For all the talk about China and the Syrian Electronic Army, it seems there's another threat to U.S. cyber interests: Iran. Iranian-based hackers have ramped up a cyber campaign against U.S. corporations, especially energy companies, according to news reports.
The Wall Street Journal reports that Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. The paper quoted one former official who said the hackers got "far enough to worry people."
Gerry Cauley, chief executive of the North American Electric Reliability Corp., a non-profit agency that oversees and ensures the reliability of bulk power systems in the region, told the Reuters Cybersecurity Summit that computer viruses have been found in the power grid that could be used to deliver malicious software to damage plants.
Hard to Patch
Tom Cross, director of security research at Lancope, told us industrial control systems such as those used to control oil and gas pipelines are more interconnected with public networks like the Internet than most people realize.
"It is also difficult to fix security flaws with these systems because they aren't designed to be patched and restarted frequently. In the era of state-sponsored computer attack activity, it is not surprising to hear reports of these systems being targeted," he said.
"It is extremely important that operators of industrial control networks monitor those networks with systems that can identify anomalous activity that might be associated with an attack. Because of the relatively homogenous nature of network activity on many control systems networks, anomaly detection can be a powerful tool in an environment where other kinds of security approaches fall flat."
Running Out of Time
LogRhythm CTO Chris Petersen told us he is not surprised by the attacks. That's because cybersecurity experts have been warning of such threats for years. In fact, President Obama and members of Congress have heard the concerns and Obama even signed an executive order on cybersecurity.
"However, as today's reports tell, we may be running short on time," Petersen said. "The primary concern is that threats with a willingness to launch destructive attacks will develop these capabilities prior to U.S. critical infrastructure companies being able to defend themselves."
Petersen said the news is positive evidence that some of these threats are ahead of our defenses -- and we should be concerned that other capable threats will emerge quickly over the next few years.
"As a nation, we need to ask ourselves how long we have before a failed nation-state or terrorist organization is pushed to or willing to launch a truly destructive cyberattack against the U.S.," Petersen said. "Significant loss of the energy grid for even three days could be devastating to our economy and society. Our enemies know this and are planning accordingly."