This report appeared in the 08 September Executive Intelligence Summary. Become a Forward Observer subscriber and receive our threat intelligence reporting.
Cybersecurity giant Symantec claimed in a new report that hackers have managed to burrow their way deeply into critical U.S. infrastructure, including the energy sector and other companies in the U.S. and abroad. (AC: Which is not news to anyone who’s read this EXSUM since last year.) In its report, the firm noted that the threat of cyber-induced power outages in Western countries has gone from the theoretical to a legitimate threat, but only in recent months. “We’re talking about activity we’re seeing on actual operational networks that control the actual power grid,” said Eric Chien, technical director of security technology and response at Symantec.
Over the summer reports surfaced that hackers were targeting staffers at nuclear energy facilities using phishing attacks in attempts to steal log-in information and install malware on machines. It wasn’t clear at the time the extent of the attacks or whether hackers had managed to breach IT systems. But Symantec’s report removes all doubts. “There are no more technical hurdles for them to cause some sort of disruption,” Chien said. “All that’s left is really motivation.”
Cyber security firms in the private sector, including Crowdstrike, are tracking several hacking groups that are believed to be behind ongoing efforts to breach critical infrastructure. One of them has been dubbed Dragonfly 2.0 by Symantec. The most recent wave of attacks hit energy companies in the U.S., Turkey, Switzerland, Afghanistan, and elsewhere. [source]
Analyst Comment: Long suspected by the cybersecurity community; long classified by the intelligence community; now confirmed through open source reporting. The question of whether or not critical U.S. and European infrastructure is vulnerable to breaches has been answered. As I’ve long warned, the next major conflict with a near-peer competitor is likely to include cyber attacks against U.S. critical infrastructure. Cyber attacks like this would likely first target command, control, and communication systems — say, by China or Russia trying to disrupt, delay, or deter military U.S. mobilization and deployment to the battlefield. In fact, this is where the U.S. is most vulnerable, and a cyber attack that disrupts command, control, and communications would have the most return on investment, in terms of the cost and resources required for a cyber attack. Cyber is relatively cheap and easy, and could be quite painful for the U.S. Our best early warning indicator for this scenario is a place and time when Russia or China feels that their sovereignty is being threatened. This is not a high likelihood scenario, but the likelihood is not zero.