www.washingtontimes.com/news/2017/dec/28/electric-power-research-institute-wrong-about-powe/
And here.
The CCP is the greatest threat to our national cybersecurity. For more detail, click here.