With hacking of US utilities, Russia could move from cyberespionage toward cyberwar

Even before the revelation on July 23 that Russian government hackers had penetrated the computer systems of US electric utilities and could have caused blackouts, government agencies and electricity industry leaders were working to protect US customers and society as a whole. These developments, alarming as they might seem, are not new. But they highlight an important distinction of conflict in cyberspace: between probing and attacking.

Various adversaries – including Russia, but also China, North Korea and Iran – have been testing and mapping US industrial systems for years. Yet to date there has been no public acknowledgement of physical damage from a foreign cyberattack on US soil on the scale of Russia shutting off electricity in the Ukrainian capital or Iran attacking a Saudi Arabian government-owned oil company, destroying tens of thousands of computers and allegedly attempting to cause an explosion.

The US and its allies have substantial capabilities, too, some of which have reportedly been directed against foreign powers. Stuxnet, for instance, was a cyberattack often attributed to the US and Israel that disrupted Iran’s nuclear weapons development efforts.

The distinction between exploiting weaknesses to gather information – also known as “intelligence preparation of the battlefield” – and using those vulnerabilities to actually do damage is impossibly thin and depends on the intent of the people doing it. Intentions are notoriously difficult to figure out. In global cyberspace they may change depending on world events and international relations. The dangers – to the people of the US and other countries both allied and opposed – underscore the importance of international agreement on what constitutes an act of war in cyberspace and the need for clear rules of engagement.

Advanced adversaries

In July the Centre for Cyber and Homeland Security at George Washington University, where we serve, hosted a forum on protecting energy infrastructure. At that event, a Duke Energy Corporation executive reported that in 2017, the company experienced over 650 million attempts to intrude into their system. That number is startling, though hard to contextualise. More generally, however, some efforts directed against the US are extremely sophisticated.

Federal officials have said that starting in 2016, continuing in 2017 and likely still ongoing, Russian government attacks took advantage of trusting relationships between key vendors of services related to equipment and operations for utility companies. Compromising the vendors’ computers was the first step toward breaching the security of systems not directly connected to the internet.

It’s not just electric utilities – crucial though they are to almost every aspect of modern society. The Russian intrusion targeted computerised industrial control systems that are at the beating hearts of every part of critical public and private infrastructure, including water, energy, telecommunications and manufacturing. In the US, more than 85 percent of those critical potential targets are owned and operated by private companies. Once considered safely on home soil far from conflict, these firms are now at the centrw of the international cyberspace battleground.

Setting up defenses

The energy industry has invested heavily in protecting itself, and is leveraging a sector-wide collaboration called the Electricity Information Sharing and Analysis Center to communicate between companies about warnings and threats to grid operations. But the task is too great – and the consequences to public health and safety too severe – for private companies to handle the burden on their own. As a result, the US Department of Homeland Security has been investigating breaches like the Russian intrusions, and briefing industry leaders about what it finds.

Homeland Security Secretary Kirstjen Nielsen speaks to government, corporate and academic experts on critical infrastructure. US Department of Homeland Security

For instance, the Wall Street Journal reported that DHS cybersecurity experts are “looking for evidence that the Russians are automating their attacks, which … could presage a large increase in hacking efforts.” That possibility, taken together with the energy-sector focus of the utility-hacking effort and the perpetrators’ interest in industrial control systems, could be a signal that Russia may be considering shifting from exploring US utility systems to actually attacking them.


An upcoming meeting may deepen federal-corporate collaboration: On July 31, the Department of Homeland Security is hosting a National Cybersecurity Summit to bring together government, industry and academic experts in protecting the country’s most important infrastructure. It will take all their efforts to keep up with the threats, particularly as the underlying techniques and technologies continue to evolve. The “internet of things,” for instance, connects physical devices in ways that merge the virtual world with the real one – making people only as safe as the weakest link in the network or supply chain.

The federal hint about identifying automated attacks offers a glimpse into the not-too-distant future. In 2017, Russian President Putin declared that “Whoever becomes the leader in [artificial intelligence] will become the ruler of the world.” In May 2018, Chinese President Xi Jinping told the Chinese Academies of Sciences and Engineering of his plan to make China “a world leader in science and technology,” which includes “integration of the internet, big data, and artificial intelligence with the real economy.”

Those statements, and the inexorable march of research and development, mean that machine learning – and ultimately quantum computing too – will play an increasing role in cyberespionage and cyberwarfare, as well as cybersecurity. The line between probing and attacking – and between defensive readiness and offensive preparation – may get even thinner.

Frank J. Cilluffo, Director, Centre for Cyber and Homeland Security, George Washington University and Sharon L. Cardash, Associate Director, Centre for Cyber and Homeland Security, George Washington University

This article was originally published on The Conversation. Read the original article.

The Conversation

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever. But it comes at a cost. Advertisers are cancelling campaigns, and our live events have come to an abrupt halt. Our income has been slashed.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years. We’ve survived thanks to the support of our readers, we will need you to help us get through this.

To help us ensure another 35 future years of fiercely independent journalism, please subscribe.

Advertising

Inside Facebook’s big bet on Africa

New undersea cables will massively increase bandwidth to the continent

No back to school for teachers just yet

Last week the basic education minister was adamant that teachers will return to school on May 25, but some provinces say not all Covid-19 measures are in place to prevent its spread

Engineering slips out of gear at varsity

Walter Sisulu University wants to reprioritise R178-million that it stands to give back to treasury after failing to spend it

Lockdown relief scheme payouts to employees tops R14-billion

Now employers and employees can apply to the Unemployment Insurance Fund for relief scheme payments
Advertising

Press Releases

Covid-19: Eased lockdown and rule of law Webinar

If you are arrested and fined in lockdown, you do get a criminal record if you pay the admission of guilt fine

Covid-19 and Frontline Workers

Who is caring for the healthcare workers? 'Working together is how we are going to get through this. It’s not just a marathon, it’s a relay'.

PPS webinar Part 2: Small business, big risk

The risks that businesses face and how they can be dealt with are something all business owners should be well acquainted with

Call for applications for the position of GCRO executive director

The Gauteng City-Region Observatory is seeking to appoint a high-calibre researcher and manager to be the executive director and to lead it

DriveRisk stays safe with high-tech thermal camera solution

Itec Evolve installed the screening device within a few days to help the driver behaviour company become compliant with health and safety regulations

Senwes launches Agri Value Chain Food Umbrella

South African farmers can now help to feed the needy by donating part of their bumper maize crop to delivery number 418668

Ethics and internal financial controls add value to the public sector

National treasury is rolling out accounting technician training programmes to upskill those who work in its finance units in public sector accounting principles

Lessons from South Korea for Africa’s development

'Leaders can push people through, through their vision and inspiration, based on their exemplary actions'

The best local and international journalism

handpicked and in your inbox every weekday