31 Jan 2019
Earlier this month, the Wall Street Journal reconstructed what it called the “worst known hack into the [US] nation’s power system”.
The article, written by Rebecca Smith and Rob Barry, revealed the lengths the attackers went to in order to gain access to the grid’s network and the sustained attacks they carried out on hundreds of supply chain contractors.
This hack is interesting on several levels. First, it was a rare example of where the US Government was prepared to call out the Russian Government and pin the blame for the cyber-attack on it directly. Second, it was the highest profile instance of what is becoming a modern battle ground for cyber-warfare; an attack on a country’s critical infrastructure. Third, it was a warning to larger, more security aware organisations that their extended supply chain represents an additional point of weakness in their cyber-security landscape.
The hack, in summary
In the summer of 2016, US intelligence agencies became aware of a sophisticated campaign, designed to hack the country’s utilities network. By targeting small, independent firms within the utilities supply chain, and trade publications servicing the engineering community, hackers were able to slowly gain access to increasingly sensitive systems.
Companies as diverse as engineering contractors and professional services companies were targeted with sophisticated phishing attacks, bogus emails, forged log-in pages and more. These gateway organisations were used to gain access to systems owned by national utilities and even the US Army Corps of Engineers, which operates several federally-owned hydro-electric facilities.
Over a period of months, the hackers gained access to a myriad of systems. Sometimes creating false accounts with admin access; other times using access for research or to infiltrate connected systems.
The sustained attacks continued throughout 2017, with hackers targeting renewable energy companies, independent energy producers and regional utility companies. The scope of the attack also broadened to include three UK organisations that service the UK National Grid.
By the winter of 2017 the hackers, having established a toe-hold in various systems, were attempting to jump the gap between corporate networks (connected to the internet) and critical systems, such as SCADA networks (typically isolated from the internet for security purposes). Access to these systems would have given the hackers the ability to disable power systems in the US electricity network.
The total number of companies affected by this operation is not known, but evidence suggests more than 60 utilities were targeted; more than a third of which were successfully breached. In a small number of instances, the hackers penetrated far enough in to the networks to gain access to the industrial control systems.
Protection versus prevention
The methods employed by the cyber-criminals in this attack highlight the changing threat landscape for all types of organisation. As businesses become increasingly connected, they are exposing their systems to potential threats. Connecting critical systems to the internet may offer advantages in terms of productivity and accessibility; but mobile computing, the IoT and borderless infrastructure also create greater risk.
A robust cyber-security strategy needs to include elements of both breach prevention and protection. Firewalls, sandboxing, virus-scanning and anti-spam systems are constantly evolving, but so are the hackers. In the event of a breach the best, last line of defence is to ensure your data is protected with encryption.
Choosing the right encryption solution
The choice of encryption solution will depend upon your individual needs and preferences. For high-speed links supporting Big Data and critical business applications, certified high-assurance encryption offers the best combination of security and performance.
For extended Wide Area or larger scale virtualised networks running at more modest speeds of under 1Gbps, virtualised encryption offers greater flexibility and cost-efficiency.