Think just because your electricity, internet connection and natural gas service are all working fine today, they’ll be working just as well tomorrow? Well, think again, because an escalating global cyberwar is putting the critical services we all depend on — electrical grids, oil and gas facilities and telecommunications networks — at an ever-increasing risk.
In fact, a survey of 600 IT security executives at critical infrastructure organisations finds that one-third believe their vulnerability to attack has increased over just the past 12 months, and two-fifths expect their sector to see a major security incident over the coming year.
Who’s responsible for such cyberattacks? A majority of the executives surveyed believe they’re being targeted by foreign governments. Hackers driven by a desire to extort cash or steal services are also likely culprits.
“I am very worried about extortion as it relates specifically to power system interruption,” said Michael Assante, one of the executives quoted in the study “In the Crossfire: Critical Infrastructure in the Age of Cyberwar” (PDF) which was commissioned by McAfee and prepared by the Center for Strategic and International Studies (CSIS).
Assante, who’s chief security officer of the North American Electric Reliability Corporation, said threats against company networks provide “the safest way to pull money under the radar and off the books at a level that is not that material.” On the other hand, threats against infrastructure itself amount to a much more serious type of extortion.
“If you take that to, ‘Hey, I can make the lights go out,’ then you’re talking about a whole different situation,” Assante said in the report. “It’s probably a lot higher risk for the extortionist, but you could demand a whole lot more money.”
Interestingly, security technologist Bruce Schneier believes government efforts to battle terrorism through increased surveillance are making the problem worse, not better. In a guest post on CNN last month, Schneier said governments around the world are enabling more cyberattacks by requiring communications systems providers to include backdoor means for accessing user data. While the backdoors are intended to make it easier for governments to gather critical intelligence, they also “invite misuse” by officials and criminals alike, Schneier said.
“(S)uch control,” Schneier wrote, “makes us all less safe.”
Meanwhile, new technologies that increase interconnectedness — smart meters and smart grids for energy, for example — also help create new vulnerabilities, which forces IT security specialists into a never-ending quest for improvement.
“There is no identifiable protection model that will keep pace with the evolution and sophistication of cyber threats,” Assante said in the McAfee-CISS study.