Department of Homeland Security reveals malware threat to critical infrastructure

Nov 09, 2014

Infrastructure.jpgThe Department of Homeland Security announced in early November that a Trojan horse malware program has been installed within the system that operates the majority of the country’s critical infrastructure. Were such a program to succeed in shutting down the system, it could cause economic chaos. Officials with DHS believe the malicious software was installed by hackers sponsored by the Russian government, ABC News reported.

The attack was first brought to the attention of federal officials when an alert was issued by the DHS’ Industrial Control Systems Cyber Emergency Response Team reporting that BlackEnergy malware had been detected penetrating critical systems. According to DHS, BlackEnergy is the same type of malware used to attack NATO and multiple European energy and telecommunications companies earlier this year.

The system that was compromised controls complex industrial operations like power transmission grids, oil and gas pipelines, water distribution and filtration systems and even some nuclear power plants. In the announcement, DHS said that a campaign to launch a cyberattack against critical infrastructure in the U.S. has been underway since 2011, but no attempt has been made yet to activate the malware in order to “damage, modify or otherwise disrupt” the processes controlled by the system.

Putting too much faith in security that isn’t there
In a piece for The Washington Post, Joel Brenner, a fellow at the Center for International Studies at the Massachusetts Institute of Technology, noted that the Internet was never built for security and yet high-profile organizations like the federal government attempt to make cyberspace the backbone of their most sensitive operations and hope the information stored within will stay safe.

“When a device is connected to an electronic network, it can be disabled or destroyed through commands issued on that network,” Brenner wrote. “This applies to missile launchers, railway switches, manufacturing tools and any other machine. If you can penetrate a network remotely to suck data out of it, you can penetrate it to corrupt it or shut it down. Information security, which is the protection of data, has converged with operational security, which is making sure things work.”

According to Brenner, cybercriminals from China have previously infiltrated the networks belonging to the U.S. military’s Transportation Command, and it is widely accepted by security experts that both Russian and Chinese hackers have been able to penetrate the U.S. electrical grid in the past. As systems are increasingly connected to Internet networks, and warfare is more frequently conducted in cyberspace, federal IT services will need to put a stronger focus on integrating security at the ground level of operations instead.

Category: Cybersecurity