January news roundup: Increasing awareness of threats to the power grid

• State of the Union:Finally, an agenda for the 21st century? by Stephanie Condon at CBS News

• Sophisticated hackerstarget the electric industry by Zack Coleman at The Washington Examiner

• Department of HomelandSecurity drops the ball on access control by Tara Seals at Infosecurity Magazine

• UK National Grid underconstant cyberattack by Doug Drinkwater at SC Magazine

The need for stronger critical infrastructure cybersecurity continues to become more evident. Attacks on U.S. and U.K. electric industries continue to increase, and governments are becoming more aware of these problems. President Obama touched on cybersecurity in his State of the Union address, urging Congress to pass legislation that will better protect the nation from attackers. However, his proposals focus heavier on data breach legislation, leaving ample room for improvement when it comes to ICS and SCADA security. Read about these evolving news stories and more in January’s news roundup:

President Obama’s State of the Union address in January hinted at his plans to work on cybersecurity issues. In what is being considered his “21^st century agenda,” Obama includes increasing cybersecurity, as well as investing in security of physical infrastructures. Earlier this month, Obama released a series of proposals to address cyber-related problems. He included in this a plan to enhance government cybersecurity efforts. In his State of the Union address, Obama simply urged Congress to pass the appropriate legislation to prevent cyberattacks. With these plans, he is only scratching the surface of critical infrastructure security.

The growing skills of hackers are challenging security of the electric utility industry. While the energy sector is strengthening its levels of protection, it was the target of 40 percent of cyberattacks in 2013. According to security analysts, the hackers behind these attacks are seeking to inflict serious damage on the energy sector. U.S. officials are warning the industry that the electric grid is quite vulnerable to attacks.

The Government Accountability Office issued a report claiming that the United States Department of Homeland Security (DHS) is not paying enough attention to potential cyberrisks to building and access control systems in federal facilities. The report stated that the DHS has not been addressing risks at nearly 9,000 federal facilities, and that “DHS lacks a strategy that: (1) defines the problem, (2) identifies the roles and responsibilities, (3) analyzes the resources needed and (4) identifies a methodology for assessing this cyberrisk.” The DHS claims that it has not yet created a strategy to deal with this because this issue is slowly emerging.

Parliament member James Arbuthnot made comments that the U.K.’s power grid is under constant attacks from computer hackers. “Our National Grid is coming under cyberattack not just day by day, but minute by minute,” said Arbuthnot. These comments came very soon after the German steel mill attack. However, cybersecurity experts have responded by saying that the energy sector is a common target of attacks. Arbuthnot added that it is the responsibilities of individual companies to make sure they have the proper protection. 

Want to read more industry news? Check out our December news round up.    

November news roundup: Turbulent times for the U.S. power grid

• “NSA Director: China can damage US power grid” by Ken Dilanian of AP, via The Washington Post

• “Vulnerabilities identified in three Advantech products” by Adam Greenberg of SC Magazine

• “DHS: Hackers targeted the grid 79 times this year” by Gavin Bade of Utility Dive

• “BlackEnergy threatens U.S. infrastructure” by Lorrie Barclay of GSN

The vulnerability of U.S. critical infrastructure to a state-sponsored attack was confirmed this past month, as the director of the NSA, Michael Rogers, reported that China has the capability to cause damage to the nation’s power grid. Rogers’ concern held a lot of weight, since it came after CERT’s discovery that in the fiscal year of 2014, hackers targeted the U.S. power grid up to 79 times. Similar to Rogers’ warning about China, CERT believes reconnaissance was the motivation for these attacks, where hackers plant malware within industrial control systems in order to gather information for more sophisticated attacks later. The worry for CERT and the NSA lies in what these hackers are capable of, underscoring the need for utilities to deploy stronger-than-firewall cybersecurity alternatives to ensure the safety and reliability of critical control system networks. Read about these developing stories and more in this month’s news roundup:
In arguably the month’s biggest news story, the director of the NSA and head of U.S. Cyber Command, Admiral Michael Rogers, publicly confirmed that China and “one or two other countries” have the capabilities to launch a cyberattack that would effectively shut down the United States electric grid. Rogers claimed that U.S. adversaries are already performing reconnaissance operations throughout U.S. critical infrastructure, making an attack that would harm these pre-infected industrial control systems a real possibility. Because most of these cyberthreats are likely state- and government-sponsored, Rogers says that the next step in preparation will be determining how to classify an act of war.
The latest security vulnerability to critical infrastructure comes in the form of three defects that were discovered within products manufactured by Advantech, an industrial technology developer. The three vulnerabilities include an OS command injection, a stack-based buffer overflow and a buffer overflow. Advantech has indicated that it will not fix two of the vulnerabilities. A fix has been issued for the third, but only in the latest release of Advantech software, and the fix does not work if an earlier installation is upgraded to the latest release without first erasing the device. This report highlights the continued problem of a “soft interior” in most control system networks, a problem that is often addressed with strong network cyber and physical perimeter protections.
Throughout the 2014 fiscal year, U.S. energy companies were the targets of 79 hacking incidents, reports CERT. Although this represents an overall decrease from last year’s number of 145, the fact remains that the grid is constantly under the threat of an attack. These hacks were not aimed at immediately disrupting or taking over operation systems, but there is concern that this malware gives the attackers  a backdoor to grid systems where they could insert harmful programs in the future.”
The Department of Homeland Security and ICS-CERT identified the Russian Trojan horse, BlackEnergy, as a threat to U.S. critical infrastructure. BlackEnergy was initially discovered within software existent amongst oil and gas pipelines, water systems and power grids, covering the spectrum of most U.S. critical industries. Consisting of the same strain of malware developed by the Russian cyberespionage group, Sandworm, investigators are almost certain that BlackEnergy can be traced back to the same group.

Check out our October news roundup for even more industrial security news.