Do Foreign Cyber-Pirates Control Your Heat and Lights?

Almost every Internet user has become familiar with basic home computer security threats and has learned to take basic safety measures to protect their computers and their passwords and account information used for online financial transactions. Phishing and the planting of viruses on personal computers by cyber-pirates is just something to which Internet users have become accustomed. Few, however, realize that their basic utilities are under constant threat from foreign attackers through the Internet as well. Is it possible that foreign cyber-pirates, computer-literate terrorists, or hostile foreign governments could shut off your electricity and heat in the middle of the New England winter? Could infrastructure hackers knock out electricity for water pumps and air conditioning during a Texas heat wave? The answer might surprise you.

Half of Surveyed Infrastructure IT Security Execs Admit Being Victimized by Cyberattacks

In a report released on January 28^th, computer virus protection firm, McAfee, revealed the relentless efforts by foreign nationals to break into the computer systems of critical infrastructure organizations such as electric utilities, telecommunications, transportation services, and oil and gas production facilities. The study was conducted in the form a survey of IT security executives from 600 critical infrastructure facilities worldwide with a heavier concentration of those in the United States. Fully 54% said they had already suffered serious attacks or stealthy infiltration from terrorists, organized crime, or foreign governments with an average estimated cost of $6.3 million per incident.

Experts Say Security Worse, Not Better

With all of these attacks, one would think that security of the computer networks of critical infrastructure operations would be growing more and more secure to prevent any successful cyber-takeover. Those with the greatest knowledge of the steps being taken to secure these networks, the executives in charge of the security of these very systems, however, do not believe that is the case. The report, sponsored by McAfee, but authored by the Center for Strategic and International Studies (CSIS), found that 37% of IT security executives felt that the vulnerability of their sector to cyber-pirate or foreign national threats had increased in the last year, in the face of both an escalating volume of serious attacks, and increasing sophistication of the attackers.

Cyberattack Caused Multiple City Blackout Says CIA

To date, we do not know of any major interruptions to critical infrastructure systems in the United States due to cyberattacks, either foreign in nature or from within the country, but the CSIS study found that 40% of the surveyed IT security executives expected a major incident to occur in their sector within the next twelve months. Four out of five did not believe that their sector was safe from a serious attack by organized attackers over the next five years. Indeed, in 2008, CNET published a CIA brief detailing a power outage in multiple cities outside of the United States caused by cyber-attackers demanding ransom payments.

McAfee President Says Cyberattacks Could Kill

Responding to the release of the report, McAfee president and chief executive officer, Dave DeWalt, said, "From public transportation, to energy to telecommunications, these are the systems that we depend on every day. An attack on any of these industries could cause widespread economic disruptions, environmental disasters, loss of property and even loss of life." While McAfee clearly has an interest in promoting additional cyber security measures, this isn't an overstatement. Imagine the havoc that terrorists could create by hacking into critical air traffic control systems, cooling and safety systems at nuclear power plants, subway train safety and routing systems, or even the electrical grid of any major city in the United States.

Sophisticated Cyberattacks Make Phishing Scams Seem Like Child's Play

This kind of highly organized, very sophisticated cyberattack makes bank account number phishing schemes look like the work of kindergarteners by comparison, yet even these simple methods get through despite constant warnings. Because of their ability to launch cyberattacks from anywhere in the world, those perpetrating these cyberattacks against US interests are extremely difficult to catch and even more difficult to prosecute. With each failure, they learn more about the security systems and come one step closer to success.

Sources:

McAfee, Inc. Report reveals cyber cold war with critical Infrastructure under Constant Cyberattack Causing Widespread Damage. January 2010. Retrieved from newsroom.mcafee.com/article_display.cfm?article_id=3617 on January 28, 2010.

Espiner, Tom. CIA: Cyberattack Caused Multiple City Blackout. CNET, January 2008. Retrieved from news.cnet.com/CIA-Cyberattack-caused-multiple-city-blackout/2100-7349_3-6227090.html on January 29, 2010.